License report & automatic LICENSE content check
#54
Conversation
|
Only the last two commits actually belong to this PR:
|
snazy
force-pushed
the
license-report-notice-check
branch
from
3cfc906
to
e70f1a5
Compare
snazy
changed the title
NOTICE content checkLICENSE content check
snazy
force-pushed
the
license-report-notice-check
branch
3 times, most recently
from
16605b2
to
b622b0b
Compare
|
/cc @jbonofre |
snazy
force-pushed
the
license-report-notice-check
branch
from
b622b0b
to
befed2c
Compare
snazy
force-pushed
the
license-report-notice-check
branch
from
befed2c
to
346f06e
Compare
snazy
requested review from
jbonofre,
ashvina,
RussellSpitzer,
vvcephei and
jackye1995
as code owners
snazy
force-pushed
the
license-report-notice-check
branch
4 times, most recently
from
ed95168
to
2214ad4
Compare
| fun needsNoMention(license: String?): Boolean = license != null && (license.contains("Apache")) | ||
|
|
||
| fun needsMention(license: String?): Boolean = | ||
| license != null && |
There was a problem hiding this comment.
Could do Set: NeedsMentionLicenses.contains(license) instead of || chain
| plugins { id("com.github.jk1.dependency-license-report") } | ||
|
|
||
| afterEvaluate { | ||
| // Need to configure after evaluation, because the spark-extensions project use a custom |
There was a problem hiding this comment.
Comment from another project I think, shouldn't apply here
There was a problem hiding this comment.
yup - copy-paste left-over
| renderers = | ||
| arrayOf(InventoryHtmlReportRenderer("index.html"), JsonReportRenderer(), XmlReportRenderer()) | ||
| excludeBoms = true | ||
| excludes = |
There was a problem hiding this comment.
I'm not sure these excludes are relevant to Polaris (yet)
| "io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha" | ||
| ) | ||
| outputDir = "${project.layout.buildDirectory.get()}/reports/dependency-license" | ||
| excludeGroups = arrayOf("org.projectnessie.nessie", "org.projectnessie.nessie-integrations") |
There was a problem hiding this comment.
Not relevant to this project as well
snazy
force-pushed
the
license-report-notice-check
branch
from
2214ad4
to
bc0dd26
Compare
|
|
||
| import org.gradle.kotlin.dsl.support.unzipTo | ||
|
|
||
| val licenseReports by configurations.creating { description = "Used to reference license reports" } |
There was a problem hiding this comment.
"Used to generate reference license reports"
| @@ -0,0 +1,117 @@ | |||
| /* | |||
| * Copyright (c) 2024 Snowflake Computing Inc. | |||
There was a problem hiding this comment.
Shouldn't this be the Apache license here?
| import org.gradle.api.GradleException | ||
|
|
||
| /** | ||
| * Validates that all dependencies with MIT/BSD/Go/UPL/ISC licenses, which do not have an Apache |
There was a problem hiding this comment.
Comment is no longer accurate
| @@ -28,6 +28,10 @@ swagger = "1.6.14" | |||
|
|
|||
|
|
|||
| [libraries] | |||
| # | |||
| # If a dependency is removed, check whether the LICENSE and/or NOTICE files need to be adopted | |||
There was a problem hiding this comment.
Couldn't we just automatically check whether or not our license file matches our dependencies ? We could always do this in a future PR
| @@ -0,0 +1,96 @@ | |||
| { | |||
There was a problem hiding this comment.
This is probably a feature for the plugin and not our build, but it would be great if this json could include the rules for license reproduction rather than us coding it ourselves. (IE. Apache needs x type license, MIT needs full repro, etc ...)
| @@ -0,0 +1,59 @@ | |||
| /* | |||
| * Copyright (c) 2024 Snowflake Computing Inc. | |||
There was a problem hiding this comment.
We can update the header here.
| @@ -0,0 +1,117 @@ | |||
| /* | |||
| * Copyright (c) 2024 Snowflake Computing Inc. | |||
snazy
force-pushed
the
license-report-notice-check
branch
from
bc0dd26
to
8797220
Compare
|
@snazy There are still some Snowflake headers in there, could you please tidy them up? |
snazy
force-pushed
the
license-report-notice-check
branch
from
2cd772e
to
267030d
Compare
snazy
force-pushed
the
license-report-notice-check
branch
from
267030d
to
6d709a8
Compare
|
Ping @RussellSpitzer |
|
Thanks @snazy! |
Adds a Gradle plugin to generate license reports, which is then used for two purposes:
LICENSEare mentioned thereThe Gradle
checktask depends on the "dependencies to mention in LICENSE" - so CI will fail if a dependency isn't mentioned there. Those are dependencies that are not licensed as Apache and are either MIT, BSD, Go, ISC or "Universal Permissive".The licence report is generated as HTML and packed as a ZIP file for each Gradle project that is considered a distribution (currently only
:polaris-service).A new project
aggregated-license-reportis there to collect the NOTICE + LICENSE files and all individual projects' license reports and add those to a single ZIP file.This PR is a port of the same functionality that Nessie used for quite a while now.
Depends on #10 and #53