From 6125f539b611a86942bd7e38f4b057a09ace81a8 Mon Sep 17 00:00:00 2001 From: Karl Isenberg Date: Tue, 8 Dec 2015 13:23:59 -0800 Subject: [PATCH] Add hack/update-godep-licenses.sh to generate Godeps/LICENSES.md - Add Godeps/LICENSES.md - Add verify-godep-licenses to verify that Godeps/LICENSES.md is up to date - Trigger verify-godep-licenses in the pre-commit hook only if the Godeps dir has changed - Exclude verify-godep-licenses in verify-all - Add verify-godep-licenses to make verify (used by travis) - Add verify-godep-licenses to shippable - Update dev docs to mention update-godep-licenses --- Godeps/LICENSES.md | 103 ++++++++++++++++++++++++++++++++++ Makefile | 1 + docs/devel/development.md | 6 +- hack/update-godep-licenses.sh | 44 +++++++++++++++ hack/verify-all.sh | 2 +- hack/verify-godep-licenses.sh | 49 ++++++++++++++++ hooks/pre-commit | 10 ++++ shippable.yml | 1 + 8 files changed, 214 insertions(+), 2 deletions(-) create mode 100644 Godeps/LICENSES.md create mode 100755 hack/update-godep-licenses.sh create mode 100755 hack/verify-godep-licenses.sh diff --git a/Godeps/LICENSES.md b/Godeps/LICENSES.md new file mode 100644 index 0000000000000..04ba00ebe8c2e --- /dev/null +++ b/Godeps/LICENSES.md @@ -0,0 +1,103 @@ +Dependency Licenses +------------------- + +Package | License +------- | ------- +bitbucket.org/bertimus9/systemstat | MITname +bitbucket.org/ww/goautoneg | spdxBSD3 +github.com/abbot/go-http-auth | Apache-2 +github.com/appc/cni | Apache-2 +github.com/appc/spec | Apache-2 +github.com/aws/aws-sdk-go | Apache-2 +github.com/beorn7/perks/quantile | MIT? +github.com/blang/semver | MITname +github.com/boltdb/bolt | MITname +github.com/bradfitz/http2 | BSDlikeRef +github.com/camlistore/camlistore/pkg/errorutil | Apache-2 +github.com/ClusterHQ/flocker-go | UNKNOWN +github.com/codegangsta/negroni | MITname +github.com/coreos/etcd | Apache-2 +github.com/coreos/go-etcd | Apache-2 +github.com/coreos/go-oidc | Apache-2 +github.com/coreos/go-semver | Apache-2 +github.com/coreos/go-systemd | Apache-2 +github.com/coreos/pkg | Apache-2 +github.com/coreos/rkt | Apache-2 +github.com/cpuguy83/go-md2man | MITname +github.com/davecgh/go-spew | MIToldwithoutSellandNoDocumentationRequi +github.com/daviddengcn/go-colortext | BSD? +github.com/dgrijalva/jwt-go | spdxMIT +github.com/docker/docker | Apache-2 +github.com/docker/docker/pkg/symlink | spdxBSD3 +github.com/docker/spdystream | Apache-2 +github.com/elazarl/go-bindata-assetfs | spdxBSD2 +github.com/elazarl/goproxy | BSDWarr +github.com/emicklei/go-restful | MITname +github.com/evanphx/json-patch | BSDWarr +github.com/fsouza/go-dockerclient | spdxBSD2 +github.com/garyburd/redigo/internal | ApachesPermLim +github.com/garyburd/redigo/redis | ApachesPermLim +github.com/ghodss/yaml | MITname +github.com/go-ini/ini | Apache-2 +github.com/godbus/dbus | spdxBSD2 +github.com/gogo/protobuf | spdxBSD3 +github.com/golang/glog | Apache-2 +github.com/golang/groupcache | Apache-2 +github.com/golang/protobuf | spdxBSD3 +github.com/google/btree | Apache-2 +github.com/google/cadvisor | Apache-2 +github.com/google/gofuzz | Apache-2 +github.com/gorilla/context | spdxBSD3 +github.com/gorilla/mux | spdxBSD3 +github.com/imdario/mergo | spdxBSD3 +github.com/inconshreveable/mousetrap | Apache-2 +github.com/influxdb/influxdb | MITname +github.com/jmespath/go-jmespath | Apache-2 +github.com/jonboulle/clockwork | Apache-2 +github.com/juju/ratelimit | LesserExceptionGPLVer3-TOOLONG +github.com/kardianos/osext | spdxBSD3 +github.com/kr/pty | spdxMIT +github.com/matttproud/golang_protobuf_extensions | Apache-2 +github.com/mesos/mesos-go | Apache-2 +github.com/miekg/dns | spdxBSD3 +github.com/mitchellh/mapstructure | MITname +github.com/mxk/go-flowrate | spdxBSD3 +github.com/onsi/ginkgo | spdxMIT +github.com/onsi/gomega | spdxMIT +github.com/opencontainers/runc | Apache-2 +github.com/pborman/uuid | spdxBSD3 +github.com/prometheus/client_golang | Apache-2 +github.com/prometheus/client_model | Apache-2 +github.com/prometheus/common/expfmt | Apache-2 +github.com/prometheus/common/model | Apache-2 +github.com/prometheus/procfs | Apache-2 +github.com/rackspace/gophercloud | Apache-2 +github.com/russross/blackfriday | AsIsVariant2-TOOLONG +github.com/samuel/go-zookeeper | spdxBSD3 +github.com/scalingdata/gcfg | spdxBSD2 +github.com/seccomp/libseccomp-golang | AllRights-TOOLONG +github.com/shurcooL/sanitized_anchor_name | MIT? +github.com/Sirupsen/logrus | MITname +github.com/skynetservices/skydns | MITname +github.com/spf13/cobra | Apache-2 +github.com/spf13/pflag | spdxBSD3 +github.com/stretchr/objx | MIT? +github.com/stretchr/testify | MIT? +github.com/syndtr/gocapability | spdxBSD2 +github.com/ugorji/go | MITname +github.com/vishvananda/netlink | Apache-2 +github.com/xiang90/probing | MITname +github.com/xyproto/simpleredis | MITname +golang.org/x/crypto | spdxBSD3 +golang.org/x/exp | spdxBSD3 +golang.org/x/net | spdxBSD3 +golang.org/x/oauth2 | spdxBSD3 +golang.org/x/sys | spdxBSD3 +golang.org/x/tools | spdxBSD3 +google.golang.org/api | spdxBSD3 +google.golang.org/cloud | Apache-2 +google.golang.org/grpc | spdxBSD3 +gopkg.in/natefinch/lumberjack.v2 | MITname +gopkg.in/yaml.v2 | LesserExceptionGPLVer3-TOOLONG +k8s.io/heapster | Apache-2 +speter.net/go/exp/math/dec/inf | spdxBSD2 diff --git a/Makefile b/Makefile index b9e5bd5806791..61e5039350ab1 100644 --- a/Makefile +++ b/Makefile @@ -52,6 +52,7 @@ verify: hack/verify-linkcheck.sh hack/verify-flags-underscore.py hack/verify-godeps.sh $(BRANCH) + hack/verify-godep-licenses.sh $(BRANCH) .PHONY: verify # Build and run tests. diff --git a/docs/devel/development.md b/docs/devel/development.md index 27ce1b8a63304..95dccaa930c40 100644 --- a/docs/devel/development.md +++ b/docs/devel/development.md @@ -219,7 +219,7 @@ _If `go get -u path/to/dependency` fails with compilation errors, instead try `g to fetch the dependencies without compiling them. This can happen when updating the cadvisor dependency._ -5) Before sending your PR, it's a good idea to sanity check that your Godeps.json file is ok by running hack/verify-godeps.sh +5) Before sending your PR, it's a good idea to sanity check that your Godeps.json file is ok by running `hack/verify-godeps.sh` _If hack/verify-godeps.sh fails after a `godep update`, it is possible that a transitive dependency was added or removed but not updated by godeps. It then may be necessary to perform a `godep save ./...` to pick up the transitive dependency changes._ @@ -228,6 +228,10 @@ It is sometimes expedient to manually fix the /Godeps/godeps.json file to minimi Please send dependency updates in separate commits within your PR, for easier reviewing. +6) If you updated the Godeps, please also update `Godeps/LICENSES.md` by running `hack/update-godep-licenses.sh`. + +_If Godep does not automatically vendor the proper license file for a new dependency, be sure to add an exception entry to `hack/update-godep-licenses.sh`._ + ## Unit tests ```sh diff --git a/hack/update-godep-licenses.sh b/hack/update-godep-licenses.sh new file mode 100755 index 0000000000000..9f9b39857c08f --- /dev/null +++ b/hack/update-godep-licenses.