Split collect dependency list

Since dependency_list report and license_management_report are different jobs, we need to collect this info separately

Split collect dependency list
Since dependency_list report and license_management_report are different jobs, we need to collect this info separately
fd74d00c · Tetiana Chupryna · Nick Thomas · bbd5ca73 · fd74d00c · fd74d00c
Commit fd74d00c authored Sep 02, 2019 by Tetiana Chupryna Committed by Nick Thomas Sep 02, 2019
6 changed files
--- a/ee/app/controllers/projects/security/dependencies_controller.rb
+++ b/ee/app/controllers/projects/security/dependencies_controller.rb
@@ -3,7 +3,6 @@
 module Projects
  module Security
    class DependenciesController < Projects::ApplicationController
-      before_action :ensure_dependency_list_feature_available
      before_action :authorize_read_dependency_list!

      def index
@@ -36,10 +35,6 @@ module Projects
        render_403 unless can?(current_user, :read_dependencies, project)
      end

-      def ensure_dependency_list_feature_available
-        render_404 unless project.feature_available?(:dependency_list)
-      end
-
      def dependencies
        @dependencies ||= collect_dependencies
      end

--- a/ee/app/models/ee/ci/build.rb
+++ b/ee/app/models/ee/ci/build.rb
@@ -78,6 +78,14 @@ module EE
          each_report(::Ci::JobArtifact::DEPENDENCY_LIST_REPORT_FILE_TYPES) do |file_type, blob|
            dependency_list.parse!(blob, dependency_list_report)
          end
+        end
+
+        dependency_list_report
+      end
+
+      def collect_licenses_for_dependency_list!(dependency_list_report)
+        if project.feature_available?(:dependency_list)
+          dependency_list = ::Gitlab::Ci::Parsers::Security::DependencyList.new(project, sha)

          each_report(::Ci::JobArtifact::LICENSE_MANAGEMENT_REPORT_FILE_TYPES) do |file_type, blob|
            dependency_list.parse_licenses!(blob, dependency_list_report)

--- a/ee/app/models/ee/ci/pipeline.rb
+++ b/ee/app/models/ee/ci/pipeline.rb
@@ -165,6 +165,9 @@ module EE
          builds.latest.with_reports(::Ci::JobArtifact.dependency_list_reports).each do |build|
            build.collect_dependency_list_reports!(dependency_list_report)
          end
+          builds.latest.with_reports(::Ci::JobArtifact.license_management_reports).each do |build|
+            build.collect_licenses_for_dependency_list!(dependency_list_report)
+          end
        end
      end


--- a/ee/spec/controllers/projects/security/dependencies_controller_spec.rb
+++ b/ee/spec/controllers/projects/security/dependencies_controller_spec.rb
@@ -19,7 +19,7 @@ describe Projects::Security::DependenciesController do

      context 'when feature is available' do
        before do
-          stub_licensed_features(dependency_list: true)
+          stub_licensed_features(dependency_list: true, license_management: true)
        end

        it 'counts usage of the feature' do
@@ -121,6 +121,23 @@ describe Projects::Security::DependenciesController do
          end
        end

+        context 'with found license report' do
+          let(:pipeline) { create(:ee_ci_pipeline, :with_dependency_list_report, project: project) }
+          let(:license_build) { create(:ee_ci_build, :success, :license_management, pipeline: pipeline) }
+
+          before do
+            pipeline.builds << license_build
+
+            get :index, params: params, format: :json
+          end
+
+          it 'include license information to response' do
+            nokogiri = json_response['dependencies'].select { |dep| dep['name'] == 'nokogiri' }.first
+
+            expect(nokogiri['licenses']).not_to be_empty
+          end
+        end
+
        context 'without existing report' do
          let!(:pipeline) { create(:ee_ci_pipeline, :with_sast_report, project: project) }

@@ -165,21 +182,21 @@ describe Projects::Security::DependenciesController do
        end
      end

