Drop license_management artifact

As in 13.0 we dropped support of license_management
artifact, now we can remove it from the codebase.

Issue https://gitlab.com/gitlab-org/gitlab/-/issues/299114

Changelog: removed
EE: true

app/models/ci/job_artifact.rb

@@ -18,7 +18,6 @@ module Ci
     ACCESSIBILITY_REPORT_FILE_TYPES = %w[accessibility].freeze
     NON_ERASABLE_FILE_TYPES = %w[trace].freeze
     TERRAFORM_REPORT_FILE_TYPES = %w[terraform].freeze
-    UNSUPPORTED_FILE_TYPES = %i[license_management].freeze
     SAST_REPORT_TYPES = %w[sast].freeze
     SECRET_DETECTION_REPORT_TYPES = %w[secret_detection].freeze
     DEFAULT_FILE_NAMES = {
@@ -35,7 +34,6 @@ module Ci
       dependency_scanning: 'gl-dependency-scanning-report.json',
       container_scanning: 'gl-container-scanning-report.json',
       dast: 'gl-dast-report.json',
-      license_management: 'gl-license-management-report.json',
       license_scanning: 'gl-license-scanning-report.json',
       performance: 'performance.json',
       browser_performance: 'browser-performance.json',
@@ -74,7 +72,6 @@ module Ci
       dependency_scanning: :raw,
       container_scanning: :raw,
       dast: :raw,
-      license_management: :raw,
       license_scanning: :raw,
 
       # All these file formats use `raw` as we need to store them uncompressed
@@ -102,7 +99,6 @@ module Ci
       dependency_scanning
       dotenv
       junit
-      license_management
       license_scanning
       lsif
       metrics
@@ -124,7 +120,6 @@ module Ci
     mount_file_store_uploader JobArtifactUploader
 
     validates :file_format, presence: true, unless: :trace?, on: :create
-    validate :validate_supported_file_format!, on: :create
     validate :validate_file_format!, unless: :trace?, on: :create
     before_save :set_size, if: :file_changed?
 
@@ -199,8 +194,7 @@ module Ci
       container_scanning: 7, ## EE-specific
       dast: 8, ## EE-specific
       codequality: 9, ## EE-specific
-      license_management: 10, ## EE-specific
-      license_scanning: 101, ## EE-specific till 13.0
+      license_scanning: 101, ## EE-specific
       performance: 11, ## EE-specific till 13.2
       metrics: 12, ## EE-specific
       metrics_referee: 13, ## runner referees
@@ -233,14 +227,6 @@ module Ci
       hashed_path: 2
     }
 
-    def validate_supported_file_format!
-      return if Feature.disabled?(:drop_license_management_artifact, project, default_enabled: true)
-
-      if UNSUPPORTED_FILE_TYPES.include?(self.file_type&.to_sym)
-        errors.add(:base, _("File format is no longer supported"))
-      end
-    end
-
     def validate_file_format!
       unless TYPE_AND_FORMAT_PAIRS[self.file_type&.to_sym] == self.file_format&.to_sym
         errors.add(:base, _('Invalid file format with specified file type'))

config/feature_flags/development/drop_license_management_artifact.yml

----
-name: drop_license_management_artifact
-introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/31247
-rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/299114
-milestone: 13.0
-type: development
-group: group::composition analysis
-default_enabled: true

doc/api/graphql/reference/index.md

@@ -14284,7 +14284,6 @@ Iteration ID wildcard values.
 | <a id="jobartifactfiletypedependency_scanning"></a>`DEPENDENCY_SCANNING` | DEPENDENCY SCANNING job artifact file type. |
 | <a id="jobartifactfiletypedotenv"></a>`DOTENV` | DOTENV job artifact file type. |
 | <a id="jobartifactfiletypejunit"></a>`JUNIT` | JUNIT job artifact file type. |
-| <a id="jobartifactfiletypelicense_management"></a>`LICENSE_MANAGEMENT` | LICENSE MANAGEMENT job artifact file type. |
 | <a id="jobartifactfiletypelicense_scanning"></a>`LICENSE_SCANNING` | LICENSE SCANNING job artifact file type. |
 | <a id="jobartifactfiletypeload_performance"></a>`LOAD_PERFORMANCE` | LOAD PERFORMANCE job artifact file type. |
 | <a id="jobartifactfiletypelsif"></a>`LSIF` | LSIF job artifact file type. |

