From 89a12a0ca2040ac7007ede455a80ef4c1bd66237 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone <exarkun@twistedmatrix.com> Date: Mon, 22 Mar 2021 14:08:58 -0400 Subject: [PATCH] Try to allow the failure through GitLab --- .gitlab-ci.yml | 1 + ci-tools/vulnerability-scan | 7 ++++--- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1e3186bf..a41c0314 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -10,6 +10,7 @@ unit-tests: vulnerability-scan: stage: "test" + allow_failure: true script: - "ci-tools/vulnerability-scan security-report.txt" artifacts: diff --git a/ci-tools/vulnerability-scan b/ci-tools/vulnerability-scan index 18ef9b9a..bc87cbd5 100755 --- a/ci-tools/vulnerability-scan +++ b/ci-tools/vulnerability-scan @@ -30,6 +30,7 @@ else fi ' -# vulnix exits with an error status if there are vulnerabilities. we don't -# want to fail the job in that case because then we can't see the report. -nix-shell -p vulnix --run 'vulnix ./scan-target/ || true' | tee "$OUTPUT" +# vulnix exits with an error status if there are vulnerabilities. We told +# GitLab to allow this by setting `allow_failure` to true in the GitLab CI +# config. +nix-shell -p vulnix --run 'vulnix ./scan-target/' | tee "$OUTPUT" -- GitLab