Skip to content

Commit a2eb542

Browse files
mcasimirmcasimir
committed
save return code
1 parent 063fe4f commit a2eb542

File tree

3 files changed

+22
-2
lines changed

3 files changed

+22
-2
lines changed

.evergreen.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5843,14 +5843,24 @@ functions:
58435843
npm run update-third-party-notices
58445844
58455845
# generate vulnerability report
5846+
set +e
58465847
npm run generate-vulnerability-report
5848+
return_code=$?
5849+
set -e
58475850
58485851
# if on main and not triggered by a tag, also create a ticket for each vulnerability found
58495852
if [[ "${requester}" == "commit" ]]; then
58505853
export JIRA_BASE_URL="https://jira.mongodb.org"
58515854
export JIRA_PROJECT="MONGOSH"
58525855
export JIRA_VULNERABILITY_BUILD_INFO="- [Evergreen task|$EVERGREEN_TASK_URL]"
58535856
npm run create-vulnerability-tickets
5857+
else
5858+
cat .sbom/vulnerability-report.md
5859+
fi
5860+
5861+
# Fails if the report failed and is not a patch, including during releases:
5862+
if [[ "${is_patch}" != "true" ]]; then
5863+
exit $return_code
58545864
fi
58555865
58565866
- command: s3.put

.evergreen/evergreen.yml.in

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -544,14 +544,24 @@ functions:
544544
npm run update-third-party-notices
545545

546546
# generate vulnerability report
547+
set +e
547548
npm run generate-vulnerability-report
549+
return_code=$?
550+
set -e
548551

549552
# if on main and not triggered by a tag, also create a ticket for each vulnerability found
550553
if [[ "${requester}" == "commit" ]]; then
551554
export JIRA_BASE_URL="https://jira.mongodb.org"
552555
export JIRA_PROJECT="MONGOSH"
553556
export JIRA_VULNERABILITY_BUILD_INFO="- [Evergreen task|$EVERGREEN_TASK_URL]"
554557
npm run create-vulnerability-tickets
558+
else
559+
cat .sbom/vulnerability-report.md
560+
fi
561+
562+
# Fails if the report failed and is not a patch, including during releases:
563+
if [[ "${is_patch}" != "true" ]]; then
564+
exit $return_code
555565
fi
556566

557567
- command: s3.put

package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -63,8 +63,8 @@
6363
"scan-node-js": "mongodb-sbom-tools scan-node-js --version=$NODE_JS_VERSION > .sbom/node-js-vuln.json",
6464
"snyk-test": "node scripts/snyk-test.js",
6565
"pregenerate-vulnerability-report": "npm run webpack-build -w packages/cli-repl && npm run snyk-test && npm run scan-node-js && npm run write-node-js-dep",
66-
"generate-vulnerability-report": "mongodb-sbom-tools generate-vulnerability-report --snyk-reports=.sbom/snyk-test-result.json,.sbom/node-js-vuln.json --dependencies=.sbom/dependencies.json,.sbom/node-js-dep.json > .sbom/vulnerability-report.md",
67-
"create-vulnerability-tickets": "mongodb-sbom-tools generate-vulnerability-report --snyk-reports=.sbom/snyk-test-result.json,.sbom/node-js-vuln.json --dependencies=.sbom/dependencies.json,.sbom/node-js-dep.json --fail-on=high --create-jira-issues"
66+
"generate-vulnerability-report": "mongodb-sbom-tools generate-vulnerability-report --snyk-reports=.sbom/snyk-test-result.json,.sbom/node-js-vuln.json --dependencies=.sbom/dependencies.json,.sbom/node-js-dep.json --fail-on=high > .sbom/vulnerability-report.md",
67+
"create-vulnerability-tickets": "mongodb-sbom-tools generate-vulnerability-report --snyk-reports=.sbom/snyk-test-result.json,.sbom/node-js-vuln.json --dependencies=.sbom/dependencies.json,.sbom/node-js-dep.json --create-jira-issues"
6868
},
6969
"config": {
7070
"unsafe-perm": true

0 commit comments

Comments
 (0)