feat(java): add support for Maven mirrors in settings.xml #9997
Conversation
maishivamhoo123
requested review from
DmitriyLewen and
knqyf263
as code owners
|
|
|
Dear @knqyf263 and @DmitriyLewen, Thank you for your time. When you get a chance, could you please review this PR? I would really appreciate any feedback or suggestions for improvement—I'm eager to learn and happy to make any required changes to align with the project’s standards. Thanks again for your guidance and support. 🙏 |
| s.LocalRepository = globalSettings.LocalRepository | ||
| } | ||
| //merge Mirrors | ||
| s.Mirrors = append(s.Mirrors, globalSettings.Mirrors...) |
There was a problem hiding this comment.
Have you checked how mvn merges mirrors?
For example, global and local settings use a mirror for maven-central, but with different URLs.
What will mvn do?
Will it check both URLs or just one (from global or local)?
| s.ActiveProfiles[i] = evaluateVariable(activeProfile, nil, nil) | ||
| } | ||
| } | ||
| func (s settings) ResolveMirror(repoID, repoURL string) string { |
There was a problem hiding this comment.
It looks like this function is used only in tests.
The parser still doesn't use mirrors.
| if strings.HasPrefix(pattern, "!") { | ||
| if pattern[1:] == repoID { |
There was a problem hiding this comment.
| if strings.HasPrefix(pattern, "!") { | |
| if pattern[1:] == repoID { | |
| if p, ok := strings.CutPrefix(pattern, "!"); ok { | |
| if p == repoID { |
| matches = true | ||
| continue |
There was a problem hiding this comment.
IIUC we can return true here
| } | ||
| if pattern == "external:*" { | ||
| if s.isExternalRepo(repoURL) { | ||
| matches = true |
| continue | ||
| } | ||
| if pattern == repoID { | ||
| matches = true |
| } | ||
| return repoURL | ||
| } | ||
| func (s settings) isMirrorMatch(mirror Mirror, repoID, repoURL string) bool { |
There was a problem hiding this comment.
It will be great if you add some small comments with descriptions and/or examples in this function.
It will help support this code later.
|
Raising a new PR I actually lost my previous changes. So Raising a new PR. |
3 participants
Description
This PR addresses issue #9989 by adding support for parsing
<mirrors>in Mavensettings.xml.Previously, Trivy only retrieved repositories from
<profiles>. This change ensures that mirrors defined insettings.xmlare correctly parsed and applied. Specifically, it maps themirrorOffield to ensure traffic intended for a repository (likecentral) is correctly routed to the configured mirror URL.Related Issue
mirrorssupport for settings.xml files #9989Checklist
Mirrorstruct and parsing logic insettings.gogo test ./pkg/dependency/parser/java/pom/...