composer/plugin/drupal-development-environment#13 Add support for extended...

composer/plugin/drupal-development-environment#13 Add support for extended composer audit, disabled by default

test-and-deploy.yml

@@ -714,24 +714,12 @@ Debug:
     - grep "Nothing to modify in lock file" /tmp/test.log || EC=$?
     - if [[ $EC -ne 0 ]]; then DOUPDATE=1; fi
     - rm /tmp/test.log >/dev/null 2>&1 || true
-    - composer config --no-plugins --no-interaction audit.abandoned report
-    - composer audit --no-dev --locked --format=plain >/tmp/test.log 2>&1 || true
-    - cat /tmp/test.log
-    - EC=0
-    - if [[ "$IGNORE_COMPOSER_AUDIT" == "0" ]]; then grep "No security vulnerability advisories found" /tmp/test.log || EC=$?; fi
-    - if [[ $EC -ne 0 ]]; then DOUPDATE=1; fi
-    - if [[ $DOUPDATE -eq 0 ]]; then cat /tmp/test.log; exit 0; fi
+    - if [[ $DOUPDATE -eq 0 ]]; then exit 0; fi
     - git remote rm origin
     - git remote add origin git@${CI_SERVER_HOST}:$CI_PROJECT_PATH.git
     - composer update --no-interaction --no-progress --no-dev
-    - rm /tmp/test.log >/dev/null 2>&1 || true
-    - composer audit --no-dev --locked --format=plain >/tmp/test.log 2>&1 || true
-    - cat /tmp/test.log
-    - EC=0
-    - if [[ "$IGNORE_COMPOSER_AUDIT" == "0" ]]; then grep "No security vulnerability advisories found" /tmp/test.log || EC=$?; fi
-    - if [[ $EC -ne 0 ]]; then glab issue create --title "Security vulnerability advisories found" --description "$(cat /tmp/test.log)"; exit 1; fi
-    - cat /tmp/test.log
-    - rm /tmp/test.log >/dev/null 2>&1 || true
+    - composer config --no-plugins --no-interaction audit.abandoned fail
+    - if [[ "$IGNORE_COMPOSER_AUDIT" == "0" ]]; then composer audit --no-dev --locked --format=table; fi
     - git status >/tmp/test.log 2>&1
     - EC=0
     - grep "nothing to commit, working tree clean" /tmp/test.log || EC=$?
@@ -771,15 +759,12 @@ Debug:
     - !reference [.prepareaccess, before_script]
     - !reference [.preparecomposerplugins, before_script]
   script:
-    - rm /tmp/test.log >/dev/null 2>&1 || true
-    - composer config --no-plugins --no-interaction audit.abandoned report
-    - composer audit --no-dev --locked --format=plain >/tmp/test.log 2>&1 || true
-    - EC=0
-    - if [[ "$IGNORE_COMPOSER_AUDIT" == "0" ]]; then grep "No security vulnerability advisories found" /tmp/test.log || EC=$?; fi
-    - if [[ $EC -eq 0 ]]; then cat /tmp/test.log; exit 0; fi
-    - glab issue create --title "Security vulnerability advisories found" --description "$(cat /tmp/test.log)"
-    - rm /tmp/test.log >/dev/null 2>&1 || true
-    - exit 1
+    - composer config --no-plugins --no-interaction audit.abandoned fail
+    - composer audit --no-dev --locked --format=table
+  rules:
+    - if: $IGNORE_COMPOSER_AUDIT == "0"
+      when: always
+    - when: never
 
 .check4outdated:
   stage: build