From 5896f9ddca486dfc76738849eae08f698ecb9c55 Mon Sep 17 00:00:00 2001 From: Ryan Ashcraft Date: Mon, 15 Apr 2024 16:01:50 -0400 Subject: [PATCH] #1 :truck: minor tweaks after moving repo for compliance --- .github/workflows/build.yaml | 23 ++- .github/workflows/release.yaml | 56 +++++++ README.md | 297 ++++++++++++++++++--------------- booz-allen-licenses/pom.xml | 1 + license.txt | 6 + pom.xml | 130 ++++++++++++--- 6 files changed, 345 insertions(+), 168 deletions(-) create mode 100644 .github/workflows/release.yaml create mode 100644 license.txt diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 69f58d9..e997a0e 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -6,7 +6,7 @@ # separate terms of service, privacy policy, and support # documentation. -name: Build Habushu +name: Build Booz Allen Maven Licenses on: push: @@ -20,19 +20,28 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - name: Setup Pyenv - uses: gabrielfalcao/pyenv-action@v16 + - uses: actions/checkout@v4 + - name: Install Python # use direct install rather than pyenv for CI for large speed improvement + uses: actions/setup-python@v5 + with: + python-version: '3.11.4' + - name: Load cached Poetry installation + id: cached-poetry + uses: actions/cache@v4 + with: + path: ~/.local + key: poetry-0 # increment to reset cache - name: Install Poetry + if: steps.cached-poetry.outputs.cache-hit != 'true' uses: snok/install-poetry@v1 - name: Set up JDK 11 - uses: actions/setup-java@v3 + uses: actions/setup-java@v4 with: java-version: '11' distribution: 'temurin' cache: maven - - name: Build habushu-maven-plugin - run: mvn -B install --file pom.xml + - name: Build booz-allen-maven-licenses + run: mvn -B install --file pom.xml -Dhabushu.usePyenv=false # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive - name: Update dependency graph diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..02077ac --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,56 @@ +# This workflow kicks off the releases a new version of booz-allen-licenses and deploys artifacts to Maven Central. + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +name: Release Booz Allen Licenses + +on: + workflow_dispatch: + inputs: + releaseVersion: + description: "Release version" + required: true + developmentVersion: + description: "Next development version" + required: true + +jobs: + release: + runs-on: ubuntu-latest + + steps: + - name: Check out code + uses: actions/checkout@v4 + - name: Install Python # use direct install rather than pyenv for CI for large speed improvement + uses: actions/setup-python@v5 + with: + python-version: '3.11.4' + - name: Install Poetry + uses: snok/install-poetry@v1 + - name: Set up JDK 11 + uses: actions/setup-java@v4 + with: + java-version: '11' + distribution: 'temurin' + server-id: 'ossrh' + server-username: MAVEN_USERNAME + server-password: MAVEN_PASSWORD + gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} + gpg-passphrase: GPG_PASSPHRASE + - name: Release Booz Allen Licenses + run: | + git config --local user.email "aissemble-noreply@bah.com" + git config --local user.name "Github Actions" + git checkout -b $1-release + mvn -B release:clean release:prepare release:perform -DreleaseVersion=$1 -DdevelopmentVersion=$2 + mvn versions:set -DnewVersion=$2 -DgenerateBackupPoms=false + mvn clean install + mvn scm:checkin -Dmessage=":arrow_up: push example modules to version $2" + env: + MAVEN_USERNAME: ${{ secrets.SONATYPE_CENTRAL_REPO_TOKEN_USER }} + MAVEN_PASSWORD: ${{ secrets.SONATYPE_CENTRAL_REPO_TOKEN_KEY }} + GPG_PASSPHRASE: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/README.md b/README.md index 5ce2532..3a30160 100644 --- a/README.md +++ b/README.md @@ -1,196 +1,215 @@ +[![Build](https://github.com/boozallen/booz-allen-maven-licenses/actions/workflows/build.yaml/badge.svg)](https://github.com/boozallen/booz-allen-maven-licenses/actions/workflows/build.yaml) + # license-maven-plugin -This project eases the specification and handling of Booz Allen IP rights within codebases. It serves two primary functions: + +This project eases the specification and handling of Booz Allen IP rights within codebases. It serves two primary +functions: + * Adding a copyright and license file into a project * Added header content with copyright and license info into appropriate files -It does this