From 89a12a0ca2040ac7007ede455a80ef4c1bd66237 Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Mon, 22 Mar 2021 14:08:58 -0400
Subject: [PATCH] Try to allow the failure through GitLab

---
 .gitlab-ci.yml              | 1 +
 ci-tools/vulnerability-scan | 7 ++++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1e3186bf..a41c0314 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,6 +10,7 @@ unit-tests:
 
 vulnerability-scan:
   stage: "test"
+  allow_failure: true
   script:
     - "ci-tools/vulnerability-scan security-report.txt"
   artifacts:
diff --git a/ci-tools/vulnerability-scan b/ci-tools/vulnerability-scan
index 18ef9b9a..bc87cbd5 100755
--- a/ci-tools/vulnerability-scan
+++ b/ci-tools/vulnerability-scan
@@ -30,6 +30,7 @@ else
 fi
 '
 
-# vulnix exits with an error status if there are vulnerabilities.  we don't
-# want to fail the job in that case because then we can't see the report.
-nix-shell -p vulnix --run 'vulnix ./scan-target/ || true' | tee "$OUTPUT"
+# vulnix exits with an error status if there are vulnerabilities.  We told
+# GitLab to allow this by setting `allow_failure` to true in the GitLab CI
+# config.
+nix-shell -p vulnix --run 'vulnix ./scan-target/' | tee "$OUTPUT"
-- 
GitLab