Enable overriding the list of fixed CVE IDs

Enable manually providing (via an optional CI variable) Printing Press
jobs with the list of CVE IDs fixed in a given release cycle in case
autodetection fails for any reason.

(cherry picked from commit bc84907882625f5a3c560bbf3716612889e1aa0c)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 186b839cfd3e7ff9851412696b71ef43259728b7..a579b979885f0bc1fb6fa02fca2443e06aa162ed 100644 (file)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1722,12 +1722,14 @@ publish:
     - job: staging
       artifacts: false
 
+# Setting the FORCE_CVE_IDS environment variable to a comma-separated
+# list of CVE IDs enables overriding the autodetected ones.
 .printing_press_job: &printing_press_job
   <<: *manual_release_job_qa
   variables:
     GIT_DEPTH: 1
   script:
-    - bind9-qa/releng/printing_press_mr.py --document "${DOCUMENT}" --metadata bind9-qa/releng/metadata.json
+    - bind9-qa/releng/printing_press_mr.py --document "${DOCUMENT}" --metadata bind9-qa/releng/metadata.json ${FORCE_CVE_IDS:+--force-cve-ids ${FORCE_CVE_IDS}}
   artifacts:
     paths:
       - printing-press/