[
https://issues.apache.org/jira/browse/APEXMALHAR-2461?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16236417#comment-16236417
]
Ananth commented on APEXMALHAR-2461:
------------------------------------
Capturing some comments about the usage of "license-check-maven-plugin" from
org.complykit groupID.
The plugin seems to do what it claims on the tin: "Break a build if
non-compliant dependencies are found in the build dependency tree".
It allows for defining the blacklisted licenses that are allowed in a maven
project and uses that for breaking the build if violations are noted. It also
allows for forcefully bypassing the checks for artefacts as part config.
The following points are to be observed for usage of this plugin:
- Some jars/dependencies do not have the license information embedded in them.
Hence the license value is "null" and hence breaking the build. The project
itself might be under Apache License 2 but it is the binary that does not
contain this information and hence the cause of the build failure.
- Some jars/dependencies do not have the right name embedded as part of the
license description. "Apache 2 " vs "Apache License Version 2" vs "Apache
License 2.0" etc.
Here is a snippet of the config for the plugin and note the excludes for the
top level of Apex-malhar tree. Similar excludes will need to be set for the
children as well.
{noformat}
<plugin>
<groupId>org.complykit</groupId>
<artifactId>license-check-maven-plugin</artifactId>
<version>0.5.3</version>
<configuration>
<excludes>
<param>org.apache.apex:apex:${project.parent.version}</param> <!--
parent pom does not have a license file in maven -->
<param>org.apache.apex:apex-engine:${project.parent.version}</param> <!--
parent pom does not have a license file in maven -->
<param>pl.pragmatists:JUnitParams:${JunitParams-version}</param>
<!-- Apache 2 license but text is not exact and hence this exclusion -->
</excludes>
</configuration>
<executions>
<execution>
<phase>verify</phase>
<goals>
<goal>os-check</goal>
</goals>
</execution>
</executions>
</plugin>
{noformat}
> Fix dependencies on libraries licensed under Category X
> -------------------------------------------------------
>
> Key: APEXMALHAR-2461
> URL: https://issues.apache.org/jira/browse/APEXMALHAR-2461
> Project: Apache Apex Malhar
> Issue Type: Bug
> Reporter: Vlad Rozov
> Assignee: Ananth
> Priority: Major
> Fix For: 3.8.0
>
>
> There are few samples and the benchmark application in Malhar that depend
> on libraries licensed under Category X. All such dependencies need to be
> either optional, be replaced with libraries that are compatible with Apache
> license or be removed. Any newly introduced dependency should be either
> compatible with the Apache license or be optional.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