doc/ci/yaml/README.md

@@ -3478,22 +3478,6 @@ concatenate them into a single file. Use a filename pattern (`junit: rspec-*.xml
 an array of filenames (`junit: [rspec-1.xml, rspec-2.xml, rspec-3.xml]`), or a
 combination thereof (`junit: [rspec.xml, test-results/TEST-*.xml]`).
 
-##### `artifacts:reports:license_management` **(ULTIMATE)**
-
-> - Introduced in GitLab 11.5.
-> - Requires GitLab Runner 11.5 and above.
-
-WARNING:
-This artifact is still valid but is **deprecated** in favor of the
-[artifacts:reports:license_scanning](#artifactsreportslicense_scanning)
-introduced in GitLab 12.8.
-
-The `license_management` report collects [Licenses](../../user/compliance/license_compliance/index.md)
-as artifacts.
-
-The collected License Compliance report uploads to GitLab as an artifact and is summarized in merge requests and the pipeline view. It's also used to provide data for security
-dashboards.
-
 ##### `artifacts:reports:license_scanning` **(ULTIMATE)**
 
 > - Introduced in GitLab 12.8.

doc/topics/autodevops/quick_start_guide.md

@@ -186,7 +186,7 @@ The jobs are separated into stages:
   - Jobs suffixed with `-sast` run static analysis on the current code to check for potential
     security issues, and are allowed to fail ([Auto SAST](stages.md#auto-sast)) **(ULTIMATE)**
   - The `secret-detection` job checks for leaked secrets and is allowed to fail ([Auto Secret Detection](stages.md#auto-secret-detection)) **(ULTIMATE)**
-  - The `license_management` job searches the application's dependencies to determine each of their
+  - The `license_scanning` job searches the application's dependencies to determine each of their
     licenses and is allowed to fail
     ([Auto License Compliance](stages.md#auto-license-compliance)) **(ULTIMATE)**
 

ee/app/models/ee/ci/job_artifact.rb

@@ -16,7 +16,7 @@ module EE
       after_destroy :log_geo_deleted_event
 
       SECURITY_REPORT_FILE_TYPES = %w[sast secret_detection dependency_scanning container_scanning dast coverage_fuzzing api_fuzzing].freeze
-      LICENSE_SCANNING_REPORT_FILE_TYPES = %w[license_management license_scanning].freeze
+      LICENSE_SCANNING_REPORT_FILE_TYPES = %w[license_scanning].freeze
       DEPENDENCY_LIST_REPORT_FILE_TYPES = %w[dependency_scanning].freeze
       METRICS_REPORT_FILE_TYPES = %w[metrics].freeze
       CONTAINER_SCANNING_REPORT_TYPES = %w[container_scanning].freeze

ee/app/models/ee/ci/pipeline.rb

@@ -50,7 +50,6 @@ module EE
           performance: %i[merge_request_performance_metrics],
           browser_performance: %i[merge_request_performance_metrics],
           load_performance: %i[merge_request_performance_metrics],
-          license_management: %i[license_scanning],
           license_scanning: %i[license_scanning],
           metrics: %i[metrics_reports],
           requirements: %i[requirements],
@@ -112,9 +111,9 @@ module EE
       end
 
       def license_scanning_report
-        ::Gitlab::Ci::Reports::LicenseScanning::Report.new.tap do |license_management_report|
+        ::Gitlab::Ci::Reports::LicenseScanning::Report.new.tap do |license_scanning_report|
           latest_report_builds(::Ci::JobArtifact.license_scanning_reports).each do |build|
-            build.collect_license_scanning_reports!(license_management_report)
+            build.collect_license_scanning_reports!(license_scanning_report)
           end
         end
       end

