Merge branch '217897-omnibus-lm' into 'master'v3.14.0

Install gem packages from a custom gem source See merge request gitlab-org/security-products/license-management!177
author: Can Eldem <celdem@gitlab.com> 2020-07-07 11:51:18 +0000
committer: Can Eldem <celdem@gitlab.com> 2020-07-07 11:51:18 +0000
commit: 31adddadee3b56d94356d178cc436fdc5dd7455c (patch)
tree: 785b0afbd0d59bc3d8e3a8b50b430bba1cd3274f /spec/integration/ruby
parent: 6beda629bccc8617812f7b04fc6c14f69a6b508e (diff)
parent: 7162e1ae684b44ec3fe6e56b98f9313c85ca88a6 (diff)
1 files changed, 77 insertions, 121 deletions
diff --git a/spec/integration/ruby/bundler_spec.rb b/spec/integration/ruby/bundler_spec.rb
index 428b357..6961067 100644
--- a/spec/integration/ruby/bundler_spec.rb
+++ b/spec/integration/ruby/bundler_spec.rb
@@ -1,148 +1,67 @@
 require 'spec_helper'
 
 RSpec.describe "bundler" do
+  subject { runner.scan(env: env) }
+
+  let(:env) { {} }
+
   include_examples "each report version", "ruby", "bundler"
 
   context "when the project depends on an older version of ruby specified in a `.ruby-version` file" do
-    it 'installs the required ruby and produces a valid report' do
-      runner.add_file('.ruby-version', 'ruby-2.4.9')
-      runner.add_file('Gemfile') do
-        <<~RAW
-source 'https://rubygems.org'
-
-gem 'saml-kit'
-        RAW
-      end
+    before do
+      runner.mount(dir: fixture_file('ruby/bundler-ruby-2.4.9-no-lockfile'))
+    end
 
-      report = runner.scan
-      expect(report).to match_schema
-      expect(report[:licenses]).not_to be_empty
-      expect(report[:dependencies].map { |x| x[:name] }).to include("saml-kit")
+    it 'installs the required ruby and produces a valid report' do
+      expect(subject).to match_schema
+      expect(subject[:licenses]).not_to be_empty
+      expect(subject[:dependencies].map { |x| x[:name] }).to include("saml-kit")
     end
   end
 
   context "when a project depends on an older version of bundler" do
-    it 'produces a valid report' do
-      runner.add_file('Gemfile') do
-        <<~RAW
-source 'https://rubygems.org'
-
-gem 'saml-kit'
-        RAW
-      end
-      runner.add_file('Gemfile.lock') do
-        <<~RAW
-GEM
-  remote: https://rubygems.org/
-  specs:
-    activemodel (6.0.2.1)
-      activesupport (= 6.0.2.1)
-    activesupport (6.0.2.1)
-      concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-      zeitwerk (~> 2.2)
-    builder (3.2.4)
-    concurrent-ruby (1.1.5)
-    i18n (1.7.1)
-      concurrent-ruby (~> 1.0)
-    mini_portile2 (2.4.0)
-    minitest (5.13.0)
-    net-hippie (0.2.7)
-    nokogiri (1.10.7)
-      mini_portile2 (~> 2.4.0)
-    saml-kit (1.1.0)
-      activemodel (>= 4.2.0)
-      net-hippie (~> 0.1)
-      xml-kit (>= 0.3.0, < 1.0.0)
-    thread_safe (0.3.6)
-    tilt (2.0.10)
-    tzinfo (1.2.6)
-      thread_safe (~> 0.1)
-    xml-kit (0.4.0)
-      activemodel (>= 4.2.0)
-      builder (~> 3.2)
-      nokogiri (~> 1.10)
-      tilt (>= 1.4.1)
-      xmldsig (~> 0.6)
-    xmldsig (0.6.6)
-      nokogiri (>= 1.6.8, < 2.0.0)
-    zeitwerk (2.2.2)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  saml-kit
-
-BUNDLED WITH
-   1.17.3
-        RAW
-      end
-
-      report = runner.scan
-
-      expect(report).to match_schema
-      expect(report[:licenses]).not_to be_empty
-      expect(report.dependency_names).to include("saml-kit")
+    before do
+      runner.mount(dir: fixture_file('ruby/bundler-v1.17'))
     end
-  end
 
