bobbai00 opened a new issue, #4667: URL: https://github.com/apache/texera/issues/4667
### What happened? Today every Docker image (`texera-access-control-service`, `texera-config-service`, `texera-file-service`, `texera-workflow-compiling-service`, `texera-workflow-computing-unit-managing-service`, `texera-dashboard-service`, `texera-workflow-execution-coordinator`, `texera-workflow-execution-runner`, `texera-agent-service`) ships the same monolithic root `LICENSE-binary` and `NOTICE-binary` containing the union of every third-party dependency across all services, frontend, agent-service, and Python. The issue: the LICENSE in each image overstates what is actually bundled in that image. For example, `texera-access-control-service` ships only 116 third-party jars but its `/texera/LICENSE` references ~860 entries spanning frontend Angular packages, Python packages, agent-service npm packages, and jars only relevant to other services. ASF's licensing guidance is that the LICENSE in a binary distribution must describe the contents of that distribution. ### How to reproduce? 1. `docker run --rm --entrypoint sh ghcr.io/apache/texera-access-control-service:latest -c 'cat /texera/LICENSE | grep "^ - " | wc -l'` 2. Compare with `docker run --rm --entrypoint sh ghcr.io/apache/texera-access-control-service:latest -c 'ls /texera/lib/ | wc -l'` 3. The LICENSE references many more third-party components than the image actually bundles. ### Expected behavior Each Docker image's `/texera/LICENSE` should describe only the third-party components actually bundled in that image: - Standalone Scala services: only the jars under their `lib/`. - `WorkflowExecutionService` images (dashboard, coordinator, runner): the `amber/` jars, plus Python deps for coordinator and runner, plus the frontend Angular bundle for the dashboard. - `texera-agent-service`: only the bun-installed npm packages. ### Version 1.1.0-incubating (Pre-release/Master) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
