Follow-up from "Remove support for license scanning artifact"
The following discussion from !129097 (merged) should be addressed:
-
@hacks4oats started a discussion: (+1 comment) question(blocking): How does it find
BSD-4-Clause
when it only adds theBSD
license?I apologize if I'm missing context about how this is resolved. I also checked the SPDX license URL and noticed that the link is broken. Is this a known issue or does this only happen in the spec? From my limited understanding, I think the spec should look like the following:
create(:pm_package_version_license, :with_all_relations, name: "nokogiri", purl_type: "gem", version: "1.8.0", license_name: "BSD-4-Clause") pipeline.builds << build get project_dependencies_path(project, format: :json) end it 'includes license information in response' do nokogiri = json_response['dependencies'].find { |dep| dep['name'] == 'nokogiri' } url = "https://spdx.org/licenses/BSD-4-Clause.html" expect(nokogiri['licenses']).to include({ "name" => "BSD-4-Clause", "url" => url }) end
I might be missing some context here, so I apologize.
🙇
The link produced in the spec is invalid and navigating to it leads to a 4XX response page. This should be investigated and remediated so that we ensure license links are valid.
/cc @brytannia