ee/lib/ee/gitlab/ci/parsers.rb

@@ -9,7 +9,6 @@ module EE
         class_methods do
           def parsers
             super.merge({
-                license_management: ::Gitlab::Ci::Parsers::LicenseCompliance::LicenseScanning,
                 license_scanning: ::Gitlab::Ci::Parsers::LicenseCompliance::LicenseScanning,
                 dependency_scanning: ::Gitlab::Ci::Parsers::Security::DependencyScanning,
                 container_scanning: ::Gitlab::Ci::Parsers::Security::ContainerScanning,

ee/spec/factories/ci/builds.rb

@@ -6,7 +6,7 @@ FactoryBot.define do
       failure_reason { Ci::Build.failure_reasons[:protected_environment_failure] }
     end
 
-    %i[api_fuzzing codequality container_scanning dast dependency_scanning license_management license_scanning performance browser_performance load_performance sast secret_detection coverage_fuzzing].each do |report_type|
+    %i[api_fuzzing codequality container_scanning dast dependency_scanning license_scanning performance browser_performance load_performance sast secret_detection coverage_fuzzing].each do |report_type|
       trait "legacy_#{report_type}".to_sym do
         success
         artifacts

ee/spec/factories/ci/job_artifacts.rb

@@ -189,18 +189,6 @@ FactoryBot.define do
       end
     end
 
-    trait :license_management do
-      to_create { |instance| instance.save!(validate: false) }
-
-      file_type { :license_management }
-      file_format { :raw }
-
-      after(:build) do |artifact, _|
-        artifact.file = fixture_file_upload(
-          Rails.root.join('ee/spec/fixtures/security_reports/deprecated/gl-license-management-report.json'), 'application/json')
-      end
-    end
-
     trait :license_scanning do
       file_type { :license_scanning }
       file_format { :raw }

ee/spec/factories/ci/pipelines.rb

@@ -2,7 +2,7 @@
 
 FactoryBot.define do
   factory :ee_ci_pipeline, class: 'Ci::Pipeline', parent: :ci_pipeline do
-    %i[api_fuzzing browser_performance codequality container_scanning coverage_fuzzing dast dependency_list dependency_scanning license_management license_scanning load_performance sast secret_detection].each do |report_type|
+    %i[api_fuzzing browser_performance codequality container_scanning coverage_fuzzing dast dependency_list dependency_scanning license_scanning load_performance sast secret_detection].each do |report_type|
       trait "with_#{report_type}_report".to_sym do
         status { :success }
 

ee/spec/factories/merge_requests.rb

@@ -73,18 +73,6 @@ FactoryBot.define do
   factory :merge_request_with_approver, parent: :merge_request, traits: [:with_approver]
 
   factory :ee_merge_request, parent: :merge_request do
-    trait :with_license_management_reports do
-      after(:build) do |merge_request|
-        merge_request.head_pipeline = build(
-          :ee_ci_pipeline,
-          :success,
-          :with_license_management_report,
-          project: merge_request.source_project,
-          ref: merge_request.source_branch,
-          sha: merge_request.diff_head_sha)
-      end
-    end
-
     trait :with_license_scanning_reports do
       after(:build) do |merge_request|
         merge_request.head_pipeline = build(

ee/spec/lib/gitlab/ci/parsers/security/dependency_list_spec.rb

@@ -99,7 +99,7 @@ RSpec.describe Gitlab::Ci::Parsers::Security::DependencyList do
   end
 
   describe '#parse_licenses!' do
-    let(:artifact) { create(:ee_ci_job_artifact, :license_management) }
+    let(:artifact) { create(:ee_ci_job_artifact, :license_scanning) }
     let(:dependency_info) { build(:dependency, :nokogiri, :with_vulnerabilities) }
 
     before do

ee/spec/models/ci/build_spec.rb

@@ -33,12 +33,6 @@ RSpec.describe Ci::Build do
 
     let(:artifact) { build.job_artifacts.first }
 
-    context 'with old license_management artifact' do
-      let!(:license_artifact) { create(:ee_ci_job_artifact, :license_management, job: job, project: job.project) }
-
-      it { expect(artifact.file_type).to eq 'license_management' }
-    end
-
     context 'with new license_scanning artifact' do
       let!(:license_artifact) { create(:ee_ci_job_artifact, :license_scanning, job: job, project: job.project) }
 