-  context "when a project depends on bundler `~> 2.0`" do
     it 'produces a valid report' do
-      runner.add_file('Gemfile') do
-        <<~RAW
-source 'https://rubygems.org'
-
-gem 'net-hippie'
-        RAW
-      end
-      runner.add_file('Gemfile.lock') do
-        <<~RAW
-GEM
-  remote: https://rubygems.org/
-  specs:
-    net-hippie (0.3.2)
-
-PLATFORMS
-  ruby
-
-DEPENDENCIES
-  net-hippie
-
-BUNDLED WITH
-   2.1.4
-        RAW
-      end
+      expect(subject).to match_schema
+      expect(subject[:licenses]).not_to be_empty
+      expect(subject.dependency_names).to include("saml-kit")
+    end
+  end
 
-      report = runner.scan
+  context "when a project depends on bundler `~> 2.1`" do
+    before do
+      runner.mount(dir: fixture_file('ruby/bundler-v2.1'))
+    end
 
-      expect(report).to match_schema
-      expect(report[:licenses]).not_to be_empty
-      expect(report.find('net-hippie')).to eql({
-        name: 'net-hippie',
-        description: "net/http for hippies. ☮️",
-        url: "https://github.com/mokhan/net-hippie/",
-        paths: ['.'],
-        licenses: ['MIT']
-      })
+    it 'produces a valid report' do
+      expect(subject).to match_schema
+      expect(subject[:licenses]).not_to be_empty
+      expect(subject.dependency_names).to include('net-hippie')
+      expect(subject.licenses_for('net-hippie')).to match_array(['MIT'])
     end
   end
 
   context "when passing custom options to license finder" do
-    it 'forwards the options to license finder' do
-      report = runner.scan(env: {
+    let(:env) do
+      {
         'LICENSE_FINDER_CLI_OPTS' => "--debug --aggregate-paths=. ruby"
-      })
+      }
+    end
+
+    before do
+      runner.clone('https://gitlab.com/gitlab-org/gitaly.git', branch: 'v12.10.13')
+    end
 
-      expect(report).to match_schema
+    it 'forwards the options to license finder' do
+      expect(subject).to match_schema
+      expect(subject.dependency_names).to include('rbtrace')
     end
   end
 
   context "when parsing a project with versions of gems that conflict with license_finder" do
-    subject { runner.scan }
-
     before do
       runner.mount(dir: fixture_file('ruby/bundler-gem-conflict'))
     end
@@ -156,8 +75,6 @@ BUNDLED WITH
   end
 
   context "when scanning the `gitlab` project" do
-    subject { runner.scan }
-
     before do
       runner.clone('https://gitlab.com/gitlab-org/gitlab.git')
       system("rm #{runner.project_path}/config/dependency_decisions.yml")
@@ -171,4 +88,43 @@ BUNDLED WITH
       expect(subject.dependency_names).to include('vue')
     end
   end
+
+  context "when fetching dependencies from a custom registry" do
+    before do
+      add_host('rubygems.test', '127.0.0.1')
+      start_proxy_server
+      runner.mount(dir: fixture_file('ruby/bundler-custom-tls'))
+    end
+
+    context "when the CA certificate is provided" do
+      let(:env) { { 'ADDITIONAL_CA_CERT_BUNDLE' => x509_certificate('wildcard.test').read } }
+
+      specify do
+        expect(subject).to match_schema
+        expect(subject.dependency_names).to include("spandx")
+        expect(subject.licenses_for('spandx')).to match_array('MIT')
+      end
+    end
+
+    context "when the CA certificate is NOT provided" do
+      let(:env) { {} }
+
+      specify do
+        expect(subject).to match_schema
+        expect(subject.dependency_names).to be_empty
+      end
+    end
+  end
+
+  context "when fetching dependencies from a git repo" do
+    before do
+      runner.mount(dir: fixture_file('ruby/bundler-git-source'))
+    end
+
+    specify do
+      expect(subject).to match_schema
+      expect(subject.dependency_names).to include("net-hippie")
+      expect(subject.licenses_for('net-hippie')).to match_array(['MIT'])
+    end
+  end
 end
author	Can Eldem <celdem@gitlab.com>	2020-07-07 11:51:18 +0000
committer	Can Eldem <celdem@gitlab.com>	2020-07-07 11:51:18 +0000
commit	31adddadee3b56d94356d178cc436fdc5dd7455c (patch)
tree	785b0afbd0d59bc3d8e3a8b50b430bba1cd3274f /spec/integration/ruby
parent	6beda629bccc8617812f7b04fc6c14f69a6b508e (diff)
parent	7162e1ae684b44ec3fe6e56b98f9313c85ca88a6 (diff)