Merge branch '378085-use-license-scanning-service-in-license-compliance-page' into 'master'

Use License Scanning Artifact Scanner class in License Compliance page

See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/105533



Merged-by: Patrick Bajao <ebajao@gitlab.com>
Approved-by: Patrick Bajao <ebajao@gitlab.com>
Reviewed-by: Tetiana Chupryna <tchupryna@gitlab.com>
Reviewed-by: Fabien Catteau <fcatteau@gitlab.com>
Reviewed-by: Matthias Käppler <mkaeppler@gitlab.com>
Co-authored-by: Oscar Tovar <otovar@gitlab.com>

ee/app/models/ee/ci/pipeline.rb

@@ -122,6 +122,8 @@ def expose_license_scanning_data?
         batch_lookup_report_artifact_for_file_type(:license_scanning).present?
       end
+      # Deprecated: use Gitlab::LicenseScanning to generate a scanner and call #report instead.
+      # More info: https://gitlab.com/groups/gitlab-org/-/epics/8532
       def license_scanning_report
         ::Gitlab::Ci::Reports::LicenseScanning::Report.new.tap do |license_scanning_report|
           latest_report_builds(::Ci::JobArtifact.of_report_type(:license_scanning)).each do |build|

ee/app/models/ee/merge_request.rb

@@ -183,7 +183,11 @@ def hidden_blocking_merge_requests_count(user, include_merged: false)
     def has_denied_policies?
       return false unless project.feature_available?(:license_scanning)
-      return false unless has_license_scanning_reports?
+      return false unless actual_head_pipeline
+
+      return false unless ::Gitlab::LicenseScanning
+        .scanner_for_pipeline(actual_head_pipeline)
+        .results_available?
       return false if has_approved_license_check?
@@ -226,10 +230,6 @@ def compare_dependency_scanning_reports(current_user)
       compare_reports(::Ci::CompareSecurityReportsService, current_user, 'dependency_scanning')
     end
-    def has_license_scanning_reports?
-      !!actual_head_pipeline&.complete_and_has_reports?(::Ci::JobArtifact.of_report_type(:license_scanning))
-    end
-
     def has_container_scanning_reports?
       !!actual_head_pipeline&.complete_and_has_reports?(::Ci::JobArtifact.of_report_type(:container_scanning))
     end

ee/app/models/ee/project.rb

@@ -912,7 +912,8 @@ def merge_requests_disable_committers_approval?
       !!merge_requests_disable_committers_approval
     end
-    def license_compliance(pipeline = latest_default_branch_pipeline_with_reports(::Ci::JobArtifact.of_report_type(:license_scanning)))
+    def license_compliance(pipeline = nil)
+      pipeline ||= ::Gitlab::LicenseScanning.scanner_for_project(self).pipeline
       SCA::LicenseCompliance.new(self, pipeline)
     end

ee/app/models/sca/license_compliance.rb

@@ -12,6 +12,7 @@ class LicenseCompliance
     def initialize(project, pipeline)
       @project = project
       @pipeline = pipeline
+      @scanner = ::Gitlab::LicenseScanning.scanner_for_pipeline(pipeline)
     end
     def policies
@@ -58,13 +59,13 @@ def diff_with(other)
     def license_scanning_report
       strong_memoize(:license_scanning_report) do
-        pipeline.blank? ? empty_report : pipeline.license_scanning_report
+        scanner.report
       end
     end
     private
-    attr_reader :project, :pipeline
+    attr_reader :project, :pipeline, :scanner
     def known_policies
       return {} if project.blank?
@@ -91,10 +92,6 @@ def unclassified_policies
       end.compact.to_h
     end
-    def empty_report
-      ::Gitlab::Ci::Reports::LicenseScanning::Report.new
-    end
-
     def build_policy(reported_license, software_license_policy)
       ::SCA::LicensePolicy.new(reported_license, software_license_policy)
     end

ee/lib/gitlab/license_scanning.rb

@@ -10,7 +10,8 @@ def self.scanner_for_project(project, ref = project.default_branch)
     def self.scanner_for_pipeline(pipeline)
       klass = scanner_class
-      klass.new(pipeline.project, pipeline)
+      project = pipeline.project unless pipeline.blank?
+      klass.new(project, pipeline)
     end
     # TODO: return ::Gitlab::LicenseScanning::SbomScanner