@@ -317,7 +311,7 @@ RSpec.describe Ci::Build do
         stub_licensed_features(license_scanning: true)
       end
 
-      context 'when there is a new type report' do
+      context 'when there is a report' do
         before do
           create(:ee_ci_job_artifact, :license_scanning, job: job, project: job.project)
         end
@@ -331,20 +325,6 @@ RSpec.describe Ci::Build do
         end
       end
 
-      context 'when there is an old type report' do
-        before do
-          create(:ee_ci_job_artifact, :license_management, job: job, project: job.project)
-        end
-
-        it 'parses blobs and add the results to the report' do
-          expect { subject }.not_to raise_error
-
-          expect(license_scanning_report.licenses.count).to eq(4)
-          expect(license_scanning_report.licenses.map(&:name)).to contain_exactly("Apache 2.0", "MIT", "New BSD", "unknown")
-          expect(license_scanning_report.licenses.find { |x| x.name == 'MIT' }.dependencies.count).to eq(52)
-        end
-      end
-
       context 'when there is a corrupted report' do
         before do
           create(:ee_ci_job_artifact, :license_scan, :with_corrupted_data, job: job, project: job.project)

ee/spec/models/ci/pipeline_spec.rb

@@ -99,15 +99,11 @@ RSpec.describe Ci::Pipeline do
 
     before do
       stub_licensed_features(license_scanning: true)
-      stub_feature_flags(drop_license_management_artifact: false)
+      create(:ee_ci_build, :license_scanning, pipeline: pipeline)
     end
 
-    [:license_scanning, :license_management].each do |artifact_type|
-      let!(:build) { create(:ee_ci_build, artifact_type, pipeline: pipeline) }
-
     it { is_expected.to be_truthy }
   end
-  end
 
   describe '#security_reports' do
     subject { pipeline.security_reports }

ee/spec/models/ee/ci/job_artifact_spec.rb

@@ -26,19 +26,11 @@ RSpec.describe Ci::JobArtifact do
   describe '.license_scanning_reports' do
     subject { Ci::JobArtifact.license_scanning_reports }
 
-    context 'when there is a license management report' do
-      let!(:artifact) { create(:ee_ci_job_artifact, :license_management) }
+    let_it_be(:artifact) { create(:ee_ci_job_artifact, :license_scanning) }
 
     it { is_expected.to eq([artifact]) }
   end
 
-    context 'when there is a license scanning report' do
-      let!(:artifact) { create(:ee_ci_job_artifact, :license_scanning) }
-
-      it { is_expected.to eq([artifact]) }
-    end
-  end
-
   describe '.metrics_reports' do
     subject { Ci::JobArtifact.metrics_reports }
 
@@ -139,7 +131,7 @@ RSpec.describe Ci::JobArtifact do
     subject { Ci::JobArtifact.associated_file_types_for(file_type) }
 
     where(:file_type, :result) do
-      'license_scanning'    | %w(license_management license_scanning)
+      'license_scanning'    | %w(license_scanning)
       'codequality'         | %w(codequality)
       'browser_performance' | %w(browser_performance performance)
       'load_performance'    | %w(load_performance)

ee/spec/models/merge_request_spec.rb

@@ -281,7 +281,6 @@ RSpec.describe MergeRequest do
       :container_scanning  | :with_container_scanning_reports  | :container_scanning
       :dast                | :with_dast_reports                | :dast
       :dependency_scanning | :with_dependency_scanning_reports | :dependency_scanning
-      :license_scanning    | :with_license_management_reports  | :license_scanning
       :license_scanning    | :with_license_scanning_reports    | :license_scanning
       :coverage_fuzzing    | :with_coverage_fuzzing_reports    | :coverage_fuzzing
       :secret_detection    | :with_secret_detection_reports    | :secret_detection
@@ -292,7 +291,6 @@ RSpec.describe MergeRequest do
       subject { merge_request.enabled_reports[report_type] }
 
       before do
-        stub_feature_flags(drop_license_management_artifact: false)
         stub_licensed_features({ feature => true })
       end
 

ee/spec/services/ci/sync_reports_to_approval_rules_service_spec.rb

@@ -73,50 +73,23 @@ RSpec.describe Ci::SyncReportsToApprovalRulesService, '#execute' do
         context "license compliance policy" do
           let!(:license_compliance_rule) { create(:report_approver_rule, :license_scanning, merge_request: merge_request, approvals_required: 1) }
 
