Add MR widget support for license check
What does this MR do?
Parent Issue: #196845 (closed) Issue: #214990 (closed)
This adds support in the frontend to block a MR when a license policy that is marked as denied
is detected in the project as a result of running the license_scanning
CI job.
Steps to Run locally
1.) Clone https://gitlab.com/gitlab-org/secure/security-reports
2.) Open a rails console and run
Feature.enable(:license_compliance_denies_mr)
2.) Create a MR from the source branch 'license-scanning' to 'master`
3.) Go to the License Compliance
page and mark the LGPL
license as denied
4.) Go back to the MR you created
5.) Observe:
6.) Disable the feature flag in rails console
Feature.disable(:license_compliance_denies_mr)
7.) Observe that you can again merge the MR
Testing all possible states of
licenseSummaryText
summaryTextWithLicenseCheck
summaryTextWithoutLicenseCheck
This is a bit more of a pain
In the MR page
1.) A MR that introduces new policy violations (1 or many)
2.) A MR that contains policy violations that already exist (1 or many)
3.) Report loading
4.) No new licenses detected
5.) Target branch has no licenses
In the Pipeline "License" tab
1.) A MR that introduces new policy violations (1 or many)
2.) A MR that contains policy violations that already exist (1 or many)
3.) Report loading
4.) No new licenses detected
5.) Target branch has no licenses
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Addresses #214990 (closed)