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +# Copyright 2015 The Kubernetes Authors All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Update the Godeps/LICENSES.md document. +# Generates a table of Godep dependencies and their license. +# Requires: +# docker +# mesosphere/godep-licenses (docker image) - source: https://github.com/mesosphere/godep-licenses +# Usage: +# Run every time a license file is added/modified within /Godeps to update /Godeps/LICENSES.md. +# Add exceptions (-e :) for any dependency (project) vendored by Godep +# that has a known license that isn't vendored by Godep or can't be found by godep-licenses. + +set -o errexit +set -o nounset +set -o pipefail + +KUBE_ROOT="${KUBE_ROOT:-$(cd "$(dirname "${BASH_SOURCE}")/.." && pwd -P)}" + +cd "${KUBE_ROOT}" + +exec docker run --rm -i -v "${KUBE_ROOT}:/repo" mesosphere/godep-licenses:latest -p /repo \ + -e github.com/abbot/go-http-auth:Apache-2 \ + -e github.com/beorn7/perks/quantile:MIT? \ + -e github.com/daviddengcn/go-colortext:BSD? \ + -e github.com/docker/docker/pkg/symlink:spdxBSD3 \ + -e github.com/shurcooL/sanitized_anchor_name:MIT? \ + -e github.com/spf13/cobra:Apache-2 \ + -e github.com/stretchr/objx:MIT? \ + -e github.com/stretchr/testify:MIT? \ + -o md > Godeps/LICENSES.md diff --git a/hack/verify-all.sh b/hack/verify-all.sh index f30eecdcc01e5..99f151311f7ef 100755 --- a/hack/verify-all.sh +++ b/hack/verify-all.sh @@ -60,7 +60,7 @@ if $SILENT ; then fi # remove protobuf until it is part of direct generation -EXCLUDE="verify-godeps.sh verify-generated-protobuf.sh" +EXCLUDE="verify-godeps.sh verify-godep-licenses.sh verify-generated-protobuf.sh" ret=0 for t in `ls $KUBE_ROOT/hack/verify-*.sh` diff --git a/hack/verify-godep-licenses.sh b/hack/verify-godep-licenses.sh new file mode 100755 index 0000000000000..56b3eba7b6538 --- /dev/null +++ b/hack/verify-godep-licenses.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +# Copyright 2015 The Kubernetes Authors All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit +set -o nounset +set -o pipefail + +KUBE_ROOT="$(cd "$(dirname "${BASH_SOURCE}")/.." && pwd -P)" + +branch="${1:-master}" +# notice this uses ... to find the first shared ancestor +if ! git diff origin/"${branch}"...HEAD | grep 'Godeps/' > /dev/null; then + exit 0 +fi + +# create a nice clean place to put our new godeps +# must be in the user dir (e.g. KUBE_ROOT) in order for the docker volume mount to work with docker-machine on macs +_tmpdir="$(mktemp -d "${KUBE_ROOT}/kube-godep-licenses.XXXXXX")" +echo "Created workspace: ${_tmpdir}" +function cleanup { + echo "Removing workspace: ${_tmpdir}" + rm -rf "${_tmpdir}" +} +trap cleanup EXIT + +cp -r "${KUBE_ROOT}/Godeps" "${_tmpdir}/Godeps" + +# Update Godep Licenses +KUBE_ROOT="${_tmpdir}" "${KUBE_ROOT}/hack/update-godep-licenses.sh" + +# Compare Godep Licenses +if ! _out="$(diff -Naupr ${KUBE_ROOT}/Godeps/LICENSES.md ${_tmpdir}/Godeps/LICENSES.md)"; then + echo "Your godep licenses file is out of date. Run hack/update-godep-licenses.sh and commit the results." + echo "${_out}" + exit 1 +fi diff --git a/hooks/pre-commit b/hooks/pre-commit index 51225a40c908d..327c895417741 100755 --- a/hooks/pre-commit +++ b/hooks/pre-commit @@ -28,6 +28,16 @@ if [[ "${#files[@]}" -ne 0 ]]; then echo "${green}OK" fi echo "${reset}" + + echo -ne "Check if Godep licesnses are up to date..." + if ! OUT=$("hack/verify-godep-licenses.sh" 2>&1); then + echo + echo "${red}${OUT}" + exit_code=1 + else + echo "${green}OK" + fi + echo "${reset}" fi echo -ne "Checking for files that need gofmt... " diff --git a/shippable.yml b/shippable.yml index 0e95b0eebf979..614f65f2d6ebf 100644 --- a/shippable.yml +++ b/shippable.yml @@ -49,6 +49,7 @@ install: - ./hack/verify-description.sh - ./hack/verify-flags-underscore.py - ./hack/verify-godeps.sh ${BASE_BRANCH} + - ./hack/verify-godep-licenses.sh ${BASE_BRANCH} - ./hack/travis/install-std-race.sh - ./hack/verify-generated-conversions.sh - ./hack/verify-generated-deep-copies.sh