-          before do
-            stub_feature_flags(drop_license_management_artifact: false)
-          end
-
           context "when a license violates the license compliance policy" do
             let!(:software_license_policy) { create(:software_license_policy, :denied, project: project, software_license: denied_license) }
+            let!(:ci_build) { create(:ee_ci_build, :success, :license_scanning, pipeline: pipeline, project: project) }
             let(:denied_license) { create(:software_license, name: license_name) }
             let(:license_name) { ci_build.pipeline.license_scanning_report.license_names[0] }
 
-            context 'with a new report' do
-              let!(:ci_build) { create(:ee_ci_build, :success, :license_scanning, pipeline: pipeline, project: project) }
-
             specify { expect { subject }.not_to change { license_compliance_rule.reload.approvals_required } }
             specify { expect(subject[:status]).to be(:success) }
           end
 
-            context 'with an old report' do
-              let!(:ci_build) { create(:ee_ci_build, :success, :license_management, pipeline: pipeline, project: project) }
-
-              specify { expect { subject }.not_to change { license_compliance_rule.reload.approvals_required } }
-              specify { expect(subject[:status]).to be(:success) }
-            end
-          end
-
           context "when no licenses violate the license compliance policy" do
-            context 'with a new report' do
             let!(:ci_build) { create(:ee_ci_build, :success, :license_scanning, pipeline: pipeline, project: project) }
 
             specify { expect { subject }.to change { license_compliance_rule.reload.approvals_required }.from(1).to(0) }
             specify { expect(subject[:status]).to be(:success) }
           end
 
-            context 'with an old report' do
-              let!(:ci_build) { create(:ee_ci_build, :success, :license_management, pipeline: pipeline, project: project) }
-
-              before do
-                stub_feature_flags(drop_license_management_artifact: false)
-              end
-
-              specify { expect { subject }.to change { license_compliance_rule.reload.approvals_required }.from(1).to(0) }
-              specify { expect(subject[:status]).to be(:success) }
-            end
-          end
-
           context "when an unexpected error occurs" do
             before do
               allow_next_instance_of(Gitlab::Ci::Reports::LicenseScanning::Report) do |instance|

lib/gitlab/ci/config/entry/reports.rb

@@ -13,7 +13,7 @@ module Gitlab
 
           ALLOWED_KEYS =
             %i[junit codequality sast secret_detection dependency_scanning container_scanning
-               dast performance browser_performance load_performance license_management license_scanning metrics lsif
+               dast performance browser_performance load_performance license_scanning metrics lsif
                dotenv cobertura terraform accessibility cluster_applications
                requirements coverage_fuzzing api_fuzzing].freeze
 
@@ -36,7 +36,6 @@ module Gitlab
               validates :performance, array_of_strings_or_string: true
               validates :browser_performance, array_of_strings_or_string: true
               validates :load_performance, array_of_strings_or_string: true
-              validates :license_management, array_of_strings_or_string: true
               validates :license_scanning, array_of_strings_or_string: true
               validates :metrics, array_of_strings_or_string: true
               validates :lsif, array_of_strings_or_string: true

locale/gitlab.pot

@@ -13987,9 +13987,6 @@ msgstr ""
 msgid "File deleted"
 msgstr ""
 
