DevSecOps Toolkit - Dependencies and upgrades

IdentityIQ (IIQ) IIQ Discussion and Questions
1

Hi, I’m currently reviewing the documentation for the DevSecOps toolkit in preparation for implementing it on an IIQ project. I’m wondering if I’m understanding the section on dependencies correctly, and I’d appreciate if someone could confirm or clarify if I’m understanding it wrong. My current understanding is:

  • Dependencies are kept either in an org’s private Maven repository or locally on every host that is used to run builds, and contain the IIQ installation files that are used to get things like IIQ Java libraries to build against (similar to the /base/ directory in SSB)

  • These install files are not kept in the project directory like they are in SSB

  • The DevSecOps toolkit does not expand the install files to a target directory like SSB does; it’s only using them as a prerequisite for the building/packaging process

  • Dependencies are generated and installed locally by running the installJarsLocally.sh script

  • The installJarsLocally.sh script always targets a particular version of IIQ, and anytime we upgrade IIQ (including patch levels and applying efixes), we need to rerun the installJarsLocally.sh script on all relevant hosts to upgrade the dependencies

Again, if anyone could let me know if I’m understanding all this correctly or if I’m getting any of this wrong, that would be appreciated. Thanks!

2

I’m not sure I can answer all your points but for your five bullet points:

  1. Correct. Even storing them locally just copies everything to your local maven repo (so $HOME/.m2 for example). The copy script unpacks identityiq.zip for a version, analyses the dependencies and copies the unpacked jars to local .m2
  2. Correct. Maven (which you need to have installed) will use the files in your .m2 repository as dependencies.
  3. Kind of correct, I’d describe them as more than a pre-requisite but in the end (of the iiq-web module) you are left with a jar which only contains your code. The dependencies are not packaged in the result.
  4. See 1. Dependencies are unpacked from a versioned IIQ base/ga zip/jar and installed in the local Maven repo.
  5. You rerun installJarsLocally.sh on relevant build machines (if you don’t have an organisation Maven/Nexus setup)

Hope that helps.

2 Likes
3

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.