-
Notifications
You must be signed in to change notification settings - Fork 339
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add generate third party licenses #799
Add generate third party licenses #799
Conversation
truncate -s 0 "${license_file}" | ||
{ | ||
# The apache 2.0 license doesn't get modified with a copywrite. To reduce duplication, add attribution for each project using the license, but include the license text just once. | ||
go-licenses report --template="${root}/scripts/third_party_licenses/apache.tpl" --ignore github.com/awslabs/amazon-ecr-credential-helper/ecr-login ./... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some projects might have dual/multi licenses, with one being Apache 2.0. This approach would avoid copying those extra licenses, but I guess we don't really care as long as one is Apache 2.0 that's fine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We might want to double check this, but I think the project would just show up in the list twice. Once under the Apache section, and a second time with its other license.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It might be a limitation of the go-licenses tool. See google/go-licenses#117
6e41943
to
b305079
Compare
This change is a raw important of the third party license generation code from https://github.com/awslabs/soci-snapshotter/tree/be8940b39667bc3975cf7ea8a71177e4bfb5f6e0 Signed-off-by: Austin Vazquez <[email protected]>
Signed-off-by: Austin Vazquez <[email protected]>
This change updates the repo's THIRD-PARTY-LICENSES file for the latest dependencies. Signed-off-by: Austin Vazquez <[email protected]>
e21aa2d
to
3f5e467
Compare
This change adds 3rd party license checks to CI to ensure only pre-approved licenses are used by the Amazon ECR credential helper project. Signed-off-by: Austin Vazquez <[email protected]>
3f5e467
to
2416e54
Compare
@pendo324, @Kern--, please review. I was unable to solve the dual license problem. The workaround I am proposing is to include a license check in GitHub Actions CI which will fail if a license is not pre-approved. Of our existing dependencies, 1 in 26 is dual licensed. See THIRD-PARTY-LICENSES for gopkg.in/yaml.v3 (a test dependency). Both licenses are being listed in the third party licenses file currently. |
Note to maintainers: this change was drafted such that each change is buildable. Commits in this PR should not be squashed to preserve import of code from awslabs/soci-snapshotter project. |
Issue #, if available:
The repositories' THIRD-PARTY-LICENSE file is out of date with the list of dependencies used.
Description of changes:
This change imports third party licenses file generation from the SOCI project and modifies it based on the Amazon ECR credential helper project's needs. Additionally this change will add license checks such that only pre-approved licenses are used in the project. This will be checked in GitHub Actions CI.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.