(ozone) branch master updated: HDDS-9703. Check that dependencies have acceptable license (#5623)

[adoroszlai]

This is an automated email from the ASF dual-hosted git repository.

adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git


The following commit(s) were added to refs/heads/master by this push:
     new cff506b1b2 HDDS-9703. Check that dependencies have acceptable license 
(#5623)
cff506b1b2 is described below

commit cff506b1b23b0b3425af82b6c63b8c679cc3b774
Author: Doroszlai, Attila <6454655+adorosz...@users.noreply.github.com>
AuthorDate: Thu Nov 30 07:47:46 2023 +0100

    HDDS-9703. Check that dependencies have acceptable license (#5623)
---
 .github/workflows/ci.yml                           | 31 +++++++++
 hadoop-ozone/dev-support/checks/license.exceptions | 22 +++++++
 hadoop-ozone/dev-support/checks/license.sh         | 75 ++++++++++++++++++++++
 3 files changed, 128 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 617d1c9e3d..7696ffa925 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -312,6 +312,37 @@ jobs:
           name: dependency
           path: target/dependency
         continue-on-error: true
+  license:
+    needs:
+      - build-info
+      - build
+    runs-on: ubuntu-20.04
+    timeout-minutes: 15
+    if: needs.build-info.outputs.needs-dependency-check == 'true'
+    steps:
+      - name: Checkout project
+        uses: actions/checkout@v3
+      - name: Download Ozone repo
+        id: download-ozone-repo
+        uses: actions/download-artifact@v3
+        with:
+          name: ozone-repo
+          path: |
+            ~/.m2/repository/org/apache/ozone
+      - name: Execute tests
+        run: |
+          hadoop-ozone/dev-support/checks/${{ github.job }}.sh
+        continue-on-error: true
+      - name: Summary of failures
+        run: hadoop-ozone/dev-support/checks/_summary.sh target/${{ github.job 
}}/summary.txt
+        if: ${{ !cancelled() }}
+      - name: Archive build results
+        uses: actions/upload-artifact@v3
+        if: always()
+        with:
+          name: ${{ github.job }}
+          path: target/${{ github.job }}
+        continue-on-error: true
   acceptance:
     needs:
       - build-info
diff --git a/hadoop-ozone/dev-support/checks/license.exceptions 
b/hadoop-ozone/dev-support/checks/license.exceptions
new file mode 100644
index 0000000000..66f17fb670
--- /dev/null
+++ b/hadoop-ozone/dev-support/checks/license.exceptions
@@ -0,0 +1,22 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This file lists dependencies with acceptable license that
+# license-maven-plugin cannot find, or finds with unexpected license.
+
+com.google.re2j:re2j:1.1 BSD 3-Clause
+javax.servlet:servlet-api:2.5 CDDL 1.1
+javax.servlet.jsp:jsp-api:2.1 CDDL 1.1
+org.codehaus.jettison:jettison:1.1 Apache License 2.0
diff --git a/hadoop-ozone/dev-support/checks/license.sh 
b/hadoop-ozone/dev-support/checks/license.sh
new file mode 100755
index 0000000000..f2c978731b
--- /dev/null
+++ b/hadoop-ozone/dev-support/checks/license.sh
@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# This script checks if all third-party dependencies have licenses we can use.
+# Optionally accepts the aggregated third-party license list file to be 
checked.
+# Otherwise it requires Ozone to be available from Maven repo (can be local),
+# so that it can generate the license list.
+#
+# When adding a new dependency to Ozone with a license that fails to match:
+# * verify that the license is allowed, ref: 
https://www.apache.org/legal/resolved.html
+# * tweak the patterns to allow
+#
+# Items for which license-maven-plugin cannot find license (e.g. jettison,
+# jsp-api) are output as "Unknown license".  These dependencies should be
+# filtered explicitly by adding them to the `license.exceptions` file, instead
+# of allowing the generic "Unknown license".
+
+set -euo pipefail
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cd "$DIR/../../.." || exit 1
+
+REPORT_DIR=${OUTPUT_DIR:-"$DIR/../../../target/license"}
+mkdir -p "$REPORT_DIR"
+REPORT_FILE="${REPORT_DIR}/summary.txt"
+
+DEFAULT_SRC="target/generated-sources/license/THIRD-PARTY.txt"
+src="${1:-${DEFAULT_SRC}}"
+
+if [[ ! -e ${src} ]]; then
+  MAVEN_OPTIONS="-B -fae -Dskip.npx -Dskip.installnpx --no-transfer-progress 
${MAVEN_OPTIONS:-}"
+  mvn ${MAVEN_OPTIONS} license:aggregate-add-third-party | tee 
"${REPORT_DIR}/output.log"
+  src="${DEFAULT_SRC}"
+fi
+
+L='Licen[cs]e' # sometimes misspelled
+
+# filter all allowed licenses; any remaining item indicates a possible problem
+grep '(' ${src} \
+  | grep -v -f <(grep -v -e '^#' -e '^$' "${DIR}"/license.exceptions | cut -f1 
-d' ') \
+  | ( grep -i -v \
+    -e "Apache ${L}" -e "Apache Software ${L}" -e "Apache v2" -e "Apache.2" \
+    -e "Bouncy Castle ${L}" \
+    -e "(BSD)" -e "(The BSD ${L})" -e "(BSD.[23]" -e "\<BSD ${L} [23]" -e 
"\<[23]\>.Clause.\<BSD\>" \
+    -e "(CDDL\>" -e ' CDDL '\
+    -e "(EDL\>" -e "Eclipse Distribution ${L}" \
+    -e "(EPL\>" -e "Eclipse Public ${L}" \
+    -e "(MIT)" -e "\<MIT ${L}" \
+    -e "Modified BSD\>" \
+    -e "New BSD ${L}" \
+    -e "Public Domain" \
+    -e "Revised BSD\>" \
+    || true ) \
+  | sort -u \
+  | tee "${REPORT_FILE}"
+
+wc -l "${REPORT_FILE}" | awk '{ print $1 }' > "${REPORT_DIR}/failures"
+
+if [[ -s "${REPORT_FILE}" ]]; then
+   exit 1
+fi


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@ozone.apache.org
For additional commands, e-mail: commits-h...@ozone.apache.org