Skip to content

Merge Request Licence Widget to align with full report

Proposal

Presently the merge request licence widget will only show denied licences that are not already present in the target branch.

For instance if you setup a licence policy which denies unknown licences. Then submit a merge request that contains a dependency where the licence is unknown into the main branch you would see a the below violation shown in the Licence Widget.

Licence_Widget_showing_Denied

If you then merge this licence into main then main now contains 1 instance of the unknown licence. Any following instances of this will no longer be shown in the Licence widget.

So following the above if you submit a merge request with a different dependency (new instance) of unknown the widget will now not show the new instance of licence will require approval.

new_licence_violation_no_message

However both the bot message and Full report will however show the violation.

bot_message_shows_violation

full_report_showing_violation

So this is an inconsistency in the behaviour and can lead to confusing some users.

Propose to align the Licence widget to consistently show new instances of licence violations.