by providing a custom configuration Maven extension for the various Booz Allen specific license varieties that work with the standard +It does this by providing a custom configuration Maven extension for the various Booz Allen specific license varieties +that work with the standard MojoHaus license-maven-plugin that is commonly used throughout industry: -* Booz Allen Public License (BAPL) - allows government, non-profit academic, other non-profit, and commercial entities access to distinctive, - disruptive, and robust code with the goal of Empowering People to Change the World℠; products licensed under the Booz Allen Public License are + +* Booz Allen Public License (BAPL) - allows government, non-profit academic, other non-profit, and commercial entities + access to distinctive, + disruptive, and robust code with the goal of Empowering People to Change the World℠; products licensed under the Booz + Allen Public License are founded on the basis that collective ingenuity can make the largest impact in the community * Booz Allen Closed Source License - all rights are restricted * Booz Allen Government Use Rights - can be used by the Government in the execution of a specific contract -* Booz Allen Limited Government Use Rights - can be used by a specific organization within the Government for the execution of a specific contract +* Booz Allen Limited Government Use Rights - can be used by a specific organization within the Government for the + execution of a specific contract ## Usage -The following options cover the core use case, but [substantially more options exist within the MojoHaus licence-maven-plugin] -(https://www.mojohaus.org/license-maven-plugin/) as well. Please see their documentation for additional details on license reporting and more. +The following options cover the core use case, +but [substantially more options exist within the MojoHaus licence-maven-plugin](https://www.mojohaus.org/license-maven-plugin/) +as well. Please see their documentation for additional details on license reporting and more. ### Common Setup -It is recommended that you leverage Maven POM extension to ease your configuration as well as improve consistency. The following block can be added to Maven + +It is recommended that you leverage Maven POM extension to ease your configuration as well as improve consistency. The +following block can be added to Maven to provide basic setup: ```xml - ... - - - - - org.codehaus.mojo - license-maven-plugin - 2.4.0 - - - NAME OF LICENSE HERE - classpath://com/boozallen - - - - - update-file-header - - update-file-header - - process-sources - - true - true - - - - - update-project-license - - update-project-license - - - true - - - - - - com.boozallen.aissemble - booz-allen-licenses - ${project.version} - - - - - - - ... +... + + + + + org.codehaus.mojo + license-maven-plugin + 2.4.0 + + + NAME OF LICENSE HERE + classpath://com/boozallen + + + + + update-file-header + + update-file-header + + process-sources + + true + true + + + + + update-project-license + + update-project-license + + + true + + + + + + com.boozallen.aissemble + booz-allen-licenses + ${project.version} + + + + + + +... ``` Once the above block has been added to your root pom, you can use the following setup to support specific modules. ### Specifying the Appropriate License + The following options provides configuration details for each license type. #### Booz Allen Public License (BAPL) + Simply specify the following license name: ```xml - - org.codehaus.mojo - license-maven-plugin - ... - - booz-allen-public-license - ... - - + + org.codehaus.mojo + license-maven-plugin + ... + + booz-allen-public-license + ... + + ``` #### Booz Allen Closed Source + Simply specify the following license name: ```xml - - org.codehaus.mojo - license-maven-plugin - ... - - closed-source-license - ... - - + + org.codehaus.mojo + license-maven-plugin + ... + + closed-source-license + ... + + ``` #### Booz Allen Government Use -Simply specify the following license name and associated parameters that will be substituted into the license dynamically: + +Simply specify the following license name and associated parameters that will be substituted into the license +dynamically: ```xml - - org.codehaus.mojo - license-maven-plugin - ... - - government-client-use-license - - YOUR CONTRACT NUMBER - LICENSE