This is an automated email from the ASF dual-hosted git repository. kezhenxu94 pushed a commit to branch deps in repository https://gitbox.apache.org/repos/asf/skywalking-eyes.git
commit f96c72e4f57e10963e81c0086cdd0c04d73b610a Author: kezhenxu94 <[email protected]> AuthorDate: Sun Dec 27 14:30:33 2020 +0800 Add doc, enhance Docker to allow subcommands, fix resolver --- .github/workflows/license-eye-check.yaml | 2 + action.yml | 2 + license-eye/Dockerfile | 10 ++++- license-eye/Makefile | 12 +++--- license-eye/README.adoc | 49 ++++++++++++++++++++++ license-eye/commands/deps.go | 4 +- license-eye/commands/deps_resolve.go | 2 +- license-eye/pkg/deps/golang.go | 12 +++++- license-eye/pkg/license/identifier.go | 17 ++++++++ .../test/testdata/.licenserc_for_test_check.yaml | 4 ++ 10 files changed, 101 insertions(+), 13 deletions(-) diff --git a/.github/workflows/license-eye-check.yaml b/.github/workflows/license-eye-check.yaml index 2bcfd23..869db6d 100644 --- a/.github/workflows/license-eye-check.yaml +++ b/.github/workflows/license-eye-check.yaml @@ -44,6 +44,8 @@ jobs: - name: License Check run: make license + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Test run: make test diff --git a/action.yml b/action.yml index 23fe862..fe7cbd3 100644 --- a/action.yml +++ b/action.yml @@ -23,3 +23,5 @@ branding: runs: using: docker image: license-eye/Dockerfile + args: + - header check diff --git a/license-eye/Dockerfile b/license-eye/Dockerfile index d4073c6..f7090f6 100644 --- a/license-eye/Dockerfile +++ b/license-eye/Dockerfile @@ -22,12 +22,18 @@ WORKDIR /license-eye COPY . . -RUN apk add make curl && make build +RUN apk add --no-cache make curl && make build FROM alpine:3 AS bin COPY --from=build /license-eye/bin/linux/license-eye /bin/license-eye +# Go +COPY --from=build /usr/local/go/ /usr/local/go/ +ENV PATH="/usr/local/go/bin:$PATH" +RUN apk add --no-cache gcc musl-dev +# Go + WORKDIR /github/workspace/ -ENTRYPOINT /bin/license-eye header check -v debug +ENTRYPOINT ["/bin/license-eye", "-v", "debug"] diff --git a/license-eye/Makefile b/license-eye/Makefile index e11f136..41e914b 100644 --- a/license-eye/Makefile +++ b/license-eye/Makefile @@ -27,7 +27,7 @@ GO_PATH = $(shell $(GO) env GOPATH) GO_BUILD = $(GO) build GO_TEST = $(GO) test GO_LINT = $(GO_PATH)/bin/golangci-lint -GO_BUILD_LDFLAGS = -X github.com/apache/skywalking-eyes/license-eye/commands.version=$(VERSION) +GO_BUILD_LDFLAGS = -X github.com/apache/skywalking-eyes/$(PROJECT)/commands.version=$(VERSION) GO_BINDATA = $(GO_PATH)/bin/go-bindata @@ -35,8 +35,8 @@ PLATFORMS := windows linux darwin os = $(word 1, $@) ARCH = amd64 -RELEASE_BIN = skywalking-license-eye-$(VERSION)-bin -RELEASE_SRC = skywalking-license-eye-$(VERSION)-src +RELEASE_BIN = skywalking-$(PROJECT)-$(VERSION)-bin +RELEASE_SRC = skywalking-$(PROJECT)-$(VERSION)-src all: clean lint license test build @@ -51,7 +51,7 @@ fix-lint: .PHONY: license license: clean codegen - $(GO) run cmd/license-eye/main.go header check -c ../.licenserc.yaml + $(GO) run cmd/$(PROJECT)/main.go header check -c ../.licenserc.yaml .PHONY: codegen codegen: clean @@ -66,14 +66,14 @@ test: clean codegen .PHONY: $(PLATFORMS) $(PLATFORMS): mkdir -p $(OUT_DIR) - GOOS=$(os) GOARCH=$(ARCH) $(GO_BUILD) $(GO_BUILD_FLAGS) -ldflags "$(GO_BUILD_LDFLAGS)" -o $(OUT_DIR)/$(os)/$(PROJECT) cmd/license-eye/main.go + GOOS=$(os) GOARCH=$(ARCH) $(GO_BUILD) $(GO_BUILD_FLAGS) -ldflags "$(GO_BUILD_LDFLAGS)" -o $(OUT_DIR)/$(os)/$(PROJECT) cmd/$(PROJECT)/main.go .PHONY: build build: codegen windows linux darwin .PHONY: docker docker: - docker build . -t license-eye:latest + docker build . -t $(PROJECT):$(VERSION) .PHONY: clean clean: diff --git a/license-eye/README.adoc b/license-eye/README.adoc index 9118635..11e2707 100644 --- a/license-eye/README.adoc +++ b/license-eye/README.adoc @@ -100,6 +100,49 @@ INFO Loading configuration from file: test/testdata/.licenserc_for_test_fix.yaml INFO Totally checked 16 files, valid: 7, invalid: 8, ignored: 1, fixed: 8 ---- +==== Resolve Dependencies' licenses + +[source,bash] +---- +$ bin/darwin/license-eye -c test/testdata/.licenserc_for_test_check.yaml dep resolve +INFO GITHUB_TOKEN is not set, license-eye won't comment on the pull request +INFO Loading configuration from file: test/testdata/.licenserc_for_test_check.yaml +WARNING Failed to resolve the license of dependency: gopkg.in/yaml.v3 cannot identify license content +Dependency | License +------------------------------------------- | ------------ +github.com/bmatcuk/doublestar/v2 | MIT +github.com/sirupsen/logrus | MIT +golang.org/x/sys/unix | BSD-3-Clause +github.com/spf13/cobra | Apache-2.0 +github.com/spf13/pflag | BSD-3-Clause +vendor/golang.org/x/net/dns/dnsmessage | BSD-3-Clause +vendor/golang.org/x/net/route | BSD-3-Clause +golang.org/x/oauth2 | BSD-3-Clause +golang.org/x/oauth2/internal | BSD-3-Clause +vendor/golang.org/x/crypto/cryptobyte | BSD-3-Clause +vendor/golang.org/x/crypto/cryptobyte/asn1 | BSD-3-Clause +golang.org/x/net/context/ctxhttp | BSD-3-Clause +vendor/golang.org/x/crypto/chacha20poly1305 | BSD-3-Clause +vendor/golang.org/x/crypto/chacha20 | BSD-3-Clause +vendor/golang.org/x/crypto/internal/subtle | BSD-3-Clause +vendor/golang.org/x/crypto/poly1305 | BSD-3-Clause +vendor/golang.org/x/sys/cpu | BSD-3-Clause +vendor/golang.org/x/crypto/curve25519 | BSD-3-Clause +vendor/golang.org/x/crypto/hkdf | BSD-3-Clause +vendor/golang.org/x/net/http/httpguts | BSD-3-Clause +vendor/golang.org/x/net/idna | BSD-3-Clause +vendor/golang.org/x/text/secure/bidirule | BSD-3-Clause +vendor/golang.org/x/text/transform | BSD-3-Clause +vendor/golang.org/x/text/unicode/bidi | BSD-3-Clause +vendor/golang.org/x/text/unicode/norm | BSD-3-Clause +vendor/golang.org/x/net/http/httpproxy | BSD-3-Clause +vendor/golang.org/x/net/http2/hpack | BSD-3-Clause +gopkg.in/yaml.v3 | Unknown + +ERROR failed to identify the licenses of following packages: +gopkg.in/yaml.v3 +---- + == Configurations [source,yaml] @@ -160,6 +203,10 @@ header: # <1> - '**/assets/assets.gen.go' comment: on-failure # <8> + +dependency: # <9> + files: # <10> + - go.mod ---- <1> `header` section is configurations for source codes license header. <2> The link:https://spdx.org/licenses/[SPDX ID] of the license, it's convenient when your license is standard SPDX license, so that you can simply specify this identifier without copying the whole license `content` or `pattern`. This will be used as the content when `fix` command needs to insert a license header. @@ -169,6 +216,8 @@ header: # <1> <6> `paths` are the path list that will be checked (and fixed) by license-eye, default is `['++**++']`. Formats like `++**/*.md++` and `++**/bin/**++` are supported. <7> `paths-ignore` are the path list that will be ignored by license-eye. By default, `.git` and the content in `.gitignore` will be inflated into the `paths-ignore` list. <8> On what condition {name} will comment the check results on the pull request, `on-failure`, `always`, `never`. Options other than `never` require the environment variable `GITHUB_TOKEN` to be set. +<9> `dependency` section is configurations for resolving dependencies' licenses. +<10> `files` are the files that declare the dependencies of a project, typically, `go.mo` in Go project, `pom.xml` in maven project, and `package.json` in NodeJS project. If it's a relative path, it's relative to the `.licenserc.yaml`. NOTE: When the `SPDX-ID` is Apache-2.0 and the owner is Apache Software foundation, the content would be link:https://www.apache.org/legal/src-headers.html#headers[a