Merge branch '13067-check-for-generated-report' into 'master'

Check for software license compliance violations after license management report is generated. See merge request gitlab-org/gitlab!16853

Merge branch '13067-check-for-generated-report' into 'master'
Check for software license compliance violations after license management report is generated. See merge request gitlab-org/gitlab!16853
da17ac5b · Rémy Coutable · b784b387 · 3848f504 · da17ac5b · da17ac5b
Commit da17ac5b authored Sep 17, 2019 by Rémy Coutable
6 changed files
--- a/ee/app/models/ee/ci/pipeline.rb
+++ b/ee/app/models/ee/ci/pipeline.rb
@@ -54,7 +54,7 @@ module EE

        state_machine :status do
          after_transition any => ::Ci::Pipeline.completed_statuses do |pipeline|
-            next unless pipeline.has_reports?(::Ci::JobArtifact.security_reports)
+            next unless pipeline.has_reports?(::Ci::JobArtifact.security_reports.or(::Ci::JobArtifact.license_management_reports))

            pipeline.run_after_commit do
              StoreSecurityReportsWorker.perform_async(pipeline.id) if pipeline.default_branch?

--- a/ee/app/services/security/sync_reports_to_approval_rules_service.rb
+++ b/ee/app/services/security/sync_reports_to_approval_rules_service.rb
@@ -30,6 +30,7 @@ module Security
    def sync_license_management_rules
      project = pipeline.project
      report = pipeline.license_management_report
+      return if report.empty? && !pipeline.complete?
      return if report.violates?(project.software_license_policies)

      remove_required_approvals_for(ApprovalMergeRequestRule.report_approver.license_management)

--- a/ee/changelogs/unreleased/13067-check-for-generated-report.yml
+++ b/ee/changelogs/unreleased/13067-check-for-generated-report.yml
+---
+title: Wait until pipeline is completed before checking for software license violations
+merge_request: 16853
+author:
+type: fixed
--- a/ee/lib/gitlab/ci/reports/license_management/report.rb
+++ b/ee/lib/gitlab/ci/reports/license_management/report.rb
@@ -45,6 +45,10 @@ module Gitlab
            licenses.select { |license| names.include?(canonicalize(license.name)) }
          end

+          def empty?
+            found_licenses.empty?
+          end
+
          private

          def canonicalize(name)

--- a/ee/spec/lib/gitlab/ci/reports/license_management/report_spec.rb
+++ b/ee/spec/lib/gitlab/ci/reports/license_management/report_spec.rb
@@ -60,4 +60,12 @@ describe Gitlab::Ci::Reports::LicenseManagement::Report do
    it { expect(names_from(subject[:unchanged])).to contain_exactly('MIT', 'BSD') }
    it { expect(names_from(subject[:removed])).to contain_exactly('WTFPL') }
  end
+
+  describe "#empty?" do
+    let(:completed_report) { build(:ci_reports_license_management_report, :report_1) }
+    let(:empty_report) { build(:ci_reports_license_management_report) }
+
+    it { expect(empty_report).to be_empty }
+    it { expect(completed_report).not_to be_empty }
+  end
 end
--- a/ee/spec/services/security/sync_reports_to_approval_rules_service_spec.rb
+++ b/ee/spec/services/security/sync_reports_to_approval_rules_service_spec.rb
@@ -139,5 +139,15 @@ describe Security::SyncReportsToApprovalRulesService, '#execute' do
      expect { subject }
        .not_to change { report_approver_rule.reload.approvals_required }
    end
+
+    context "license compliance policy" do
+      let(:pipeline) { create(:ee_ci_pipeline, :running, project: project, merge_requests_as_head_pipeline: [merge_request]) }
+      let!(:software_license_policy) { create(:software_license_policy, :blacklist, project: project, software_license: blacklisted_license) }
+      let!(:license_compliance_rule) { create(:report_approver_rule, :license_management, merge_request: merge_request, approvals_required: 1) }
+      let!(:blacklisted_license) { create(:software_license) }
+
+      specify { expect { subject }.not_to change { license_compliance_rule.reload.approvals_required } }
+      specify { expect(subject[:status]).to be(:success) }
+    end
  end
 end