Revert EE / FOSS code split

This reverts merge request !2708

Changelog: changed

.gitlab-ci.yml

@@ -81,16 +81,6 @@ unit test:
     reports:
       junit: rspec.xml
 
-test ee:
-  extends: .ruby-alpine
-  stage: initial-test
-  script:
-    - bundle exec rake spec_ee
-  artifacts:
-    when: always
-    reports:
-      junit: rspec.xml
-
 gitlab styles:
   extends: .ruby-alpine
   stage: initial-test

Rakefile

@@ -25,10 +25,6 @@ RSpec::Core::RakeTask.new(:spec_integration) do |t|
   t.rspec_opts = "--tag integration #{COMMON_RSPEC_OPTIONS}"
 end
 
-RSpec::Core::RakeTask.new(:spec_ee) do |t|
-  t.rspec_opts = "--default-path ee/spec --pattern 'ee/spec/**{,/*/**}/*_spec.rb' #{COMMON_RSPEC_OPTIONS}"
-end
-
 %w[generic ca_cert].each do |flag|
   RSpec::Core::RakeTask.new("spec_integration_#{flag}") do |t|
     t.rspec_opts = "--tag integration:#{flag} #{COMMON_RSPEC_OPTIONS}"

ee/LICENSE

-The GitLab Enterprise Edition (EE) license (the “EE License”)
-Copyright (c) 2011-present GitLab B.V.
-
-With regard to the GitLab Software:
-
-This software and associated documentation files (the "Software") may only be
-used in production, if you (and any entity that you represent) have agreed to,
-and are in compliance with, the GitLab Subscription Terms of Service, available
-at https://about.gitlab.com/terms/#subscription (the “EE Terms”), or other
-agreement governing the use of the Software, as agreed by you and GitLab,
-and otherwise have a valid GitLab Enterprise Edition subscription for the
-correct number of user seats. Subject to the foregoing sentence, you are free to
-modify this Software and publish patches to the Software. You agree that GitLab
-and/or its licensors (as applicable) retain all right, title and interest in and
-to all such modifications and/or patches, and all such modifications and/or
-patches may only be used, copied, modified, displayed, distributed, or otherwise
-exploited with a valid GitLab Enterprise Edition subscription for the  correct
-number of user seats.  Notwithstanding the foregoing, you may copy and modify
-the Software for development and testing purposes, without requiring a
-subscription.  You agree that GitLab and/or its licensors (as applicable) retain
-all right, title and interest in and to all such modifications.  You are not
-granted any other rights beyond what is expressly stated herein.  Subject to the
-foregoing, it is forbidden to copy, merge, publish, distribute, sublicense,
-and/or sell the Software.
-
-This EE License applies only to the part of this Software that is not
-distributed as part of GitLab Community Edition (CE). Any part of this Software
-distributed as part of GitLab CE or is served client-side as an image, font,
-cascading stylesheet (CSS), file which produces or is compiled, arranged,
-augmented, or combined into client-side JavaScript, in whole or in part, is
-copyrighted under the MIT Expat license. The full text of this EE License shall
-be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
-
-For all third party components incorporated into the GitLab Software, those
-components are licensed under the original license provided by the owner of the
-applicable component.

ee/spec/gcs/converter_spec.rb

-# frozen_string_literal: true
-RSpec.describe Gcs::Converter do
-  let(:trivy_output_unsupported_os) { fixture_file_content('trivy-unsupported-os.json') }
-
-  modify_environment 'GITLAB_FEATURES' => 'container_scanning,sast'
-
-  describe '#convert' do
-    context 'when there are unsupported operating systems' do
-      let(:remediation_collection) { double(Gcs::Remediations::Collection).as_null_object }
-      let(:unsupported_operating_systems) { double(Set, empty?: false) }
-
-      it 'shows the unsupported OS warning' do
-        allow(Gcs::Remediations::Collection).to receive(:new).and_return(remediation_collection)
-        allow(remediation_collection).to receive(:unsupported_operating_systems)
-                                           .and_return(unsupported_operating_systems)
-        allow(remediation_collection).to receive(:unsupported_os_warning)
-
-        expect(remediation_collection).to receive(:unsupported_os_warning)
-
-        described_class.new(trivy_output_unsupported_os, {}).convert
-      end
-    end
-  end
-end