dedicated license] link:https://www.apache.org/foundation/license-faq.html#Apply-My-Software[specified by the ASF], otherwise, the license would be link:https://www.apache.org/foundation/license-faq.html#Apply-My-Software[the standard one]. diff --git a/license-eye/commands/deps.go b/license-eye/commands/deps.go index 87aadfd..cac7d08 100644 --- a/license-eye/commands/deps.go +++ b/license-eye/commands/deps.go @@ -22,8 +22,8 @@ import ( ) var Deps = &cobra.Command{ - Use: "deps", - Aliases: []string{"d"}, + Use: "dependency", + Aliases: []string{"d", "deps", "dep", "dependencies"}, Short: "Dependencies related commands; e.g. check, etc.", Long: "deps command checks all dependencies of a module and their transitive dependencies.", } diff --git a/license-eye/commands/deps_resolve.go b/license-eye/commands/deps_resolve.go index b493952..4969da7 100644 --- a/license-eye/commands/deps_resolve.go +++ b/license-eye/commands/deps_resolve.go @@ -28,7 +28,7 @@ import ( var ResolveCommand = &cobra.Command{ Use: "resolve", Aliases: []string{"r"}, - Long: "resolves all dependencies of a go.mod file and their transitive dependencies", + Long: "resolves all dependencies of a module and their transitive dependencies", RunE: func(cmd *cobra.Command, args []string) error { report := deps.Report{} diff --git a/license-eye/pkg/deps/golang.go b/license-eye/pkg/deps/golang.go index cb9eac1..c198373 100644 --- a/license-eye/pkg/deps/golang.go +++ b/license-eye/pkg/deps/golang.go @@ -18,8 +18,11 @@ package deps import ( + "context" + "fmt" "go/build" "io/ioutil" + "os" "path/filepath" "regexp" @@ -53,6 +56,10 @@ func (resolver *GoModeResolver) Resolve(goModFile string, report *Report) error logger.Log.Debugln("Resolving module:", file.Module.Mod) + if err := os.Chdir(filepath.Dir(goModFile)); err != nil { + return err + } + requiredPkgNames := make([]string, len(file.Require)) for i, require := range file.Require { requiredPkgNames[i] = require.Mod.Path @@ -70,7 +77,8 @@ func (resolver *GoModeResolver) Resolve(goModFile string, report *Report) error // ResolvePackages resolves the licenses of the given packages. func (resolver *GoModeResolver) ResolvePackages(pkgNames []string, report *Report) error { requiredPkgs, err := packages.Load(&packages.Config{ - Mode: packages.NeedName | packages.NeedFiles | packages.NeedCompiledGoFiles | packages.NeedImports | packages.NeedDeps, + Context: context.Background(), + Mode: packages.NeedName | packages.NeedFiles | packages.NeedCompiledGoFiles | packages.NeedImports | packages.NeedDeps, }, pkgNames...) if err != nil { @@ -105,7 +113,7 @@ func (resolver *GoModeResolver) ResolvePackageLicense(p *packages.Package, repor } if len(filesInPkg) == 0 { - return nil + return fmt.Errorf("empty package") } absPath, err := filepath.Abs(filesInPkg[0]) diff --git a/license-eye/pkg/license/identifier.go b/license-eye/pkg/license/identifier.go index 9751607..a20a729 100644 --- a/license-eye/pkg/license/identifier.go +++ b/license-eye/pkg/license/identifier.go @@ -1,3 +1,20 @@ +// +// Licensed to Apache Software Foundation (ASF) under one or more contributor +// license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright +// ownership. Apache Software Foundation (ASF) licenses this file to you under +// the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. package license import ( diff --git a/license-eye/test/testdata/.licenserc_for_test_check.yaml b/license-eye/test/testdata/.licenserc_for_test_check.yaml index d5cdec0..2821cbe 100644 --- a/license-eye/test/testdata/.licenserc_for_test_check.yaml +++ b/license-eye/test/testdata/.licenserc_for_test_check.yaml @@ -25,3 +25,7 @@ header: - '**/.DS_Store' - '**/.json' - '**/exclude_test/**' + +dependency: + files: + - ../../go.mod
