Set LICENSE_MANAGEMENT_VERSION to "removed"
What does this MR do and why?
Set CI variable LICENSE_MANAGEMENT_VERSION
to "removed"
, to execute a version of the license-finder
analyzer that always fails.
See #387558 (comment 1513808953)
Screenshots or screen recordings
It fails as it should, with the expected error message.
Before | After |
---|---|
How to set up and validate locally
- Create a project that's compatible with the
license-finder
analyzer. - Include https://gitlab.com/gitlab-org/gitlab/-/blob/387558-upgrade-to-license-finder-removed/lib/gitlab/ci/templates/Jobs/License-Scanning.gitlab-ci.yml
- For now we also have to set the
SECURE_ANALYZERS_PREFIX
variable to"registry.gitlab.com/gitlab-org/security-products/analyzers"
because the image hasn't been pushed toregistry.gitlab.com/security-products
. See gitlab-org/security-products/analyzers/license-finder!127 (comment 1513972767) - Pipeline fails.
-
license-scanning
fails w/ exit code1
. - It shows the expected error message.
- Tested in https://gitlab.com/gitlab-org/security-products/tests/ruby-bundler/-/jobs/4876206392#L26
-
- Set
LICENSE_MANAGEMENT_VERSION
to4
.-
license_scanning
is successful. - It uploads a License Scanning artifact report.
- Tested in https://gitlab.com/gitlab-org/security-products/tests/ruby-bundler/-/jobs/4876374748
-
See gitlab-org/security-products/tests/ruby-bundler!1298 (diffs)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #387558 (closed)
Edited by Fabien Catteau