-      context 'when feature is not available' do
+      context 'when licensed feature is unavailable' do
        before do
          get :index, params: params, format: :json
        end

-        it 'returns 404' do
-          expect(response).to have_gitlab_http_status(404)
+        it 'returns 403' do
+          expect(response).to have_gitlab_http_status(403)
        end
      end
    end

    context 'with unauthorized user' do
      before do
-        project.add_guest(user)
        stub_licensed_features(dependency_list: true)
+        project.add_guest(user)

        get :index, params: params, format: :json
      end

--- a/ee/spec/models/ci/build_spec.rb
+++ b/ee/spec/models/ci/build_spec.rb
@@ -236,7 +236,6 @@ describe Ci::Build do

  describe '#collect_dependency_list_reports!' do
    let!(:dl_artifact) { create(:ee_ci_job_artifact, :dependency_list, job: job, project: job.project) }
-    let!(:lm_artifact) { create(:ee_ci_job_artifact, :license_management, job: job, project: job.project) }
    let(:dependency_list_report) { Gitlab::Ci::Reports::DependencyList::Report.new }

    subject { job.collect_dependency_list_reports!(dependency_list_report) }
@@ -254,7 +253,6 @@ describe Ci::Build do

        expect(dependency_list_report.dependencies.count).to eq(21)
        expect(mini_portile2[:name]).to eq('mini_portile2')
-        expect(mini_portile2[:licenses][0][:name]).to eq('MIT')
        expect(yarn[:location][:blob_path]).to eq(blob_path)
      end
    end
@@ -263,7 +261,41 @@ describe Ci::Build do
      it 'does NOT parse dependency list report' do
        subject

-        expect(dependency_list_report.dependencies.count).to eq(0)
+        expect(dependency_list_report.dependencies).to be_empty
+      end
+    end
+  end
+
+  describe '#collect_licenses_for_dependency_list!' do
+    let!(:lm_artifact) { create(:ee_ci_job_artifact, :license_management, job: job, project: job.project) }
+    let(:dependency_list_report) { Gitlab::Ci::Reports::DependencyList::Report.new }
+    let(:dependency) { build(:dependency) }
+
+    subject { job.collect_licenses_for_dependency_list!(dependency_list_report) }
+
+    before do
+      dependency_list_report.add_dependency(dependency)
+    end
+
+    context 'with available licensed feature' do
+      before do
+        stub_licensed_features(dependency_list: true)
+      end
+
+      it 'parses blobs and add found license' do
+        subject
+        nokogiri = dependency_list_report.dependencies.first
+
+        expect(nokogiri&.dig(:licenses, 0, :name)).to eq('MIT')
+      end
+    end
+
+    context 'with unavailable licensed feature' do
+      it 'does not add licenses' do
+        subject
+        nokogiri = dependency_list_report.dependencies.first
+
+        expect(nokogiri[:licenses]).to be_empty
      end
    end
  end

--- a/ee/spec/models/ci/pipeline_spec.rb
+++ b/ee/spec/models/ci/pipeline_spec.rb
@@ -287,10 +287,13 @@ describe Ci::Pipeline do
    context 'when pipeline has a build with dependency list reports' do
      let!(:build) { create(:ci_build, :success, name: 'dependency_list', pipeline: pipeline, project: project) }
      let!(:artifact) { create(:ee_ci_job_artifact, :dependency_list, job: build, project: project) }
+      let!(:build2) { create(:ci_build, :success, name: 'license_management', pipeline: pipeline, project: project) }
+      let!(:artifact2) { create(:ee_ci_job_artifact, :license_management, job: build, project: project) }

      it 'returns a dependency list report with collected data' do
        expect(subject.dependencies.count).to eq(21)
        expect(subject.dependencies[0][:name]).to eq('mini_portile2')
+        expect(subject.dependencies[0][:licenses]).not_to be_empty
      end

      context 'when builds are retried' do