chore: add option for setting custom mvn path using env var (#22)

Signed-off-by: Tomer Figenblat <[email protected]>

Author: TomerFi

README.md

@@ -152,15 +152,42 @@ Excluding a package from any analysis can be achieved by marking the package for
 
 <h3>Tokens</h3>
 <p>
-If you wish the report to include other vulnerabilities data and resolutions which is only available to registered users.
-You can include the various vulnerability vendor data token as environment variables.
+For including extra vulnerability data and resolutions, otherwise only available to vendor registered users. You can
+set the various vendor tokens as environment variables.
 
 Available token environment variables:
 </p>
 
-<ul>
-<li><em>CRDA_SNYK_TOKEN</em></li>
-</ul>
+<table>
+<tr>
+<th>Vendor</th>
+<th>Token Environment Variable</th>
+</tr>
+<tr>
+<td><a href="https://app.snyk.io/redhat/snyk-token">Snyk</a></td>
+<td>CRDA_SNYK_TOKEN</td>
+</tr>
+</table>
+
+<h3>Custom Executables</h3>
+<p>
+This project uses each ecosystem's executable for creating dependency trees. These executables are expected to be
+present on the system PATH. If they are not, or perhaps you want to use custom ones. Use can use the following
+environment variables for setting custom paths for the said executables.
+</p>
+
+<table>
+<tr>
+<th>Ecosystem</th>
+<th>Default</th>
+<th>Environment Variable</th>
+</tr>
+<tr>
+<td><a href="https://maven.apache.org/">Maven</a></td>
+<td><em>mvn</em></td>
+<td>CRDA_MVN_PATH</td>
+</tr>
+</table>
 
 <!-- Badge links -->
 [0]: https://img.shields.io/github/v/release/RHEcosystemAppEng/crda-javascript-api?color=green&label=latest

src/providers/java_maven.js

@@ -20,6 +20,8 @@ export default { isSupported, provideComponent, provideStack }
  */
 const ecosystem = 'maven'
 
+const mvn = process.env.CRDA_MVN_PATH ? process.env.CRDA_MVN_PATH : 'mvn'
+
 /**
  * @param {string} manifestName - the subject manifest name-type
  * @returns {boolean} - return true if `pom.xml` is the manifest name-type
@@ -62,13 +64,13 @@ function provideComponent(data) {
  */
 function getGraph(manifest) {
 	// verify maven is accessible
-	execSync('mvn --version', err => {
+	execSync(`${mvn} --version`, err => {
 		if (err) {
 			throw new Error('mvn is not accessible')
 		}
 	})
 	// clean maven target
-	execSync(`mvn -q clean -f ${manifest}`, err => {
+	execSync(`${mvn} -q clean -f ${manifest}`, err => {
 		if (err) {
 			throw new Error('failed cleaning maven target')
 		}
@@ -77,7 +79,7 @@ function getGraph(manifest) {
 	let tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'crda_'))
 	let tmpDepTree = path.join(tmpDir, 'mvn_deptree.txt')
 	// build initial command
-	let depTreeCmd = `mvn -q dependency:tree -DoutputType=dot -DoutputFile=${tmpDepTree} -f ${manifest}`
+	let depTreeCmd = `${mvn} -q dependency:tree -DoutputType=dot -DoutputFile=${tmpDepTree} -f ${manifest}`
 	// exclude ignored dependencies, exclude format is groupId:artifactId:scope:version.
 	// version and scope are marked as '*' if not specified (we do not use scope yet)
 	getDependencies(manifest).forEach(dep => {
@@ -107,7 +109,7 @@ function getGraph(manifest) {
  */
 function getList(data) {
 	// verify maven is accessible
-	execSync('mvn --version', err => {
+	execSync(`${mvn} --version`, err => {
 		if (err) {
 			throw new Error('mvn is not accessible')
 		}
@@ -119,7 +121,7 @@ function getList(data) {
 	// write target pom content to temp file
 	fs.writeFileSync(tmpTargetPom, data)
 	// create effective pom and save to temp file
-	execSync(`mvn -q help:effective-pom -Doutput=${tmpEffectivePom} -f ${tmpTargetPom}`, err => {
+	execSync(`${mvn} -q help:effective-pom -Doutput=${tmpEffectivePom} -f ${tmpTargetPom}`, err => {
 		if (err) {
 			throw new Error('failed creating maven effective pom')
 		}