-msgid "File format is no longer supported"
-msgstr ""
-
 msgid "File hooks are similar to system hooks but are executed as files instead of sending data to a URL."
 msgstr ""
 

spec/factories/ci/builds.rb

@@ -508,14 +508,6 @@ FactoryBot.define do
       end
     end
 
-    trait :license_management do
-      options do
-        {
-            artifacts: { reports: { license_management: 'gl-license-management-report.json' } }
-        }
-      end
-    end
-
     trait :license_scanning do
       options do
         {

spec/lib/gitlab/ci/config/entry/reports_spec.rb

@@ -41,7 +41,6 @@ RSpec.describe Gitlab::Ci::Config::Entry::Reports do
         :dependency_scanning | 'gl-dependency-scanning-report.json'
         :container_scanning | 'gl-container-scanning-report.json'
         :dast | 'gl-dast-report.json'
-        :license_management | 'gl-license-management-report.json'
         :license_scanning | 'gl-license-scanning-report.json'
         :performance | 'performance.json'
         :browser_performance | 'browser-performance.json'

spec/models/ci/build_spec.rb

@@ -111,10 +111,6 @@ RSpec.describe Ci::Build do
   describe '.with_downloadable_artifacts' do
     subject { described_class.with_downloadable_artifacts }
 
-    before do
-      stub_feature_flags(drop_license_management_artifact: false)
-    end
-
     context 'when job does not have a downloadable artifact' do
       let!(:job) { create(:ci_build) }
 
@@ -1732,8 +1728,6 @@ RSpec.describe Ci::Build do
     subject { build.erase_erasable_artifacts! }
 
     before do
-      stub_feature_flags(drop_license_management_artifact: false)
-
       Ci::JobArtifact.file_types.keys.each do |file_type|
         create(:ci_job_artifact, job: build, file_type: file_type, file_format: Ci::JobArtifact::TYPE_AND_FORMAT_PAIRS[file_type.to_sym])
       end

spec/models/ci/job_artifact_spec.rb

@@ -328,35 +328,9 @@ RSpec.describe Ci::JobArtifact do
     end
   end
 
-  describe 'validates if file format is supported' do
-    subject { artifact }
-
-    let(:artifact) { build(:ci_job_artifact, file_type: :license_management, file_format: :raw) }
-
-    context 'when license_management is supported' do
-      before do
-        stub_feature_flags(drop_license_management_artifact: false)
-      end
-
-      it { is_expected.to be_valid }
-    end
-
-    context 'when license_management is not supported' do
-      before do
-        stub_feature_flags(drop_license_management_artifact: true)
-      end
-
-      it { is_expected.not_to be_valid }
-    end
-  end
-
   describe 'validates file format' do
     subject { artifact }
 
-    before do
-      stub_feature_flags(drop_license_management_artifact: false)
-    end
-
     described_class::TYPE_AND_FORMAT_PAIRS.except(:trace).each do |file_type, file_format|
       context "when #{file_type} type with #{file_format} format" do
         let(:artifact) { build(:ci_job_artifact, file_type: file_type, file_format: file_format) }

spec/models/merge_request_spec.rb

@@ -4906,7 +4906,6 @@ RSpec.describe MergeRequest, factory_default: :keep do
       subject { merge_request.enabled_reports[report_type] }
 
       before do
-        stub_feature_flags(drop_license_management_artifact: false)
         stub_licensed_features({ feature => true })
       end
 

spec/services/ci/retry_build_service_spec.rb

@@ -40,7 +40,7 @@ RSpec.describe Ci::RetryBuildService do
        job_artifacts_metadata job_artifacts_trace job_artifacts_junit
        job_artifacts_sast job_artifacts_secret_detection job_artifacts_dependency_scanning
        job_artifacts_container_scanning job_artifacts_dast
-       job_artifacts_license_management job_artifacts_license_scanning
+       job_artifacts_license_scanning
        job_artifacts_performance job_artifacts_browser_performance job_artifacts_load_performance
        job_artifacts_lsif job_artifacts_terraform job_artifacts_cluster_applications
        job_artifacts_codequality job_artifacts_metrics scheduled_at
@@ -74,9 +74,6 @@ RSpec.describe Ci::RetryBuildService do
     end
 
     before_all do
-      # Test correctly behaviour of deprecated artifact because it can be still in use
-      stub_feature_flags(drop_license_management_artifact: false)
-
       # Make sure that build has both `stage_id` and `stage` because FactoryBot
       # can reset one of the fields when assigning another. We plan to deprecate
       # and remove legacy `stage` column in the future.