Merge branch '212923-bower-small' into 'master'v3.9.2

Provide Bower with a `bower_ca` variable when a custom CA is specified.

See merge request gitlab-org/security-products/license-management!151

6 files changed, 63 insertions, 9 deletions

diff --git a/spec/fixtures/java/custom-maven-settings.xml b/spec/fixtures/java/custom-maven-settings.xml
index 4fa5d16..b7dbb1c 100644
--- a/spec/fixtures/java/custom-maven-settings.xml
+++ b/spec/fixtures/java/custom-maven-settings.xml
@@ -8,7 +8,7 @@
       <repositories>
         <repository>
           <id>gitlab-maven</id>
-          <url>https://gitlab.com/api/v4/projects/17523603/packages/maven</url>
+          <url>https://gitlab.com/api/v4/projects/6130122/packages/maven</url>
         </repository>
       </repositories>
     </profile>
diff --git a/spec/fixtures/java/example/pom.xml b/spec/fixtures/java/example/pom.xml
new file mode 100644
index 0000000..b59f809
--- /dev/null
+++ b/spec/fixtures/java/example/pom.xml
@@ -0,0 +1,39 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <groupId>com.gitlab.secure</groupId>
+  <artifactId>example</artifactId>
+  <packaging>jar</packaging>
+  <version>1.0</version>
+  <name>example</name>
+  <url>http://maven.apache.org</url>
+  <licenses>
+    <license>
+      <name>MIT</name>
+      <url>https://opensource.org/licenses/MIT</url>
+    </license>
+  </licenses>
+  <dependencies>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>3.8.1</version>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+  <repositories>
+    <repository>
+      <id>gitlab-maven</id>
+      <url>https://gitlab.com/api/v4/projects/6130122/packages/maven</url>
+    </repository>
+  </repositories>
+  <distributionManagement>
+    <repository>
+      <id>gitlab-maven</id>
+      <url>https://gitlab.com/api/v4/projects/6130122/packages/maven</url>
+    </repository>
+    <snapshotRepository>
+      <id>gitlab-maven</id>
+      <url>https://gitlab.com/api/v4/projects/6130122/packages/maven</url>
+    </snapshotRepository>
+  </distributionManagement>
+</project>
diff --git a/spec/fixtures/java/example/settings.xml b/spec/fixtures/java/example/settings.xml
new file mode 100644
index 0000000..e84b931
--- /dev/null
+++ b/spec/fixtures/java/example/settings.xml
@@ -0,0 +1,15 @@
+<settings>
+  <servers>
+    <server>
+      <id>gitlab-maven</id>
+      <configuration>
+        <httpHeaders>
+          <property>
+            <name>Job-Token</name>
+            <value>${env.CI_JOB_TOKEN}</value>
+          </property>
+        </httpHeaders>
+      </configuration>
+    </server>
+  </servers>
+</settings>
diff --git a/spec/fixtures/java/pom-public-gitlab-repository.xml b/spec/fixtures/java/pom-public-gitlab-repository.xml
index 4e57c79..c39e703 100644
--- a/spec/fixtures/java/pom-public-gitlab-repository.xml
+++ b/spec/fixtures/java/pom-public-gitlab-repository.xml
@@ -8,9 +8,9 @@
   <url>http://maven.apache.org</url>
   <dependencies>
     <dependency>
-      <groupId>com.gitlab.xlgmokha</groupId>
-      <artifactId>mvn-spike</artifactId>
-      <version>1.2-SNAPSHOT</version>
+      <groupId>com.gitlab.secure</groupId>
+      <artifactId>example</artifactId>
+      <version>1.0</version>
     </dependency>
   </dependencies>
 </project>
diff --git a/spec/integration/java/maven_spec.rb b/spec/integration/java/maven_spec.rb
index f14e566..d45c99d 100644
--- a/spec/integration/java/maven_spec.rb
+++ b/spec/integration/java/maven_spec.rb
@@ -9,12 +9,12 @@ RSpec.describe "maven" do
       runner.add_file('pom.xml', fixture_file_content('java/pom-public-gitlab-repository.xml'))
 
       report = runner.scan(env: {
-        'CI_PROJECT_ID' => '17523603'
+        'CI_PROJECT_ID' => '6130122'
       })
 
       expect(report).to match_schema(version: '2.0')
-      expect(report.dependency_names).to match_array(['mvn-spike'])
-      expect(report.licenses_for('mvn-spike')).to match_array(['MIT'])
+      expect(report.dependency_names).to match_array(['example'])
+      expect(report.licenses_for('example')).to match_array(['MIT'])
     end
 
     it 'downloads packages from by using a custom `settings.xml`' do
@@ -27,7 +27,7 @@ RSpec.describe "maven" do
       })
 
       expect(report).to match_schema(version: '2.0')
-      expect(report[:dependencies]).to match_array([{ name: 'mvn-spike', url: '', description: '', paths: ['.'], licenses: ['MIT'] }])
+      expect(report[:dependencies]).to match_array([{ name: 'example', url: '', description: '', paths: ['.'], licenses: ['MIT'] }])
     end
   end
 
diff --git a/spec/integration/js/bower_spec.rb b/spec/integration/js/bower_spec.rb
index 2127c2e..2fe2883 100644
--- a/spec/integration/js/bower_spec.rb
+++ b/spec/integration/js/bower_spec.rb
@@ -22,7 +22,7 @@ RSpec.describe "bower" do
     specify { expect(subject.licenses_for('stimulus.umd')).to match_array(['unknown']) }
   end
 
-  context "when scanning a bower project with a dependency from a custom registry" do
+  context "when scanning a bower project with a dependency from a custom npm registry" do
     subject { runner.scan(env: { 'ADDITIONAL_CA_CERT_BUNDLE' => fixture_file_content('js/custom-npm.crt') }) }
 
     before do