-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
License report & automatic LICENSE
content check
#54
Conversation
Only the last two commits actually belong to this PR:
|
3cfc906
to
e70f1a5
Compare
NOTICE
content checkLICENSE
content check
16605b2
to
b622b0b
Compare
/cc @jbonofre |
b622b0b
to
befed2c
Compare
befed2c
to
346f06e
Compare
ed95168
to
2214ad4
Compare
fun needsNoMention(license: String?): Boolean = license != null && (license.contains("Apache")) | ||
|
||
fun needsMention(license: String?): Boolean = | ||
license != null && |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could do Set: NeedsMentionLicenses.contains(license) instead of || chain
plugins { id("com.github.jk1.dependency-license-report") } | ||
|
||
afterEvaluate { | ||
// Need to configure after evaluation, because the spark-extensions project use a custom |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comment from another project I think, shouldn't apply here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yup - copy-paste left-over
renderers = | ||
arrayOf(InventoryHtmlReportRenderer("index.html"), JsonReportRenderer(), XmlReportRenderer()) | ||
excludeBoms = true | ||
excludes = |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure these excludes are relevant to Polaris (yet)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
true
"io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha" | ||
) | ||
outputDir = "${project.layout.buildDirectory.get()}/reports/dependency-license" | ||
excludeGroups = arrayOf("org.projectnessie.nessie", "org.projectnessie.nessie-integrations") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not relevant to this project as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also true
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have a few questions on this related to why we aren't including some elements in our license file.
There are also a few comments/ exclusions that I think are particular to Nessie where this was I think copied from that need to be cleaned up.
2214ad4
to
bc0dd26
Compare
|
||
import org.gradle.kotlin.dsl.support.unzipTo | ||
|
||
val licenseReports by configurations.creating { description = "Used to reference license reports" } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Used to generate reference license reports"
@@ -0,0 +1,117 @@ | |||
/* | |||
* Copyright (c) 2024 Snowflake Computing Inc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't this be the Apache license here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes correct
import org.gradle.api.GradleException | ||
|
||
/** | ||
* Validates that all dependencies with MIT/BSD/Go/UPL/ISC licenses, which do not have an Apache |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comment is no longer accurate
@@ -28,6 +28,10 @@ swagger = "1.6.14" | |||
|
|||
|
|||
[libraries] | |||
# | |||
# If a dependency is removed, check whether the LICENSE and/or NOTICE files need to be adopted |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Couldn't we just automatically check whether or not our license file matches our dependencies ? We could always do this in a future PR
@@ -0,0 +1,96 @@ | |||
{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is probably a feature for the plugin and not our build, but it would be great if this json could include the rules for license reproduction rather than us coding it ourselves. (IE. Apache needs x type license, MIT needs full repro, etc ...)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we just need to fix the Copyright notice on LicenseFileValidation.kt and the comment in the same file and we are good to merge here.
@@ -0,0 +1,59 @@ | |||
/* | |||
* Copyright (c) 2024 Snowflake Computing Inc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can update the header here.
@@ -0,0 +1,117 @@ | |||
/* | |||
* Copyright (c) 2024 Snowflake Computing Inc. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes correct
bc0dd26
to
8797220
Compare
@snazy There are still some Snowflake headers in there, could you please tidy them up? |
2cd772e
to
267030d
Compare
267030d
to
6d709a8
Compare
Ping @RussellSpitzer |
Thanks @snazy! |
Adds a Gradle plugin to generate license reports, which is then used for two purposes:
LICENSE
are mentioned thereThe Gradle
check
task depends on the "dependencies to mention in LICENSE" - so CI will fail if a dependency isn't mentioned there. Those are dependencies that are not licensed as Apache and are either MIT, BSD, Go, ISC or "Universal Permissive".The licence report is generated as HTML and packed as a ZIP file for each Gradle project that is considered a distribution (currently only
:polaris-service
).A new project
aggregated-license-report
is there to collect the NOTICE + LICENSE files and all individual projects' license reports and add those to a single ZIP file.This PR is a port of the same functionality that Nessie used for quite a while now.
Depends on #10 and #53