From c0f485405565e731e90c21f94773f9aa75413398 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen.haas@lakedrops.com>
Date: Thu, 18 Jan 2024 10:00:42 +0100
Subject: [PATCH] Allow to ignore composer audit

---
 lakedrops.yml       | 1 +
 test-and-deploy.yml | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/lakedrops.yml b/lakedrops.yml
index 8df4e82..c7d565c 100644
--- a/lakedrops.yml
+++ b/lakedrops.yml
@@ -22,6 +22,7 @@ variables:
   DISABLE_NODE_ACCESS_REBUILD: 0
   ENVIRONMENT_NAME: ${PROJECT_NAME}/$CI_COMMIT_REF_NAME
   ENVIRONMENT_URL: https://www.example.com/$SITE_NAME
+  IGNORE_COMPOSER_AUDIT: 0
   INITIAL_SETUP_COMMAND: 'echo "Nothing to do for initial setup"'
   LAKEDROPS_CI_PROJECT: gitlab-ci-cd/drupal
   LAKEDROPS_CI_REF: main
diff --git a/test-and-deploy.yml b/test-and-deploy.yml
index 8924c9a..72584c9 100644
--- a/test-and-deploy.yml
+++ b/test-and-deploy.yml
@@ -713,6 +713,7 @@ Debug:
     - grep "Nothing to modify in lock file" /tmp/test.log || EC=$?
     - if [[ $EC -ne 0 ]]; then DOUPDATE=1; fi
     - rm /tmp/test.log >/dev/null 2>&1 || true
+    - composer config --no-plugins --no-interaction audit.abandoned report
     - composer audit --no-dev --locked --format=plain >/tmp/test.log 2>&1 || true
     - cat /tmp/test.log
     - EC=0
@@ -726,7 +727,7 @@ Debug:
     - composer audit --no-dev --locked --format=plain >/tmp/test.log 2>&1 || true
     - cat /tmp/test.log
     - EC=0
-    - grep "No security vulnerability advisories found" /tmp/test.log || EC=$?
+    - if [[ "$IGNORE_COMPOSER_AUDIT" == "0" ]]; then grep "No security vulnerability advisories found" /tmp/test.log || EC=$?; fi
     - if [[ $EC -ne 0 ]]; then glab issue create --title "Security vulnerability advisories found" --description "$(cat /tmp/test.log)"; exit 1; fi
     - rm /tmp/test.log >/dev/null 2>&1 || true
     - git status >/tmp/test.log 2>&1
@@ -769,9 +770,10 @@ Debug:
     - !reference [.preparecomposerplugins, before_script]
   script:
     - rm /tmp/test.log >/dev/null 2>&1 || true
+    - composer config --no-plugins --no-interaction audit.abandoned report
     - composer audit --no-dev --locked --format=plain >/tmp/test.log 2>&1 || true
     - EC=0
-    - grep "No security vulnerability advisories found" /tmp/test.log || EC=$?
+    - if [[ "$IGNORE_COMPOSER_AUDIT" == "0" ]]; then grep "No security vulnerability advisories found" /tmp/test.log || EC=$?; fi
     - if [[ $EC -eq 0 ]]; then exit 0; fi
     - glab issue create --title "Security vulnerability advisories found" --description "$(cat /tmp/test.log)"
     - rm /tmp/test.log >/dev/null 2>&1 || true
-- 
GitLab