Merge branch '13083-delegate-to-parser' into 'master'

Update dependency list parser to use license scanning parser

See merge request gitlab-org/gitlab!18103

ee/changelogs/unreleased/13083-delegate-to-parser.yml

+---
+title: Decouple dependency list parser from v1.0 license scanning report
+merge_request: 18103
+author:
+type: fixed

ee/lib/gitlab/ci/parsers/security/dependency_list.rb

@@ -22,8 +22,8 @@ module Gitlab
           end
 
           def parse_licenses!(json_data, report)
-            licenses = JSON.parse(json_data, symbolize_names: true)
-            licenses[:dependencies].each do |license|
+            license_report = ::Gitlab::Ci::Reports::LicenseScanning::Report.parse_from(json_data)
+            license_report.licenses.each do |license|
               report.apply_license(license)
             end
           end

ee/lib/gitlab/ci/reports/dependency_list/report.rb

@@ -17,10 +17,10 @@ module Gitlab
 
           def apply_license(license)
             dependencies.each do |dependency|
-              next unless dependency[:name] == license[:dependency][:name]
-              next if dependency[:licenses].include?(license[:license])
+              next unless license.dependencies.find { |license_dependency| license_dependency.name == dependency[:name] }
+              next if dependency[:licenses].find { |license_hash| license_hash[:name] == license.name }
 
-              dependency[:licenses] << license[:license]
+              dependency[:licenses].push(name: license.name, url: license.url)
             end
           end
         end

ee/lib/gitlab/ci/reports/license_scanning/report.rb

@@ -49,6 +49,12 @@ module Gitlab
             found_licenses.empty?
           end
 
+          def self.parse_from(json)
+            new.tap do |report|
+              ::Gitlab::Ci::Parsers::LicenseCompliance::LicenseScanning.new.parse!(json, report)
+            end
+          end
+
           private
 
           def canonicalize(name)

ee/spec/lib/gitlab/ci/reports/dependency_list/report_spec.rb

@@ -20,24 +20,17 @@ describe Gitlab::Ci::Reports::DependencyList::Report do
   describe '#apply_license' do
     subject { report.dependencies.last[:licenses].size }
 
-    let(:license) do
-      {
-        dependency: {
-          name: 'nokogiri'
-        },
-        license: {
-          name:       'MIT',
-          url:        'http://opensource.org/licenses/mit-license'
-        }
-      }
-    end
+    let(:license) { build(:ci_reports_license_management_report, :mit).licenses.first }
 
     before do
+      license.add_dependency(name_of_dependency_with_license)
       report.add_dependency(dependency)
       report.apply_license(license)
     end
 
     context 'with matching dependency' do
+      let(:name_of_dependency_with_license) { dependency[:name] }
+
       context 'with empty license list' do
         let(:dependency) { build :dependency }
 
@@ -57,6 +50,7 @@ describe Gitlab::Ci::Reports::DependencyList::Report do
 
     context 'without matching dependency' do
       let(:dependency) { build :dependency, name: 'irigokon' }
+      let(:name_of_dependency_with_license) { dependency[:name].reverse }
 
       it 'does not apply the license at all' do
         is_expected.to eq(0)

ee/spec/lib/gitlab/ci/reports/license_scanning/report_spec.rb

@@ -68,4 +68,13 @@ describe Gitlab::Ci::Reports::LicenseScanning::Report do
     it { expect(empty_report).to be_empty }
     it { expect(completed_report).not_to be_empty }
   end
+
+  describe ".parse_from" do
+    context "when parsing a v1 report" do
+      subject { described_class.parse_from(v1_json) }
+      let(:v1_json) { fixture_file('security_reports/master/gl-license-management-report.json', dir: 'ee') }
+
+      specify { expect(subject.licenses.count).to eq(4) }
+    end
+  end
 end