Enable overriding the list of fixed CVE IDs

Enable manually providing (via an optional CI variable) Printing Press
jobs with the list of CVE IDs fixed in a given release cycle in case
autodetection fails for any reason.

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 0bd600f32c74636660579bd1a893ce73bcf3379b..2fae527d03a60664371877016d2208f7c52434d9 100644 (file)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1769,12 +1769,14 @@ publish:
     - job: staging
       artifacts: false
 
+# Setting the FORCE_CVE_IDS environment variable to a comma-separated
+# list of CVE IDs enables overriding the autodetected ones.
 .printing_press_job: &printing_press_job
   <<: *manual_release_job_qa
   variables:
     GIT_DEPTH: 1
   script:
-    - bind9-qa/releng/printing_press_mr.py --document "${DOCUMENT}" --metadata bind9-qa/releng/metadata.json
+    - bind9-qa/releng/printing_press_mr.py --document "${DOCUMENT}" --metadata bind9-qa/releng/metadata.json ${FORCE_CVE_IDS:+--force-cve-ids ${FORCE_CVE_IDS}}
   artifacts:
     paths:
       - printing-press/