ee/spec/gcs/plugin/container_scan_spec.rb

-# frozen_string_literal: true
-
-RSpec.describe Gcs::Plugin::ContainerScan do
-  modify_environment 'GITLAB_FEATURES' => 'container_scanning,sast'
-
-  RSpec.shared_examples 'QUIET mode' do
-    context 'with QUIET mode' do
-      modify_environment 'CS_QUIET' => 'true'
-
-      it 'does not print the results table' do
-        expect(Gcs::Util).not_to receive(:write_table)
-      end
-    end
-  end
-
-  describe '#convert' do
-    subject(:convert) { described_class.new.convert(nil, nil) }
-
-    before do
-      allow(Gcs::Converter).to receive_message_chain(:new, :convert).and_return({})
-    end
-
-    context 'with invalid allow list file' do
-      before do
-        allow(File).to receive(:read).and_return('"') # smallest broken yaml
-      end
-
-      specify do
-        expect(Gcs::Util).to receive(:write_table).with({}, nil)
-        expect(Gcs::Util).to receive(:write_file).with(Gcs::DEFAULT_REPORT_NAME, {}, Pathname.pwd, nil)
-        expect(Gcs.logger).to receive(:debug).with(match(/Allowlist failed with /))
-
-        convert
-      end
-    end
-
-    context 'with allow list file' do
-      let(:allow_list_file) { fixture_file('vulnerability-allowlist.yml').to_s }
-
-      before do
-        allow(Gcs::AllowList).to receive(:file_path).and_return(allow_list_file)
-      end
-
-      include_examples 'QUIET mode'
-
-      specify do
-        expect(Gcs::Util).to receive(:write_table).with({}, instance_of(Gcs::AllowList))
-        expect(Gcs::Util).to receive(:write_file).with(Gcs::DEFAULT_REPORT_NAME, {},
-                                                       Pathname.pwd,
-                                                       instance_of(Gcs::AllowList))
-
-        expect(Gcs.logger).to receive(:info).with(match(/Using allowlist /))
-
-        convert
-      end
-    end
-
-    context 'without allow list file' do
-      before do
-        allow(Gcs::AllowList).to receive(:file_path).and_return('nonexisting-file-allowlist.yml')
-      end
-
-      include_examples 'QUIET mode'
-
-      specify do
-        expect(Gcs::Util).to receive(:write_table).with({}, nil)
-        expect(Gcs::Util).to receive(:write_file).with(Gcs::DEFAULT_REPORT_NAME, {}, Pathname.pwd, nil)
-        expect(Gcs.logger).to receive(:debug).with(match(/Allowlist failed with /))
-
-        convert
-      end
-    end
-  end
-end

ee/spec/spec_helper.rb

-# frozen_string_literal: true
-require 'gcs'
-require 'json_schemer'
-require 'rspec-parameterized'
-
-require './spec/helpers'
-require './spec/support/environment_helper'
-require './spec/support/fixture_file_helper'
-require './spec/support/schema_helper'
-require './spec/support/matchers/match_schema'
-
-RSpec.configure do |config|
-  config.include FixtureFileHelper
-  config.include EnvironmentHelper
-  config.extend EnvironmentHelper::ClassMethods
-  config.include SchemaHelper
-end

gcs.gemspec

@@ -32,5 +32,5 @@ Gem::Specification.new do |spec|
 
   spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ['lib', 'ee/lib']
+  spec.require_paths = ['lib']
 end

lib/gcs.rb

@@ -19,7 +19,6 @@ require 'term/ansicolor'
 require 'openssl'
 
 loader = Zeitwerk::Loader.for_gem
-loader.push_dir(File.join(__dir__, '../ee/lib'))
 loader.setup
 
 module Gcs

lib/gcs/converter.rb

@@ -25,12 +25,10 @@ module Gcs
         .each do |vulnerability|
           converted_vuln = Vulnerability.new(vulnerability, @opt.fetch(:image_name, nil))
           vulns << converted_vuln
-          @remediations.create_remediation(converted_vuln, vulnerability) if Gcs::Environment.ee?
+          @remediations.create_remediation(converted_vuln, vulnerability)
         end
 
-      if Gcs::Environment.ee? && @remediations.unsupported_operating_systems.present?
-        @remediations.unsupported_os_warning
-      end
+      @remediations.unsupported_os_warning unless @remediations.unsupported_operating_systems.empty?
 
       parsed_report['vulnerabilities'] = vulns.map(&:to_hash)
       parsed_report['remediations'] = @remediations.to_hash

lib/gcs/environment.rb

@@ -88,10 +88,6 @@ module Gcs
         ENV.fetch('CS_IGNORE_UNFIXED', 'false').to_s.casecmp?('true')
       end
 
-      def ee?
-        ENV.fetch('GITLAB_FEATURES', '').to_s.include?('container_scanning')
-      end
-
       private
 
       def should_use_ci_credentials?

