Fix AutoDevOps for projects that configured license scanning job (!129658) · Merge requests · GitLab.org / GitLab

Oscar Tovar requested to merge master-patch-9a99 into master Aug 17, 2023

What does this MR do and why?

The change introduced by Remove License Scanning from AutoDevOps (!129139 - merged) broke AutoDevOps configurations that had overridden the license_scanning job, such as this one:

license_scanning:
  rules:
    - if: "$LICENSE_MANAGEMENT_DISABLED"
      when: never
    - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $GITLAB_FEATURES =~ /\\blicense_scanning\\b/
    - if: "$CI_COMMIT_BRANCH && $GITLAB_FEATURES =~ /\\blicense_scanning\\b/"

Before the removal of the Jobs/License-Scanning.gitlab-ci.yml template by Remove License Scanning from AutoDevOps (!129139 - merged), the above license_scanning job would override the existing defined job, however, after the Jobs/License-Scanning.gitlab-ci.yml template was removed, any custom license_scanning override jobs became standalone jobs, and as such required a script keyword which results in the following invalid yaml failure:

The long-term fix is to remove any custom license_scanning job overrides, for example, this MR: Remove deprecated license scanning job (gitlab-org/gitlab-services/version.gitlab.com!34 - merged), however, in order to avoid introducing a change that prevents pipelines from working at all, we've created this MR to re-add the Jobs/License-Scanning.gitlab-ci.yml template.

What are the relevant issue numbers?

AutoDevOps is broken for projects that configur... (#422756 - closed)

Further details

The license scanning job will no longer produce any reports and will be allowed to fail. To be transparent, it outputs a reference to the removal of the license scanning artifact based approach. In cases where a project had configured the license scanning job without a script step, the complete template removal resulted in a broken pipeline state. Re-adding the job fixes this while making it visible that the job is no longer producing reports.

Manual QA

Before	After
Broken pipeline	Fixed pipeline

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Aug 21, 2023 by Adam Cohen

Fix AutoDevOps for projects that configured license scanning job