From 60202ad84d3d3531e79107a8281ef3502ccfa156 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@arm.com>
Date: Mon, 29 Jan 2024 18:14:01 +0000
Subject: [PATCH] CI: allow the runner to set a NVD API key

Setting an API key means we get higher rate limits. Because keys are
private, the key must be set in the environment of the runner.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>
---
 .gitlab-ci.yml | 2 ++
 ci/cve.yml     | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4e4c1283..e1b8dd24 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -19,6 +19,8 @@ variables:
   ACS_TEST: 0
   # The list of extra Kas fragments to be used when building
   EXTRA_KAS_FILES: ""
+  # The NVD API key to use when fetching CVEs
+  NVDCVE_API_KEY: ""
 
 stages:
   - prep
diff --git a/ci/cve.yml b/ci/cve.yml
index 381f8557..e2aca0e1 100644
--- a/ci/cve.yml
+++ b/ci/cve.yml
@@ -5,6 +5,9 @@ local_conf_header:
   cve: |
     INHERIT += "cve-check"
 
+    # Allow the runner environment to provide an API key
+    NVDCVE_API_KEY = "${@d.getVar('BB_ORIGENV').getVar('NVDCVE_API_KEY') or ''}"
+
     # Just show the warnings for our layers
     CVE_CHECK_SHOW_WARNINGS = "0"
     CVE_CHECK_SHOW_WARNINGS:layer-arm-toolchain = "1"