lib/gcs/plugin/container_scan.rb

@@ -9,22 +9,15 @@ module Gcs
       def convert(scanner_output, scan_metadata)
         gitlab_format = Converter.new(scanner_output, scan_metadata).convert
 
-        allow_list = build_allow_list
-        Gcs::Util.write_table(gitlab_format, allow_list) unless ENV['CS_QUIET'] # FIXME: undocumented env var
-        Gcs::Util.write_file(Gcs::DEFAULT_REPORT_NAME, gitlab_format, Environment.project_dir, allow_list)
-      end
-
-      def build_allow_list
-        return unless Environment.ee?
-
         begin
-          allow_list = ::Gcs::AllowList.new
+          allow_list = AllowList.new
           Gcs.logger.info("Using allowlist #{AllowList.file_path}")
         rescue StandardError => e
           Gcs.logger.debug("Allowlist failed with #{e.message} for #{AllowList.file_path} ")
         end
 
-        allow_list
+        Gcs::Util.write_table(gitlab_format, allow_list) unless ENV['CS_QUIET'] # FIXME: undocumented env var
+        Gcs::Util.write_file(Gcs::DEFAULT_REPORT_NAME, gitlab_format, Environment.project_dir, allow_list)
       end
 
       def handle_failure

spec/gcs/converter_spec.rb

@@ -38,6 +38,22 @@ RSpec.describe Gcs::Converter do
       expect(gitlab_format).to match_schema(:container_scanning)
     end
 
+    context 'when there are unsupported operating systems' do
+      let(:remediation_collection) { double(Gcs::Remediations::Collection).as_null_object }
+      let(:unsupported_operating_systems) { double(Set, empty?: false) }
+
+      it 'shows the unsupported OS warning' do
+        allow(Gcs::Remediations::Collection).to receive(:new).and_return(remediation_collection)
+        allow(remediation_collection).to receive(:unsupported_operating_systems)
+                                           .and_return(unsupported_operating_systems)
+        allow(remediation_collection).to receive(:unsupported_os_warning)
+
+        expect(remediation_collection).to receive(:unsupported_os_warning)
+
+        described_class.new(trivy_output_unsupported_os, {}).convert
+      end
+    end
+
     context 'when image is not provided in vulnerability' do
       it 'sets provided image_name' do
         gitlab_format = described_class.new(trivy_output_with_language, scan_runtime.merge(image_name: 'g:0.1')).convert

spec/gcs/plugin/container_scan_spec.rb

 # frozen_string_literal: true
 
 RSpec.describe Gcs::Plugin::ContainerScan do
+  RSpec.shared_examples 'QUIET mode' do
+    context 'with QUIET mode' do
+      modify_environment 'CS_QUIET' => 'true'
+
+      it 'does not print the results table' do
+        expect(Gcs::Util).not_to receive(:write_table)
+      end
+    end
+  end
+
   describe '#convert' do
     subject(:convert) { described_class.new.convert(nil, nil) }
 
@@ -16,6 +26,44 @@ RSpec.describe Gcs::Plugin::ContainerScan do
       specify do
         expect(Gcs::Util).to receive(:write_table).with({}, nil)
         expect(Gcs::Util).to receive(:write_file).with(Gcs::DEFAULT_REPORT_NAME, {}, Pathname.pwd, nil)
+        expect(Gcs.logger).to receive(:debug).with(match(/Allowlist failed with /))
+
+        convert
+      end
+    end
+
+    context 'with allow list file' do
+      let(:allow_list_file) { fixture_file('vulnerability-allowlist.yml').to_s }
+
+      before do
+        allow(Gcs::AllowList).to receive(:file_path).and_return(allow_list_file)
+      end
+
+      include_examples 'QUIET mode'
+
+      specify do
+        expect(Gcs::Util).to receive(:write_table).with({}, instance_of(Gcs::AllowList))
+        expect(Gcs::Util).to receive(:write_file).with(Gcs::DEFAULT_REPORT_NAME, {},
+                                                       Pathname.pwd,
+                                                       instance_of(Gcs::AllowList))
+
+        expect(Gcs.logger).to receive(:info).with(match(/Using allowlist /))
+
+        convert
+      end
+    end
+
+    context 'without allow list file' do
+      before do
+        allow(Gcs::AllowList).to receive(:file_path).and_return('nonexisting-file-allowlist.yml')
+      end
+
+      include_examples 'QUIET mode'
+
+      specify do
+        expect(Gcs::Util).to receive(:write_table).with({}, nil)
+        expect(Gcs::Util).to receive(:write_file).with(Gcs::DEFAULT_REPORT_NAME, {}, Pathname.pwd, nil)
+        expect(Gcs.logger).to receive(:debug).with(match(/Allowlist failed with /))
 
         convert
       end