NUMBER GRANTED BY LEGAL DEPARTMENT - - ... - - + + org.codehaus.mojo + license-maven-plugin + ... + + government-client-use-license + + YOUR CONTRACT NUMBER + LICENSE NUMBER GRANTED BY LEGAL DEPARTMENT + + ... + + ``` #### Booz Allen Limited Government Use -Simply specify the following license name and associated parameters that will be substituted into the license dynamically + +Simply specify the following license name and associated parameters that will be substituted into the license +dynamically ```xml - - org.codehaus.mojo - license-maven-plugin - ... - - limited-government-client-use-license - - YOUR CONTRACT NUMBER - LICENSE NUMBER GRANTED BY LEGAL DEPARTMENT - - - - CLIENT ORGANIZATION NAME - - + + org.codehaus.mojo + license-maven-plugin + ... + + limited-government-client-use-license + + YOUR CONTRACT NUMBER + LICENSE NUMBER GRANTED BY LEGAL DEPARTMENT + + + + CLIENT ORGANIZATION NAME + + ``` ### Activating for Specific Modules -#### Python Projects +#### Python Projects + This assumes the use of [Habushu](https://github.com/technologybrewery/habushu). Add the following snippet into each module that your want covered: ```xml - - ... - - ... - - org.codehaus.mojo - license-maven-plugin - - - LICENSE - - - - + + ... + + ... + + org.codehaus.mojo + license-maven-plugin + + + LICENSE + + + + ``` -#### Java Projects +#### Java Projects + Add the following snippet into each module that your want covered: ```xml - - ... - - ... - - org.codehaus.mojo - license-maven-plugin - - - -``` - -## Distribution Channel -This project creates a module that includes the custom Booz Allen license file options. \ No newline at end of file + + ... + + ... + + org.codehaus.mojo + license-maven-plugin + + + +``` \ No newline at end of file diff --git a/booz-allen-licenses/pom.xml b/booz-allen-licenses/pom.xml index a2614f1..8b3cab0 100644 --- a/booz-allen-licenses/pom.xml +++ b/booz-allen-licenses/pom.xml @@ -18,6 +18,7 @@ org.codehaus.mojo build-helper-maven-plugin + 3.5.0 add-resource diff --git a/license.txt b/license.txt new file mode 100644 index 0000000..9f964a2 --- /dev/null +++ b/license.txt @@ -0,0 +1,6 @@ +Copyright (C) 2021 Booz Allen Hamilton Inc. + +All Rights Reserved. You may not copy, reproduce, distribute, publish, display, +execute, modify, create derivative works of, transmit, sell or offer for resale, +or in any way exploit any part of this solution without Booz Allen Hamilton’s +express written permission. \ No newline at end of file diff --git a/pom.xml b/pom.xml index c4ed306..4338231 100644 --- a/pom.xml +++ b/pom.xml @@ -22,10 +22,17 @@ scm:git:https://github.com/boozallen/booz-allen-maven-licenses.git scm:git:https://github.com/boozallen/booz-allen-maven-licenses.git - ttps://github.com/boozallen/booz-allen-maven-licenses + https://github.com/boozallen/booz-allen-maven-licenses HEAD + + + ossrh + https://s01.oss.sonatype.org/content/repositories/releases/ + + + Booz Allen Hamilton Inc. https://www.boozallen.com @@ -37,6 +44,7 @@ aiSSEMBLE Baseline Community Booz Allen Hamilton https://boozallen.com + aissemble@bah.com @@ -52,7 +60,8 @@ 11 11 11 - 2.12.1 + UTF-8 + 2.13.0 @@ -61,6 +70,28 @@ + + + org.apache.maven.plugins + maven-enforcer-plugin + 3.4.1 + + + enforce-maven + + enforce + + + + + 3.6.3 + + + + + + + @@ -68,19 +99,45 @@ maven-compiler-plugin 3.13.0 + + org.apache.maven.plugins + maven-javadoc-plugin + 3.6.3 + org.apache.maven.plugins maven-resources-plugin 3.3.1 + + org.apache.maven.plugins + maven-source-plugin + 3.3.0 + + + org.apache.maven.plugins + maven-gpg-plugin + 3.2.2 + org.apache.maven.plugins maven-release-plugin 3.0.1 - :bookmark: [maven-release-plugin] - SemVerVersionPolicy - true + ossrh-release + + + + org.sonatype.plugins + nexus-staging-maven-plugin + ${version.nexus.staging.plugin} + + ossrh + https://s01.oss.sonatype.org/ + + true @@ -89,24 +146,53 @@ - ci + ossrh-release + + booz-allen-licenses + - - - - org.technologybrewery.habushu - habushu-maven-plugin - ${version.habushu.plugin} - - true - true - false - true - false - - - - + + + org.apache.maven.plugins + maven-source-plugin + + + attach-sources + + jar-no-fork + + + + + + org.apache.maven.plugins + maven-javadoc-plugin + + false + + + + attach-javadocs + + jar + + + + + + org.apache.maven.plugins + maven-gpg-plugin + + + sign-artifacts + verify + + sign + + + + +