Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce License Finder to CI #94

Merged
merged 27 commits into from
Nov 29, 2024
Merged

Introduce License Finder to CI #94

merged 27 commits into from
Nov 29, 2024
+11,043 −0

Conversation

masutaka
Copy link
Member

@masutaka masutaka commented Nov 22, 2024
edited
Loading

Summary

This PR introduces License Finder to CI for maintaining license compliance.

  • In the future, CI will fail if you use licenses or packages that are not allowed in frontend/config/dependency_decisions.yml
  • Whenever there is a change in the packages used by this repository or their licenses, CI will update frontend/docs/packages-license.md

Related Issues and pull requests

Changes

  • Resolve all license issues from License Finder
  • Introduce License Finder to CI

Testing

  1. First commit, CI created frontend/docs/packages-license.md
  2. Triggered by 1. Since neither running License Finder nor creating a license report was necessary, they were skipped

Other Information

  • Added Repository variable CI_TRIGGER_APP_ID
  • Added Repository secret CI_TRIGGER_APP_PRIVATE_KEY
  • After merging the PRs, set up the license_finder job to require success before the main branch merge

@masutaka masutaka self-assigned this Nov 22, 2024
@masutaka
Permit MIT license
5088999 
$ license_finder permitted_licenses add 'MIT' \
 --why 'Compatible with Apache-2.0 license. See https://opensource.org/license/MIT' \
 --who 'OSPO @masutaka'
@masutaka
Permit Apache-2.0 license
f05af99 
$ license_finder permitted_licenses add 'Apache 2.0' \
 --why 'Compatible with Apache-2.0 license. See https://opensource.org/license/apache-2-0' \
 --who 'OSPO @masutaka'
@masutaka
Permit ISC license
8da3993 
$ license_finder permitted_licenses add 'ISC' \
 --why 'Compatible with Apache-2.0 license. See https://opensource.org/license/isc-license-txt' \
 --who 'OSPO @masutaka'
@masutaka
Permit BSD 0-Clause license
4131ee0 
$ license_finder permitted_licenses add 'BSD 0-Clause' \
 --why 'Compatible with Apache-2.0 license. See https://opensource.org/license/0BSD' \
 --who 'OSPO @masutaka'
@masutaka
Permit BSD 2-Clause license
e090967 
$ license_finder permitted_licenses add 'BSD 2-Clause' \
 --why 'Compatible with Apache-2.0 license. See https://opensource.org/license/BSD-2-Clause' \
 --who 'OSPO @masutaka'
@masutaka
Permit BSD 3-Clause license
56847a8 
$ license_finder permitted_licenses add 'BSD 3-Clause' \
 --why 'Compatible with Apache-2.0 license. See https://opensource.org/license/BSD-3-Clause' \
 --who 'OSPO @masutaka'
@masutaka
Permit Blue Oak Model License
e19bdb1 
$ license_finder permitted_licenses add 'BlueOak-1.0.0' \
 --why 'Compatible with Apache-2.0 license. See https://opensource.org/license/blue-oak-model-license' \
 --who 'OSPO @masutaka'
@masutaka
Permit The Unlicense
051a3c9 
$ license_finder permitted_licenses add 'The Unlicense' \
 --why 'Compatible with Apache-2.0 license. See https://opensource.org/license/Unlicense' \
 --who 'OSPO @masutaka'
@masutaka
Permit CC BY 4.0 license
52fb94a 
$ license_finder permitted_licenses add 'CC-BY-4.0' \
 --why 'Compatible with Apache-2.0 license. See https://creativecommons.org/licenses/by/4.0/' \
 --who 'OSPO @masutaka'
@masutaka masutaka force-pushed the introduce-license-finder branch from d1a3f97 to 52fb94a Compare November 28, 2024 08:31
@masutaka
Approve the argparse v2.0.1 license "Python-2.0"
331b1ed 
$ license_finder approvals add 'argparse' \
 --version=2.0.1 \
 --why 'Python 2.0 license is compatible with Apache-2.0. But License Finder does not support the name "Python-2.0". See pivotal/LicenseFinder#1053' \
 --who 'OSPO @masutaka'
@masutaka
Temporary approve [email protected] which is Public Domain
43d6caf 
$ license_finder approvals add 'jsonify' \
 --version=0.0.1 \
 --why 'Public Domain is compatible with Apache-2.0. But it is not a software license. See #111' \
 --who 'OSPO @masutaka'
@masutaka
Merge remote-tracking branch 'origin/main' into introduce-license-finder
7abd5c1
@masutaka
Approve [email protected] which is MIT
bf78899 
$ license_finder approvals add 'libpg-query' \
 --version=13.3.2 \
 --why 'Its license is MIT, but it is mis-detected as a "LICENSE IN LICENSE" license. See launchql/libpg-query-node#85' \
 --who 'OSPO @masutaka'
@masutaka
Introduce License Finder to CI
f30bf82
@masutaka masutaka force-pushed the introduce-license-finder branch from f9d4074 to f30bf82 Compare November 29, 2024 04:42
@masutaka masutaka changed the title Introduce License Finder Introduce License Finder to CI Nov 29, 2024
@masutaka masutaka marked this pull request as ready for review November 29, 2024 05:09
@masutaka masutaka requested a review from a team as a code owner November 29, 2024 05:09
@masutaka masutaka requested review from hoshinotsuyoshi, FunamaYukina, junkisai, MH4GF and sasamuku and removed request for a team November 29, 2024 05:09
MH4GF
MH4GF approved these changes Nov 29, 2024
View reviewed changes
Copy link
Member

