Fix License Compliance widget link for MRs with deleted source project

Albina Yusupovarequested to merge
fix-license-widget-link-on-empty-source-project into master

What does this MR do and why?

This MR fixes License Compliance widget link failures that occur when the source project of a merge request has been deleted, but the MR's head pipeline still exists on the target project.

The issue arises when:

  • The MR originates from a fork
  • The source (fork) project has been deleted
  • The MR’s head pipeline exists on the target project

Currently, the License Compliance widget builds its pipeline link using the MR's source project together with the head pipeline. When the source project no longer exists, this results in a broken link and a 500 error.

licenses_project_pipeline_path(merge_request.source_project, merge_request.head_pipeline)

To resolve this, the widget now builds the link from merge_request.head_pipeline.project instead of merge_request.source_project.

  • This ensures the widget always points to the project that owns the pipeline.
  • If no head_pipeline is defined, the full_report_path will not be added, preventing invalid links (it is an existing logic).

References

Fixes #564960 (closed)

An example of the issue can be seen in this closed MR: gitlab-org/secure/tests/albi.yusupova/target-project-license-pipeline-link!1 (closed). Project: target-project-license-pipeline-link:

How to set up and validate locally

For quick testing, you can use this sample project as a target project (with MR pipelines enabled and a License Approval Policy configured): target-project-license-pipeline-link.

To fully reproduce in GDK:

  1. Create an empty project and enable MR pipelines in the target project.

    Example .gitlab-ci.yml 
    stages:
  - test

workflow:
  rules:
    - if: $CI_MERGE_REQUEST_IID
    - if: $CI_COMMIT_TAG
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

test:
  stage: test
  script:
    - echo "Running a test"

  2. Configure a License Approval Policy for the project (Add a New Merge Request Approval Policy).

  3. Create an MR from a forked project to the target project.

  4. Delete the forked project (use Delete immediately).

  5. Open the MR in the target project.

    • Before this MR: opening the MR results in a 500 error.
    • After this MR: the MR page loads successfully, and the License Compliance widget links correctly to the pipeline.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Albina Yusupova

Merge request reports