ee/lib/gitlab/license_scanning/artifact_scanner.rb

@@ -8,15 +8,25 @@ def self.latest_pipeline(project, ref)
       end
       def report
-        raise "Not implemented"
+        pipeline.blank? ? empty_report : pipeline.license_scanning_report
       end
       def has_data?
-        raise "Not implemented"
+        return false if pipeline.blank?
+
+        pipeline.batch_lookup_report_artifact_for_file_type(:license_scanning).present?
       end
       def results_available?
-        raise "Not implemented"
+        return false if pipeline.blank?
+
+        pipeline.complete_and_has_reports?(::Ci::JobArtifact.of_report_type(:license_scanning))
+      end
+
+      private
+
+      def empty_report
+        ::Gitlab::Ci::Reports::LicenseScanning::Report.new
       end
     end
   end

ee/spec/lib/gitlab/license_scanning/artifact_scanner_spec.rb

@@ -8,9 +8,23 @@
   subject(:scanner) { described_class.new(project, pipeline) }
+  before do
+    stub_licensed_features(license_scanning: true)
+  end
+
   describe "#report" do
-    it "raises a not implemented error" do
-      expect { scanner.report }.to raise_error(RuntimeError, /Not implemented/)
+    context "when pipeline contains a license scanning report" do
+      it "returns a non-empty report" do
+        expect(scanner.report.empty?).to be_falsey
+      end
+    end
+
+    context "when pipeline contains no license scanning report" do
+      let_it_be(:pipeline) { create(:ee_ci_pipeline, :with_metrics_report, project: project) }
+
+      it "returns an empty report" do
+        expect(scanner.report.empty?).to be_truthy
+      end
     end
   end
@@ -21,14 +35,45 @@
   end
   describe "#has_data?" do
-    it "raises a not implemented error" do
-      expect { scanner.has_data? }.to raise_error(RuntimeError, /Not implemented/)
+    context "when pipeline has a license scanning report" do
+      let_it_be(:pipeline) { create(:ee_ci_pipeline, :with_license_scanning_report, project: project) }
+
+      it "returns true" do
+        expect(scanner.has_data?).to be_truthy
+      end
+    end
+
+    context "when pipeline has no license scanning report" do
+      let_it_be(:pipeline) { create(:ee_ci_pipeline, project: project) }
+
+      it "returns false" do
+        expect(scanner.has_data?).to be_falsey
+      end
+    end
+
+    context "when pipeline is nil" do
+      let(:pipeline) { nil }
+
+      it "returns false" do
+        expect(scanner.has_data?).to be_falsey
+      end
     end
   end
   describe "#results_available?" do
-    it "raises a not implemented error" do
-      expect { scanner.results_available? }.to raise_error(RuntimeError, /Not implemented/)
+    subject { described_class.new(project, pipeline).results_available? }
+
+    context "when pipeline is running" do
+      let_it_be(:pipeline) { create(:ci_pipeline, :running, project: project) }
+      let_it_be(:build) { create(:ci_build, :license_scanning, pipeline: pipeline) }
+
+      it { is_expected.to be_falsey }
+    end
+
+    context "when pipeline status is success" do
+      let_it_be(:pipeline) { create(:ee_ci_pipeline, :with_license_scanning_report, project: project) }
+
+      it { is_expected.to be_truthy }
     end
   end
 end

ee/spec/models/merge_request_spec.rb

@@ -372,26 +372,6 @@
     end
   end
-  describe '#has_license_scanning_reports?' do
-    subject { merge_request.has_license_scanning_reports? }
-
-    before do
-      stub_licensed_features(license_scanning: true)
-    end
-
-    context 'when head pipeline has license scanning reports' do
-      let(:merge_request) { create(:ee_merge_request, :with_license_scanning_reports, source_project: project) }
-
-      it { is_expected.to be_truthy }
-    end
-
-    context 'when head pipeline does not have license scanning reports' do
-      let(:merge_request) { create(:ee_merge_request, source_project: project) }
-
-      it { is_expected.to be_falsey }
-    end
-  end
-
   describe '#has_dependency_scanning_reports?' do
     subject { merge_request.has_dependency_scanning_reports? }