Make Gitaly provide all the project license details
We've had an incident due to a mismatch between go-license-finder
(in Gitaly) and Licensee
(in gitlab-org/gitlab).
To overcome such issues in the future, we'd like to get rid of Licensee
and make Gitaly provide all the licensee details.
Proposal
Originated from create-stage#12914 (comment 671310178).
Extend FindLicenseResponse
so it will contain:
- name
- nickname (not sure how this differs from the name, is it the SPDX name?)
- url to the license
- source url (supposably the url of the license file in the repo)
These seems to be all the fields gitlab rails uses at the moment.
Challenge
When using the Licensee gem in the Ruby sidecar we have all the info at hand, but we don't have a Go package that provides feature parity, see #3078 (closed).
Action plan
Since we have to deal with the challenge above, I suggest we:
-
Disable the Go implementation completely (for now) -
Look into upstreaming a change that allows us to read all details from the license database of go-license-finder -
Continue work started in !4198 (merged) and provide all the details from the sidecar -
Continue work in gitlab-org/gitlab (gitlab!77041 (merged)) and get rid of the Licensee gem
Availability and Testing
-
Updating E2E test (preliminary work done gitlab!91695 (merged)) -
Verifying Uploading a LICENSE file via WebIDE continues to work -
Verify opening license file works and displays the License Name - 'common' licenses e.g. MIT (smoke test)
- 'less common' licenses that exist SPDX but not in Licensee Gem
- licenses details stored in 'non-standard' files such as 'README'
- data in a LICENSE file that doesn't match any known license should be handled as a 'generic' license
Edited by John McDonnell