Merge branch 'install-license-scanning-job' into 'master'

Install license_scanning job See merge request gitlab-org/gitlab!44217

Merge branch 'install-license-scanning-job' into 'master'
Install license_scanning job See merge request gitlab-org/gitlab!44217
55df33da · Rémy Coutable · 9261ab7d · e442ac38 · 55df33da · 55df33da
Commit 55df33da authored Oct 08, 2020 by Rémy Coutable
5 changed files
--- a/.gitlab/ci/reports.gitlab-ci.yml
+++ b/.gitlab/ci/reports.gitlab-ci.yml
@@ -151,3 +151,20 @@ dependency_scanning:
    reports:
      dependency_scanning: gl-dependency-scanning-report.json
    expire_in: 1 week  # GitLab-specific
+
+license_scanning:
+  extends:
+    - .default-retry
+    - .reports:rules:license_scanning
+  stage: test
+  image:
+    name: "registry.gitlab.com/gitlab-org/security-products/analyzers/license-finder:3"
+    entrypoint: [""]
+  needs: []
+  script:
+    - /run.sh analyze .
+  artifacts:
+    reports:
+      license_scanning: gl-license-scanning-report.json
+    expire_in: 1 week  # GitLab-specific
+  dependencies: []
--- a/.gitlab/ci/rules.gitlab-ci.yml
+++ b/.gitlab/ci/rules.gitlab-ci.yml
@@ -719,6 +719,14 @@
    - <<: *if-master-schedule-nightly
      allow_failure: true

+.reports:rules:license_scanning:
+  rules:
+    - if: '$LICENSE_SCANNING_DISABLED || $GITLAB_FEATURES !~ /\blicense_scanning\b/'
+      when: never
+    - <<: *if-default-refs
+      changes: *code-backstage-qa-patterns
+      allow_failure: true
+
 ################
 # Review rules #
 ################

--- a/Gemfile
+++ b/Gemfile
@@ -401,7 +401,7 @@ end

 # Gems required in omnibus-gitlab pipeline
 group :development, :test, :omnibus do
-  gem 'license_finder', '~> 5.4', require: false
+  gem 'license_finder', '~> 6.0', require: false
 end

 group :test do

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -643,9 +643,9 @@ GEM
      actionmailer (>= 3.2)
      letter_opener (~> 1.0)
      railties (>= 3.2)
-    license_finder (5.4.0)
+    license_finder (6.0.0)
      bundler
-      rubyzip
+      rubyzip (>= 1, < 3)
      thor
      toml (= 0.2.0)
      with_env (= 1.1.0)
@@ -1374,7 +1374,7 @@ DEPENDENCIES
  kramdown (~> 2.3.0)
  kubeclient (~> 4.6.0)
  letter_opener_web (~> 1.3.4)
-  license_finder (~> 5.4)
+  license_finder (~> 6.0)
  licensee (~> 8.9)
  lockbox (~> 0.3.3)
  lograge (~> 0.5)

