Rawlin, we decided to stop using `rat` for license checking in favor of `weasel`. I disabled the `rat` build jobs, and `weasel` automatically runs along with the standard build..
The .rat-excludes file needs to be removed completely (I'll file an issue for that)... At the top level, run `./pkg -v weasel` and it'll produce a report of files aren't documented properly. There's an equivalent (but completely different format) file at `.dependency_license` to add exceptions for weasel... -dan On Mon, Jul 8, 2019 at 3:46 PM Rawlin Peters <[email protected]> wrote: > Hey Matt, > > These dependencies seem fine to me, but by the way it looks like > https://github.com/lestrrat/go-jwx is now > https://github.com/lestrrat-go/jwx (your PR is correctly referencing > the latter). > > If you'd like to see how we typically vendor our dependencies, here's > an example PR where I added a YAML parsing dependency: > https://github.com/apache/trafficcontrol/pull/3047/files > Note the changes to the .rat-excludes and LICENSE files, and the > vendoring was basically done by just git cloning the dependency repo > into the trafficcontrol/vendor/gopkg.in directory then removing their > .git directory. I think you would clone these repos into > trafficcontrol/traffic_ops/traffic_ops_golang/vendor since they're > just going to be used by TO for now. > > Longer-term we need to figure out when/how we want to start using a Go > dependency management tool like Go modules for the project, but that > is a conversation for another thread IMO. > > - Rawlin > > On Mon, Jul 8, 2019 at 1:20 PM Matthew Jackson <[email protected]> > wrote: > > > > Hello again, > > > > This functionality is just about ready to be merged in so I wanted to > send > > out an email letting everyone know I am adding 2 dependencies for it. > Feel > > free to review them and let me know of any questions/concerns. Both are > > MIT licensed: > > https://github.com/dgrijalva/jwt-go > > https://github.com/lestrrat/go-jwx > > > > Thanks, > > Matt > > > > On Tue, May 14, 2019 at 3:33 PM Matthew Jackson <[email protected]> > > wrote: > > > > > Hey all, > > > > > > I have submitted this PR: > > > https://github.com/apache/trafficcontrol/pull/3505 > > > > > > It is a first step toward using OAuth for login in Traffic Portal > (first > > > step because it only works for OAuth providers that return a JWT and > use a > > > keyset URL instead of key file stored locally). It is an opt in > service > > > using the traffic_portal_properties.json file so unless you want to > use it, > > > it will not impact you, but I wanted to give everyone a heads up that > it is > > > submitted for review. > > > > > > Let me know if you have any questions/concerns/ideas! > > > > > > Matt > > > >
