Upgrading fossa-with-cache to version 0.10 (!1165) · Merge requests · OSDU Software / OSDU Data Platform / CI-CD Pipelines

David Diederich requested to merge fossa-0.10 into master Dec 20, 2024

Version 0.10 has been around for a while, but hasn't yet been applied to the CI/CD pipelines.

Notable improvements from 0.9:

divido/fossa-with-cache!18 (merged) -- fixes error when running fossa-analyze on a dirty repository (such as a build step that modifies Git tracked files)
divido/fossa-with-cache!16 (merged) -- Update to maven 3.9.3 running with temurin 17, matching the image used for compilation. Also updates to python 3.10.

The temporary tag, 0.9-jdk17, had used maven 3.8.3 with OpenJDK 17. This has worked reasonably well, but matching the versions with the compilation process feels better to me.

I tested this on all services utilizing fossa-with-cache. There are failures in these pipelines, but they appear to be normal and expected -- NOTICEs out of date and compilation failures prior to fossa analysis.

Note: Several services still have overrides on the fossa-with-cache image & .maven template. These should be removed to start incorporating any improvements we make to the maven and fossa build processes here. In the meantime, this MR will have no effect on those services.

Edited Dec 20, 2024 by David Diederich

Upgrading fossa-with-cache to version 0.10

Merge request reports