@MH4GF MH4GF left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀
Thanks a lot of your work!!

frontend/config/dependency_decisions.yml
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is pretty straightforward! 😄

frontend/config/dependency_decisions.yml
Comment on lines +67 to +68
:why: Public Domain is compatible with Apache-2.0. But it is not a software license.
See https://github.com/liam-hq/liam/issues/111
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK
Thanks 🙏🏻

frontend/config/dependency_decisions.yml Outdated Show resolved Hide resolved
@masutaka masutaka added this pull request to the merge queue Nov 29, 2024
@masutaka
Copy link
Member Author

@MH4GF

Can you add it to the Required Status Check later?

I forgot to set the merge_group trigger, so I added the commit ca5b006 . In the meantime, please review.

MH4GF
MH4GF approved these changes Nov 29, 2024
View reviewed changes
Copy link
Member

@MH4GF MH4GF left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 😄

@masutaka masutaka added this pull request to the merge queue Nov 29, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Nov 29, 2024
@masutaka
Copy link
Member Author

The main branch had more licenses and I will deal with them.

🔗 https://github.com/liam-hq/liam/actions/runs/12081630218/job/33691096256

CI failure

@masutaka
Merge remote-tracking branch 'origin/main' into introduce-license-finder
2bd8f75
@masutaka
Permit LGPL-3.0-or-later license
0b0a09e 
$ license_finder permitted_licenses add 'LGPL-3.0-or-later' \
 --why 'Compatible with Apache-2.0 license. See https://opensource.org/license/LGPL-3.0' \
 --who 'OSPO @masutaka'
@masutaka
Permit CC0 1.0 Universal license
b846e0d 
$ license_finder permitted_licenses add 'CC0 1.0 Universal' \
 --why 'Compatible with Apache-2.0 license. See https://creativecommons.org/publicdomain/zero/1.0/' \
 --who 'OSPO @masutaka'
@masutaka
Approve [email protected] which is MIT
9d698a9 
$ license_finder approvals add 'spawndamnit' \
 --version=3.0.1 \
 --why 'Its license is MIT, but it is mis-detected as a "SEE LICENSE IN LICENSE" license. See jamiebuilds/spawndamnit#11' \
 --who 'OSPO @masutaka'
@masutaka
Permit Mozilla Public License 2.0
7fbb720 
$ license_finder permitted_licenses add 'Mozilla Public License 2.0' \
 --why 'Compatible with Apache-2.0 license. See https://opensource.org/license/mpl-2-0' \
 --who 'OSPO @masutaka'
@masutaka
Remove libpg-query from dependency_decisions.yml
1741ea3 
It's removed by #110
@masutaka masutaka force-pushed the introduce-license-finder branch from d4f7cfe to 1741ea3 Compare November 29, 2024 09:21
@masutaka
Copy link
Member Author

@MH4GF Please review again.

The main branch had more licenses, so I added commits 2bd8f75...1741ea3 .

9d698a9 and also created a PR jamiebuilds/spawndamnit#11 in connection with it.
Removed libpg-query permissions by 1741ea3 since #110 was merged.

@masutaka masutaka requested a review from MH4GF November 29, 2024 09:28
@masutaka
Copy link
Member Author

For some reason frontend-ci is down....
https://github.com/liam-hq/liam/actions/runs/12082148738/job/33692660031?pr=94

@hoshinotsuyoshi
Copy link
Member

hoshinotsuyoshi commented Nov 29, 2024
edited
Loading

For some reason frontend-ci is down....

flaky at main branch 🙏 #108 I'll merge this now. @MH4GF

60e4ed0

@hoshinotsuyoshi hoshinotsuyoshi mentioned this pull request Nov 29, 2024
Merged
1 task
@MH4GF
Copy link
Member

MH4GF commented Nov 29, 2024

@hoshinotsuyoshi

flaky at main branch 🙏 #108 I'll merge this now.

Thanks 👍🏻
I'll do an update branch and see what happens. @masutaka

MH4GF
MH4GF approved these changes Nov 29, 2024
View reviewed changes
Copy link
Member

@MH4GF MH4GF left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🚀
License Finder is better to activate it as soon as possible, so I will merge this one.

@MH4GF MH4GF added this pull request to the merge queue Nov 29, 2024
Merged via the queue into main with commit 2f94337 Nov 29, 2024
8 checks passed
@MH4GF MH4GF deleted the introduce-license-finder branch November 29, 2024 10:45
This was referenced Dec 2, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MH4GF MH4GF MH4GF approved these changes

@hoshinotsuyoshi hoshinotsuyoshi Awaiting requested review from hoshinotsuyoshi hoshinotsuyoshi is a code owner automatically assigned from liam-hq/liam-dev

@FunamaYukina FunamaYukina Awaiting requested review from FunamaYukina FunamaYukina is a code owner automatically assigned from liam-hq/liam-dev

@junkisai junkisai Awaiting requested review from junkisai junkisai is a code owner automatically assigned from liam-hq/liam-dev

@sasamuku sasamuku Awaiting requested review from sasamuku sasamuku is a code owner automatically assigned from liam-hq/liam-dev

Assignees

@masutaka masutaka

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@masutaka @hoshinotsuyoshi @MH4GF @FunamaYukina