Perdjesk commented on PR #778:
URL:
https://github.com/apache/incubator-baremaps/pull/778#issuecomment-1715580345
I pulled the branch and did some more in-depth analysis.
I think this approach is better and embrace the fact that we have to deal
with a manual step/verification of the content added in LICENSE for: license
merging, choose one license per bundled dependency. Having a file within source
repository allow for proper review of changes.
However in order to make this maintainable and usable, we should have a way
to identify drift between dependencies in `pom.xml`s and the content of
`override.properties` so that they are aligned.
Here is the trial I did locally to address this point:
```
--- a/baremaps-cli/pom.xml
+++ b/baremaps-cli/pom.xml
@@ -190,19 +190,35 @@
<version>2.2.0</version>
<configuration>
<force>true</force>
- <outputDirectory>${thirdparty.directory}</outputDirectory>
- <thirdPartyFilename>${thirdparty.filename}</thirdPartyFilename>
<excludedScopes>test,provided</excludedScopes>
-
<excludeTransitiveDependencies>true</excludeTransitiveDependencies>
- <fileTemplate>${basedir}/src/license/bundle.ftl</fileTemplate>
-
<overrideFile>${basedir}/src/license/override.properties</overrideFile>
+ <excludedGroups>^org\.apache\.baremaps</excludedGroups>
+
<overrideUrl>file://${basedir}/src/license/override.properties</overrideUrl>
+ <failOnMissing>true</failOnMissing>
</configuration>
<executions>
<execution>
+ <id>1</id>
<goals>
<goal>add-third-party</goal>
</goals>
<phase>prepare-package</phase>
+ <configuration>
+ <outputDirectory>${thirdparty.directory}</outputDirectory>
+
<thirdPartyFilename>${thirdparty.filename}</thirdPartyFilename>
+ <fileTemplate>${basedir}/src/license/bundle.ftl</fileTemplate>
+ </configuration>
+ </execution>
+ <execution>
+ <id>2</id>
+ <goals>
+ <goal>add-third-party</goal>
+ </goals>
+ <phase>generate-sources</phase>
+ <configuration>
+
<fileTemplate>${basedir}/src/license/override.ftl</fileTemplate>
+ <outputDirectory>${thirdparty.directory}</outputDirectory>
+ <thirdPartyFilename>override.properties</thirdPartyFilename>
+ </configuration>
</execution>
</executions>
</plugin>
```
Changing a dependency version:
```
% ./mvnw generate-sources
% diff baremaps-cli/src/license/override.properties
baremaps-cli/target/generated-sources/license/override.properties
44c44
< info.picocli--picocli--4.6.3=Apache License 2.0
---
> info.picocli--picocli--4.7.5=The Apache Software License, version 2.0
```
Adding a dependency:
```
% ./mvnw generate-sources
% diff baremaps-cli/src/license/override.properties
baremaps-cli/target/generated-sources/license/override.properties
18a19
> com.google.code.gson--gson--2.10.1=Apache-2.0
```
Removing a dependency:
```
% ./mvnw generate-sources
% diff baremaps-cli/src/license/override.properties
baremaps-cli/target/generated-sources/license/override.properties
200,201d200
< org.roaringbitmap--RoaringBitmap--0.9.38=Apache License 2.0
< org.roaringbitmap--shims--0.9.38=Apache License 2.0
```
The CI could enforce that there is no difference between the generated
`override.properties` and the one present in code repository, thus ensuring the
in-sync.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
