Provide a user extensible compliance linter

[aiuto]

Typically, every BUILD file in a bazel module is under the license defined at //:license. Since Bazel does not have inheritance from enclosing packages, we must usually add:

package(default_package_metadata=["//:license", "//:package_info"])

to every BUILD file. We should provide tools to help user maintain that invariant.

Initial thoughts:

• Must be user extensible so organizations can add their own policies.
• Standalone tool:
  • pro: can find all files, even if they are not in a package. That is a big win if you want to inject license scanning at this point.
  • con: can't be a bazel test.
• Bazel rule
  • pro: Can be a test, so it is trivial to add to CI.
  • con: Misses files which are not mentioned from a BUILD file.

@jin

[fmeum]

@Wyverald's REPO.bazel proposal may solve this.

[jin]

Android (AOSP) has a virtual monorepo structure like this:

% tree
.
├── external
│   ├── a
│   │   ├── BUILD
│   │   ├── LICENSE
│   │   ├── METADATA
│   │   └── sub
│   │       └── BUILD
│   └── b
│       ├── BUILD
│       ├── LICENSE
│       └── METADATA
└── foo
    └── BUILD

where //external/a and //external/b are git projects. They're also not necessarily repos like @a and @b, but //external/a and //external/b packages.

I think this shouldn't to be a bazel test. It could be like a buildifier-type standalone linter/static analyzer that fails loudly if some BUILD file doesn't have default_package_metadata set.