I would like to utilize GitLab CI's cache mechanism. The step is a quality gate and should fail if metrics are not met.
Despite the fails, I would like to populate the cache, as it caches NVD data locally.
It seems that the cache is not populated if the job fails, as the next job run starts with an empty cache.
I configured our job like this:
dependency_report:
script: mvn org.owasp:dependency-check-maven:12.1.3:check -DfailBuildOnAnyVulnerability
cache:
# Cache the compiled NVD lucene database to speed up the check even more
key: nvd_db
paths:
# Source: https://stackoverflow.com/a/75002847/32043
- .m2/repository/org/owasp/dependency-check-data/*/nvdcache/
rspec:
script: rspec
cache:
paths:
- rspec/
when: 'always'
You can use cache:when to define when to save the cache based on the job's status, which might be what you're looking for. Reference: https://docs.gitlab.com/ci/yaml/#cachewhen