`license_scanning` job fails with an unhelpful error message for golang projects when there is no `go.sum` file
Summary
When setting up a minimal golang project, the license_scanning
job fails with the following error if go.mod
is included in the repository but go.sum
is not.
/opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/license-management-3.23.0/lib/license/finder/ext/go_modules.rb:61:in `vendor_path': undefined method `parent' for nil:NilClass (NoMethodError)
from /opt/gitlab/embedded/lib/ruby/gems/2.7.0/gems/license-management-3.23.0/lib/license/finder/ext/go_modules.rb:65:in `vendored?'
Steps to reproduce
- Create a new project an enable autodevops.
- Add a minimal
server/server.go
source file. - Add a minimal
go.mod
file. - Do not add a
go.sum
file to the repository.
When the job runs, it will fail.
Example Project
https://gitlab.com/asaba_alt_group/public-group/test-public-group/-/jobs/698908738#L34
What is the current bug behavior?
The job fails without an indication of the actual problem.
What is the expected correct behavior?
At a minimum, a better error should be presented to the user indicating how to fix the problem. Since this used to work without the go.sum
, possibly have this as a warning and allow the job to run as it did previously.
Relevant logs and/or screenshots
https://gitlab.com/asaba_alt_group/public-group/test-public-group/-/jobs/698908738#L34
Output of checks
This bug happens on GitLab.com.
Possible fixes
(If you can, link to the line of code that might be responsible for the problem)
go_sum_path
is set here but used without checking if it is Nil: https://gitlab.com/gitlab-org/security-products/analyzers/license-finder/-/blob/main/lib/license/finder/ext/go_modules.rb#L36
Implementation plan
-
check presence of go.sum
file before trying to parse it and if not present, fallback to manually listing the dependencies withgo_list_all
. Dependencies should have already been install with the prepare command anyway. -
add a test case to cover this situation