Merge branch '37719-add-dependency-version' into 'master'

Provide additional dependency metadata

See merge request gitlab-org/gitlab!44839

ee/app/serializers/license_entity.rb

@@ -3,6 +3,8 @@
 class LicenseEntity < Grape::Entity
   class ComponentEntity < Grape::Entity
     expose :name
+    expose :version
+    expose :package_manager
     expose :blob_path do |model, options|
       model.blob_path_for(options[:project])
     end

ee/app/serializers/license_scanning_report_dependency_entity.rb

-# frozen_string_literal: true
-
-class LicenseScanningReportDependencyEntity < Grape::Entity
-  expose :name
-end

ee/app/serializers/security/license_policy_entity.rb

@@ -3,7 +3,7 @@
 module Security
   class LicensePolicyEntity < Grape::Entity
     expose :name
-    expose :dependencies, using: LicenseScanningReportDependencyEntity
+    expose :dependencies, using: ::LicenseEntity::ComponentEntity
     expose :url
 
     expose :classification do |entity|

ee/changelogs/unreleased/37719-add-dependency-version.yml

+---
+title: Provide dependency version data for the License Compliance page
+merge_request: 44839
+author:
+type: added

ee/spec/controllers/projects/licenses_controller_spec.rb

@@ -82,7 +82,9 @@ RSpec.describe Projects::LicensesController do
                 'url' => 'http://www.apache.org/licenses/LICENSE-2.0.txt',
                 'components' => [{
                   "blob_path" => nil,
-                  "name" => "thread_safe"
+                  "name" => "thread_safe",
+                  "package_manager" => nil,
+                  "version" => nil
                 }]
               })
             end

ee/spec/serializers/license_entity_spec.rb

@@ -9,11 +9,10 @@ RSpec.describe LicenseEntity do
     let(:license) { build(:license_scanning_license, :mit) }
     let(:license_policy) { ::SCA::LicensePolicy.new(license, software_policy) }
     let(:software_policy) { build(:software_license_policy) }
-    let(:path) { 'some_path' }
+    let(:path) { './Gemfile.lock' }
 
     before do
-      license.add_dependency(name: 'rails')
-      allow(license.dependencies.first).to receive(:path).and_return(path)
+      license.add_dependency(name: 'rails', package_manager: 'bundler', path: path, version: '6.0.3.4')
     end
 
     it "produces the correct representation" do
@@ -23,7 +22,7 @@ RSpec.describe LicenseEntity do
         url: license_policy.url,
         spdx_identifier: license_policy.spdx_identifier,
         classification: license_policy.classification,
-        components: [{ name: 'rails', blob_path: path }]
+        components: [{ name: 'rails', package_manager: 'bundler', version: '6.0.3.4', blob_path: path }]
       })
     end
 

ee/spec/serializers/license_scanning_report_dependency_entity_spec.rb

-# frozen_string_literal: true
-
-require 'spec_helper'
-
-RSpec.describe LicenseScanningReportDependencyEntity do
-  include LicenseScanningReportHelper
-
-  let(:dependency) { create_dependency }
-  let(:entity) { described_class.new(dependency) }
-
-  describe '#as_json' do
-    subject { entity.as_json }
-
-    it 'contains the correct dependency name' do
-      expect(subject[:name]).to eq('Dependency1')
-    end
-  end
-end

ee/spec/serializers/security/license_policy_entity_spec.rb

@@ -3,7 +3,7 @@
 require 'spec_helper'
 
 RSpec.describe Security::LicensePolicyEntity do
-  let(:license) { build(:license_scanning_license, :mit).tap { |x| x.add_dependency(name: 'rails') } }
+  let(:license) { build(:license_scanning_license, :mit).tap { |x| x.add_dependency(name: 'rails', package_manager: 'bundler', path: './Gemfile.lock', version: '6.0.3.4') } }
   let(:policy) { build(:software_license_policy, :allowed) }
   let(:entity) { described_class.new(SCA::LicensePolicy.new(license, policy)) }
 
@@ -12,7 +12,7 @@ RSpec.describe Security::LicensePolicyEntity do
 
     specify { expect(subject[:name]).to eql(policy.name) }
     specify { expect(subject[:classification]).to eql({ id: policy.id, name: policy.name, approval_status: policy.approval_status }) }
-    specify { expect(subject[:dependencies]).to match_array([{ name: 'rails' }]) }
+    specify { expect(subject[:dependencies]).to match_array([{ name: 'rails', package_manager: 'bundler', version: '6.0.3.4', blob_path: './Gemfile.lock' }]) }
     specify { expect(subject[:count]).to be(1) }
     specify { expect(subject[:url]).to eql(license.url) }
   end