--- a/config/dependency_decisions.yml
+++ b/config/dependency_decisions.yml
@@ -18,85 +18,85 @@
    :why: Bundler is MIT licensed but will sometimes fail in CI.
    :versions: []
    :when: 2016-05-02 06:42:08.045090000 Z
- - :whitelist
+- - :permit
  - MIT
  - :who: Connor Shea
    :why: http://choosealicense.com/licenses/mit/
    :versions: []
    :when: 2016-04-17 21:12:24.558441000 Z
- - :whitelist
+- - :permit
  - Apache 2.0
  - :who: Connor Shea
    :why: http://choosealicense.com/licenses/apache-2.0/
    :versions: []
    :when: 2016-05-02 05:27:43.762702000 Z
- - :whitelist
+- - :permit
  - ruby
  - :who: Connor Shea
    :why: https://github.com/ruby/ruby/blob/ruby_2_1/COPYING
    :versions: []
    :when: 2016-05-02 05:31:54.498490000 Z
- - :whitelist
+- - :permit
  - LGPL
  - :who: Connor Shea
    :why: http://www.gnu.org/licenses/license-list.html#LGPLv2.1
    :versions: []
    :when: 2016-05-02 05:32:48.645841000 Z
- - :whitelist
+- - :permit
  - ISC
  - :who: Connor Shea
    :why: http://www.gnu.org/licenses/license-list.html#ISC
    :versions: []
    :when: 2016-05-02 05:42:01.894452000 Z
- - :whitelist
+- - :permit
  - New BSD
  - :who: Connor Shea
    :why: https://opensource.org/licenses/BSD-3-Clause
    :versions: []
    :when: 2016-05-02 05:44:38.246021000 Z
- - :whitelist
+- - :permit
  - LGPL-2.1+
  - :who: Connor Shea
    :why: Equivalent to LGPL.
    :versions: []
    :when: 2016-05-02 05:52:56.303239000 Z
- - :whitelist
+- - :permit
  - BSD
  - :who: Connor Shea
    :why: https://opensource.org/licenses/BSD-2-Clause
    :versions: []
    :when: 2016-05-02 05:55:09.796363000 Z
- - :whitelist
+- - :permit
  - LGPLv2+
  - :who: Stan Hu
    :why: Equivalent to LGPLv2
    :versions: []
    :when: 2016-06-07 17:14:10.907682000 Z
- - :whitelist
+- - :permit
  - Artistic 2.0
  - :who: Josh Frye
    :why: Disk/mount information display on Admin pages
    :versions: []
    :when: 2016-06-29 16:32:45.432113000 Z
- - :whitelist
+- - :permit
  - Simplified BSD
  - :who: Douwe Maan
    :why: https://opensource.org/licenses/BSD-2-Clause
    :versions: []
    :when: 2016-07-26 21:24:07.248480000 Z
- - :blacklist
+- - :restrict
  - GPLv2
  - :who: Connor Shea
    :why: GPL-licensed libraries cannot be linked to from non-GPL projects.
    :versions: []
    :when: 2016-05-02 05:29:27.637336000 Z
- - :blacklist
+- - :restrict
  - GPLv3
  - :who: Connor Shea
    :why: GPL-licensed libraries cannot be linked to from non-GPL projects.
    :versions: []
    :when: 2016-05-02 05:29:43.904715000 Z
- - :blacklist
+- - :restrict
  - OSL-3.0
  - :who: Sean McGivern
    :why: The OSL license is a copyleft license
@@ -188,13 +188,13 @@
    :why: https://github.com/nodeca/pako/blob/master/LICENSE
    :versions: []
    :when: 2017-04-05 10:43:45.897720000 Z
- - :whitelist
+- - :permit
  - Unlicense
  - :who: Nick Thomas <nick@gitlab.com>
    :why: https://gitlab.com/gitlab-com/organization/issues/116
    :versions: []
    :when: 2017-09-01 17:17:51.996511844 Z
- - :blacklist
+- - :restrict
  - Facebook BSD+PATENTS
  - :who: Nick Thomas <nick@gitlab.com>
    :why: https://gitlab.com/gitlab-com/organization/issues/117
@@ -281,19 +281,19 @@
    :why: https://github.com/hexorx/countries/blob/master/LICENSE
    :versions: []
    :when: 2019-09-11 13:08:28.431132000 Z
- - :whitelist
+- - :permit
  - "(MIT OR CC0-1.0)"
  - :who: 
    :why: 
    :versions: []
    :when: 2019-11-08 10:03:31.787226000 Z
- - :whitelist
+- - :permit
  - CC0-1.0
  - :who: Thomas Randolph
    :why: This license is public domain
    :versions: []
    :when: 2020-06-03 05:04:44.632875345 Z
- - :whitelist
+- - :permit
  - 0BSD
  - :who: Natalia Tepluhina
    :why: This license is public domain
@@ -313,9 +313,15 @@
    :why: "https://github.com/cure53/DOMPurify/blob/main/LICENSE and https://gitlab.com/gitlab-org/gitlab/-/merge_requests/31928#note_346604841"
    :versions: []
    :when: 2020-08-13 13:42:46.508082000 Z
- - :whitelist
+- - :permit
  - Apache-2.0 WITH LLVM-exception
  - :who: Nathan Friend
    :why: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/40670#note_403946372
    :versions: []
    :when: 2020-08-28 15:01:59.329048917 Z
+- - :approve
+  - docutils
+  - :who: Mo Khan
+    :why: Used to generate documentation. https://pypi.org/project/docutils/0.13.1/
+    :versions: []
+    :when: 2020-10-05 20:22:55.955189491 Z