License Compliance ignores pip configurations with private servers
Summary
License Compliance doesn't work with private pip servers.
Steps to reproduce
- Install GitLab in a private network, with restricted access to the Internet.
- Install a private pip server
- Publish a package on this server
- Create a python project on this GitLab, using the private package.
- Create a
.pip
folder in the project to prefer a private server url (ex: https://gist.github.com/Jaza/fcea493dd0ba6ebf09d3#configure-pip-to-use-private-pypi) - Setup and run the
license_management
job on that project
What is the current bug behavior?
Job is failing, trying to hit https://pypi.org/[...]
What is the expected correct behavior?
Job is succeeding, and licenses are reported.
Possible fixes
The call to pypi.org is hardcoded in https://github.com/pivotal-legacy/LicenseFinder/blob/master/lib/license_finder/package_managers/pip.rb#L61 There's an issue open for this in the LicenseFinder project: https://github.com/pivotal-legacy/LicenseFinder/issues/230 with a fork we can leverage to get started on this.
Also refs: https://gitlab.com/gitlab-org/gitlab-ee/issues/6603
Edited by Lukas 'ai-pi' Eipert