Fix License Compliance widget link on MR from forked project

Albina Yusupovarequested to merge
fix-license-fork-project-pipeline-link into master

What does this MR do and why?

This MR fixes incorrect links in the License Compliance widget for MRs originating from forked projects.

Currently, the widget generates license links using the upstream project path, even though the pipeline runs in the forked project. As a result, clicking the "Used by N package" or "Full report" link leads to a 404.

This MR updates the logic to ensure the generated link points to the correct, source project namespace (i.e. the fork), so users are directed to a valid pipeline license report.

Extras:

  • Slightly refactored widget entity tests

References

Linked Issue: #503498 (closed)

Screen recordings

Before After
before-license-widget-link.webm after-license-widget-link.webm

How to set up and validate locally

Prerequisites:

  • Local GDK instance with Ultimate License enabled.

Steps:

  1. Set up License Approval Policy in GDK
    1. Go to the group where you want to enable the policy, e.g.: http://gdk.test:3000/gitlab-org
    2. In the left sidebar go to Security -> Policies
    3. Click New policy , then select Merge request approval policy.
    4. Switch to YAML mode.
    5. Paste the contents from this sample policy: ➡️ license-policy.yml.
    6. Click Configure with a merge request. follow the prompts, and merge the MR into your security policies project.
  2. Create Test Project
    1. In the same group (e.g., gitlab-org), create a new empty project.
  3. Fork and Prepare the Project
    1. Fork the newly created project into the same group.
    2. In the fork, create a new branch.
    3. Add the contents from the following repo to that branch: ➡️ sbom-liscense-upload.
    4. Commit and push the changes.
  4. Create a Merge Request

    1. Open a merge request from the fork's new branch -> into the original project's main branch.

    2. Wait for the pipeline to finish and verify that the License Compliance widget appears on the MR page:

      image.png

  5. Validate License Compliance Widget Links
    1. Click on "Full Report" and "Used by 1 package" links and ensure they lead to 404 Page.
    2. Check out your GDK GitLab project into this MR branch: fix-license-fork-project-pipeline-link.
    3. Restart GDK rails service: gdk restart rails-web.
    4. Click on "Full Report" and "Used by 1 package" again and ensure they lead to the respective MR pipeline.
  6. Additional Validation: Create MR from Source Project (No Fork)
    1. In the original project, create a new branch directly.
    2. Copy or reuse the same contents from the sbom-license-upload example.
    3. Open MR from this new branch -> into the main branch of the same project.
    4. Wait for the pipeline to complete.
    5. Verify that in the "Full Report" and "Used by 1 package" links behave as expected.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Albina Yusupova

Merge request reports