Commit da17ac5b authored by Rémy Coutable's avatar Rémy Coutable

Merge branch '13067-check-for-generated-report' into 'master'

Check for software license compliance violations after license management report is generated.

See merge request gitlab-org/gitlab!16853
parents b784b387 3848f504
...@@ -54,7 +54,7 @@ module EE ...@@ -54,7 +54,7 @@ module EE
state_machine :status do state_machine :status do
after_transition any => ::Ci::Pipeline.completed_statuses do |pipeline| after_transition any => ::Ci::Pipeline.completed_statuses do |pipeline|
next unless pipeline.has_reports?(::Ci::JobArtifact.security_reports) next unless pipeline.has_reports?(::Ci::JobArtifact.security_reports.or(::Ci::JobArtifact.license_management_reports))
pipeline.run_after_commit do pipeline.run_after_commit do
StoreSecurityReportsWorker.perform_async(pipeline.id) if pipeline.default_branch? StoreSecurityReportsWorker.perform_async(pipeline.id) if pipeline.default_branch?
......
...@@ -30,6 +30,7 @@ module Security ...@@ -30,6 +30,7 @@ module Security
def sync_license_management_rules def sync_license_management_rules
project = pipeline.project project = pipeline.project
report = pipeline.license_management_report report = pipeline.license_management_report
return if report.empty? && !pipeline.complete?
return if report.violates?(project.software_license_policies) return if report.violates?(project.software_license_policies)
remove_required_approvals_for(ApprovalMergeRequestRule.report_approver.license_management) remove_required_approvals_for(ApprovalMergeRequestRule.report_approver.license_management)
......
---
title: Wait until pipeline is completed before checking for software license violations
merge_request: 16853
author:
type: fixed
...@@ -45,6 +45,10 @@ module Gitlab ...@@ -45,6 +45,10 @@ module Gitlab
licenses.select { |license| names.include?(canonicalize(license.name)) } licenses.select { |license| names.include?(canonicalize(license.name)) }
end end
def empty?
found_licenses.empty?
end
private private
def canonicalize(name) def canonicalize(name)
......
...@@ -60,4 +60,12 @@ describe Gitlab::Ci::Reports::LicenseManagement::Report do ...@@ -60,4 +60,12 @@ describe Gitlab::Ci::Reports::LicenseManagement::Report do
it { expect(names_from(subject[:unchanged])).to contain_exactly('MIT', 'BSD') } it { expect(names_from(subject[:unchanged])).to contain_exactly('MIT', 'BSD') }
it { expect(names_from(subject[:removed])).to contain_exactly('WTFPL') } it { expect(names_from(subject[:removed])).to contain_exactly('WTFPL') }
end end
describe "#empty?" do
let(:completed_report) { build(:ci_reports_license_management_report, :report_1) }
let(:empty_report) { build(:ci_reports_license_management_report) }
it { expect(empty_report).to be_empty }
it { expect(completed_report).not_to be_empty }
end
end end
...@@ -139,5 +139,15 @@ describe Security::SyncReportsToApprovalRulesService, '#execute' do ...@@ -139,5 +139,15 @@ describe Security::SyncReportsToApprovalRulesService, '#execute' do
expect { subject } expect { subject }
.not_to change { report_approver_rule.reload.approvals_required } .not_to change { report_approver_rule.reload.approvals_required }
end end
context "license compliance policy" do
let(:pipeline) { create(:ee_ci_pipeline, :running, project: project, merge_requests_as_head_pipeline: [merge_request]) }
let!(:software_license_policy) { create(:software_license_policy, :blacklist, project: project, software_license: blacklisted_license) }
let!(:license_compliance_rule) { create(:report_approver_rule, :license_management, merge_request: merge_request, approvals_required: 1) }
let!(:blacklisted_license) { create(:software_license) }
specify { expect { subject }.not_to change { license_compliance_rule.reload.approvals_required } }
specify { expect(subject[:status]).to be(:success) }
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment