Merge branch '199078-docker-lf-6' into 'master'v2.6.0

Upgrade to version 6.0.0 of the Docker image See merge request gitlab-org/security-products/license-management!115
author: mo khan <mo.khan@gmail.com> 2020-02-26 18:34:22 +0000
committer: mo khan <mo.khan@gmail.com> 2020-02-26 18:34:22 +0000
commit: c459a6d76a0f540ac4c5345d6f6124769aa55184 (patch)
tree: 425505aa058ec6aae9e7f79c0219331c4d64e26d
parent: 39afdc40296871d9f7c1732ff3f7e1e3b7b28bbe (diff)
parent: d1ad4a02f760f654686ceb82933a9b99bf978a82 (diff)
6 files changed, 61 insertions, 13 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1d5aae6..2cebfd1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # GitLab License management changelog
 
+## v2.6.0
+
+- Upgrade to license finder 6.0.0 docker image (!115)
+
 ## v2.5.2
 
 - Exclude development/test dependencies by default (!117)
diff --git a/Dockerfile b/Dockerfile
index 0cda3fd..223e802 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,13 +1,8 @@
-FROM licensefinder/license_finder:5.11.1
+FROM licensefinder/license_finder:6.0.0
 ENV PATH="${PATH}:/root/.asdf/shims:/root/.asdf/bin"
 ENV LM_HOME=/opt/license-management
 ENV LM_PYTHON_VERSION 3
 ENV LM_REPORT_VERSION ${LM_REPORT_VERSION:-2}
-RUN cd /tmp && \
-    wget --quiet --no-cookies https://github.com/AdoptOpenJDK/openjdk11-binaries/releases/download/jdk-11.0.5%2B10/OpenJDK11U-jdk_x64_linux_hotspot_11.0.5_10.tar.gz -O jdk-11.tgz && \
-    tar xf /tmp/jdk-11.tgz && \
-    mv jdk-11.0.5+10 /usr/lib/jvm/adoptopen_jdk11 && \
-    rm /tmp/jdk-11.tgz
 RUN npm install npm-install-peers
 
 # Don't let Rubygem fail with the numerous projects using PG or MySQL,
@@ -17,6 +12,7 @@ RUN add-apt-repository ppa:ondrej/php -y && apt-get update -y && \
     apt-get upgrade -y --no-install-recommends && \
     apt-get install -y --no-install-recommends \
     bsdmainutils \
+    jq \
     libjpeg8-dev \
     zlib1g-dev \
     libpq-dev libmysqlclient-dev realpath \
@@ -24,12 +20,19 @@ RUN add-apt-repository ppa:ondrej/php -y && apt-get update -y && \
     git clone --depth 1 --branch v0.7.6 https://github.com/asdf-vm/asdf.git $HOME/.asdf && \
     echo 'pip' >> $HOME/.default-python-packages && \
     echo 'setuptools' >> $HOME/.default-python-packages && \
+    echo 'conan' >> $HOME/.default-python-packages && \
     echo '\n. $HOME/.asdf/asdf.sh' >> $HOME/.bashrc && \
+    echo 'legacy_version_file = yes' > $HOME/.asdfrc && \
+    asdf plugin-add java && \
     asdf plugin-add python && \
+    echo 'java adopt-openjdk-8u242-b08 adopt-openjdk-11.0.6+10' >> $HOME/.tool-versions && \
     echo 'python 3.8.1 3.5.9 2.7.17' >> $HOME/.tool-versions && \
     asdf install && \
     asdf global python 3.8.1 && \
+    asdf global java adopt-openjdk-8u242-b08 && \
     asdf reshim && \
+    bash -lc "gem install --no-document 'bundler:~> 1.7' 'bundler:~> 2.0'" && \
+    rm -fr /opt/jdk* && \
     rm -rf /var/lib/apt/lists/*
 
 COPY config/NuGet /root/.config/NuGet
diff --git a/Gemfile.lock b/Gemfile.lock
index 66377a0..0dc8334 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    license-management (2.5.2)
+    license-management (2.6.0)
       license_finder (~> 6.0.0)
 
 GEM
diff --git a/README.md b/README.md
index 904d490..b976fb7 100644
--- a/README.md
+++ b/README.md
@@ -38,12 +38,18 @@ You can then run License Management on some target directory:
 docker run --rm --volume "/path/to/my/project":/code license-management analyze /code
 ```
 
-You can run integration tests on the image like this:
+You can run the QA tests using the following command:
 
 ```sh
 ./bin/test-all
 ```
 
+Or you can run a specific QA test using the following command:
+
+```sh
+QA_PROJECT=project_name QA_REF=git_ref ./bin/test
+```
+
 where:
 
 - `project_name` is the project slug among the
@@ -105,7 +111,6 @@ or its shorthand form (`--env MY_SETTING_VAR`) if the configuration comes from a
 *Tip:* in case you still need to run tests during license management check, supply `MAVEN_CLI_OPTS=-DskipTests=false`
 to the docker command.
 
-
 ## Versioning and release process
 
 1. Create a new entry in the `.gitlab/release.yml` file for the new version to release.
@@ -126,6 +131,37 @@ to the docker command.
 
 Please check the [Release Process documentation](https://gitlab.com/gitlab-org/security-products/release/blob/master/docs/release_process.md).
 
+## Upgrading to the latest version of LicenseFinder
+
+The License Management projects depends on two different upstream components.
+
+1. The [LicenseFinder](https://rubygems.org/gems/license_finder) Ruby gem.
+2. The [LicenseFinder](https://hub.docker.com/r/licensefinder/license_finder) Docker image.
+
+Upgrading each can be performed as two separate changes and do not need to occur simultaneously,
+unless a new package manager has been added and additional tooling needs to be installed.
+
+### Upgrading the Ruby gem
+
+1. Check for the latest version of `LicenseFinder` at [https://rubygems.org/gems/license_finder](https://rubygems.org/gems/license_finder)
+1. Check the version of the `license_finder` gem that is currently being used in the `Gemfile.lock`. E.g. [here](https://gitlab.com/gitlab-org/security-products/license-management/-/blob/39afdc40296871d9f7c1732ff3f7e1e3b7b28bbe/Gemfile.lock#L15)
+1. If an update is available, create a new branch
+1. Bump the license management version in [CHANGELOG.md](https://gitlab.com/gitlab-org/security-products/license-management/-/blob/master/CHANGELOG.md) and in [version.rb](https://gitlab.com/gitlab-org/security-products/license-management/-/blob/master/lib/license/management/version.rb)
+1. Update the `license_finder` version constraint in the [gemspec](https://gitlab.com/gitlab-org/security-products/license-management/-/blob/39afdc40296871d9f7c1732ff3f7e1e3b7b28bbe/license-management.gemspec#L30).
+1. Run `bundle update license_finder`
+1. Test the changes locally using the `bin/test-all` script.
+1. Submit a merge request.
+
+### Upgrading the Docker image
+
+1. Check for the latest version of `LicenseFinder` at [https://hub.docker.com/r/licensefinder/license_finder/tags](https://hub.docker.com/r/licensefinder/license_finder/tags)
+1. Check the version of `license_finder` docker image that is currently being used in the `Dockerfile`. E.g. [here](https://gitlab.com/gitlab-org/security-products/license-management/-/blob/39afdc40296871d9f7c1732ff3f7e1e3b7b28bbe/Dockerfile#L1)
+1. If an update is available, create a branch
+1. Bump the license management version in [CHANGELOG.md](https://gitlab.com/gitlab-org/security-products/license-management/-/blob/master/CHANGELOG.md) and in [version.rb](https://gitlab.com/gitlab-org/security-products/license-management/-/blob/master/lib/license/management/version.rb)
+1. Edit the version specified in the `DockerFile` to match the desired `license_finder` Docker image tag.
+1. Test the changes locally using the `bin/test-all` script.
+1. Submit a merge request.
+
 # Contributing
 
 If you want to help, read the [contribution guidelines](CONTRIBUTING.md).
diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb
index ab693f3..5623e68 100644
--- a/lib/license/management/version.rb
+++ b/lib/license/management/version.rb
@@ -2,6 +2,6 @@
 
 module License
   module Management
-    VERSION = '2.5.2'
+    VERSION = '2.6.0'
   end
 end
diff --git a/run.sh b/run.sh
index 8c7389b..05e336f 100755
--- a/run.sh
+++ b/run.sh
@@ -78,13 +78,14 @@ case "$LM_PYTHON_VERSION" in
   "3")
     echo "switching to python $LM_PYTHON_VERSION"
     LICENSE_FINDER_CLI_OPTS="--python-version 3 $LICENSE_FINDER_CLI_OPTS"
+    asdf shell python "$(asdf list python | awk '{ print $1 }' | grep '^3' | sort -rn | head -n1)"
     pip --version
     ;;
 
   "3.5")
     echo "switching to python $LM_PYTHON_VERSION"
     LICENSE_FINDER_CLI_OPTS="--python-version 3 $LICENSE_FINDER_CLI_OPTS"
-    asdf shell python 3.5.9
+    asdf shell python "$(asdf list python | awk '{ print $1 }' | grep '^3.5')"
     pip --version
     ;;
 
@@ -109,7 +110,10 @@ case "$COMMAND" in
     shift
     pushd $APP_PATH > /dev/null
 
+    asdf list
+    asdf current
     if [[ -z "${SETUP_CMD}" ]]; then
+        asdf install
         # Before running license_finder, we need to install dependencies for the project.
         if test -f Gemfile ; then
           if test -n "$rvm_recommended_ruby" ; then
@@ -163,10 +167,11 @@ case "$COMMAND" in
         fi
 
         if [[ ${LM_JAVA_VERSION} = "11" ]]; then
-          JAVA_HOME=/usr/lib/jvm/adoptopen_jdk11
+          asdf shell java "$(asdf list java | awk '{ print $1 }' | grep '^adopt-openjdk-11')"
         elif [[ ${LM_JAVA_VERSION} = "8" ]]; then
-          JAVA_HOME=/usr/lib/jvm/oracle_jdk8
+          asdf shell java "$(asdf list java | awk '{ print $1 }' | grep '^adopt-openjdk-8')"
         fi
+        export JAVA_HOME=$(asdf where java)
 
         if test -f pom.xml ; then
           # Install Java Maven dependencies.
author	mo khan <mo.khan@gmail.com>	2020-02-26 18:34:22 +0000
committer	mo khan <mo.khan@gmail.com>	2020-02-26 18:34:22 +0000
commit	c459a6d76a0f540ac4c5345d6f6124769aa55184 (patch)
tree	425505aa058ec6aae9e7f79c0219331c4d64e26d
parent	39afdc40296871d9f7c1732ff3f7e1e3b7b28bbe (diff)
parent	d1ad4a02f760f654686ceb82933a9b99bf978a82 (diff)