diff mbox series

[2/2] CI: allow the runner to set a NVD API key

Message ID 20240129181401.2170364-2-ross.burton@arm.com
State New
Headers show
Series [1/2] CI: add explanatory comments to variables | expand

Commit Message

Ross Burton Jan. 29, 2024, 6:14 p.m. UTC 
From: Ross Burton <ross.burton@arm.com>

Setting an API key means we get higher rate limits. Because keys are
private, the key must be set in the environment of the runner.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 .gitlab-ci.yml | 2 ++
 ci/cve.yml     | 3 +++
 2 files changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4e4c1283..e1b8dd24 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -19,6 +19,8 @@  variables:
   ACS_TEST: 0
   # The list of extra Kas fragments to be used when building
   EXTRA_KAS_FILES: ""
+  # The NVD API key to use when fetching CVEs
+  NVDCVE_API_KEY: ""
 
 stages:
   - prep
diff --git a/ci/cve.yml b/ci/cve.yml
index 381f8557..e2aca0e1 100644
--- a/ci/cve.yml
+++ b/ci/cve.yml
@@ -5,6 +5,9 @@  local_conf_header:
   cve: |
     INHERIT += "cve-check"
 
+    # Allow the runner environment to provide an API key
+    NVDCVE_API_KEY = "${@d.getVar('BB_ORIGENV').getVar('NVDCVE_API_KEY') or ''}"
+
     # Just show the warnings for our layers
     CVE_CHECK_SHOW_WARNINGS = "0"
     CVE_CHECK_SHOW_WARNINGS:layer-arm-toolchain = "1"