Merge remote-tracking branch 'origin' into whitesource-sbt-config-fix

maxatsap · maxatsap · commit e2aa36a217a1 · 2025-06-10T14:07:03.000-04:00
* origin: Check for prefix instead of substring (SAP#5370) fix(docs): fix typo in link anchor (SAP#5369) bugfix(): Fix JNLP image in defaults (SAP#5367) Fix filterPattern processing (SAP#5364)
diff --git a/cmd/checkmarxOneExecuteScan.go b/cmd/checkmarxOneExecuteScan.go
@@ -1001,22 +1001,44 @@ func (c *checkmarxOneExecuteScanHelper) isFileNotMatchingPattern(patterns []stri
 		return false, nil
 	}
 
+	// Check if it is matched by at least one include pattern
+	includeMatch := false
+	for _, pattern := range patterns {
+		if strings.HasPrefix(pattern, "!") {
+			continue
+		}
+		match, err := utils.PathMatch(pattern, path)
+		if err != nil {
+			return false, errors.Wrapf(err, "Pattern %v could not get executed", pattern)
+		}
+		if match {
+			includeMatch = true
+			break
+		}
+	}
+
+	if !includeMatch {
+		return true, nil // if there is no include pattern matching, the file is necessarily excluded
+	}
+
+	// Check if it is matched by at least one exclude pattern
 	for _, pattern := range patterns {
-		negative := false
 		if strings.HasPrefix(pattern, "!") {
 			pattern = strings.TrimLeft(pattern, "!")
-			negative = true
+		} else {
+			continue
 		}
 		match, err := utils.PathMatch(pattern, path)
 		if err != nil {
 			return false, errors.Wrapf(err, "Pattern %v could not get executed", pattern)
 		}
 
-		if match {
-			return negative, nil
+		if match { // match with an exclude pattern, the file is excluded
+			return true, nil
 		}
 	}
-	return true, nil
+
+	return false, nil
 }
 
 func (c *checkmarxOneExecuteScanHelper) createToolRecordCx(results *map[string]interface{}) (string, error) {
diff --git a/cmd/mtaBuild_generated.go b/cmd/mtaBuild_generated.go
diff --git a/cmd/npmExecuteScripts_generated.go b/cmd/npmExecuteScripts_generated.go
diff --git a/pkg/orchestrator/jenkins.go b/pkg/orchestrator/jenkins.go
@@ -247,7 +247,7 @@ func (j *jenkinsConfigProvider) GitReference() string {
 	ref := getEnv("BRANCH_NAME", "n/a")
 	if ref == "n/a" {
 		return ref
-	} else if strings.Contains(ref, "PR") {
+	} else if strings.HasPrefix(ref, "PR-") {
 		return "refs/pull/" + strings.Split(ref, "-")[1] + "/head"
 	} else if strings.HasPrefix(ref, "refs/") {
 		return ref
diff --git a/resources/default_pipeline_environment.yml b/resources/default_pipeline_environment.yml
@@ -52,7 +52,7 @@ general:
   gitSshKeyCredentialsId: '' #needed to allow sshagent to run with local ssh key
   globalExtensionsDirectory: '.pipeline/tmp/global_extensions/'
   jenkinsKubernetes:
-    jnlpAgent: 'jenkins/inbound-agent:jdk11'
+    jnlpAgent: 'eu.gcr.io/sap-scp-jaas-prod/jnlp:3283.v92c105e0f819-9'
     securityContext:
     # Setting security context globally is currently not working with jaas
     #  runAsUser: 1000
diff --git a/resources/metadata/mtaBuild.yaml b/resources/metadata/mtaBuild.yaml
@@ -3,9 +3,11 @@ metadata:
   description: Performs an mta build
   longDescription: |
     Executes the SAP Multitarget Application Archive Builder to create an mtar archive of the application.
-    ### build with depedencies from a private repository
-    1. For maven related settings refer [maven build dependencies](./mavenBuild.md#build-with-depedencies-from-a-private-repository)
-    2. For NPM related settings refer [NPM build dependencies](./npmExecuteScripts.md#build-with-depedencies-from-a-private-repository)
+
+    ### build with dependencies from a private repository
+
+    1. For Maven related settings refer [Maven build dependencies](./mavenBuild.md#build-with-dependencies-from-a-private-repository)
+    2. For NPM related settings refer [NPM build dependencies](./npmExecuteScripts.md#build-with-dependencies-from-a-private-repository)
 spec:
   inputs:
     params:
diff --git a/resources/metadata/npmExecuteScripts.yaml b/resources/metadata/npmExecuteScripts.yaml
@@ -6,8 +6,9 @@ metadata:
   longDescription: |
     Execute npm run scripts in all package json files, if they implement the scripts.
 
-    ### build with depedencies from a private repository
-    if your build has scoped/unscoped dependencies from a private repository you can include a .npmrc into the source code
+    ### build with dependencies from a private repository
+
+    If your build has scoped/unscoped dependencies from a private repository you can include a `.npmrc` into the source code
     repository as below (replace the `@privateScope:registry` value(s) with a valid private repo url) :
 
     ```
@@ -17,6 +18,7 @@ metadata:
     //private.repository.com/:always-auth=true
     registry=https://registry.npmjs.org
     ```
+
     `PIPER_VAULTCREDENTIAL_USER` and `PIPER_VAULTCREDENTIAL_PASSWORD_BASE64` (Base64 encoded password) are the username and password for the private repository
     and are exposed are environment variables that must be present in the environment where the Piper step runs or alternatively can be created using :
     [vault general purpose credentials](../infrastructure/vault.md#using-vault-for-general-purpose-and-test-credentials)
