This is an automated email from the ASF dual-hosted git repository.
kezhenxu94 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/skywalking-eyes.git
The following commit(s) were added to refs/heads/main by this push:
new a790ab8 feature: add weak-compatible to dependency check (#171)
a790ab8 is described below
commit a790ab8dd23a7f861c18bd6aaa9b012e3a234bce
Author: Patrick Zheng <[email protected]>
AuthorDate: Wed Nov 1 11:14:57 2023 +0800
feature: add weak-compatible to dependency check (#171)
---
assets/compatibility/Apache-2.0.yaml | 19 ++++++++++++++++
commands/deps_check.go | 11 +++++++++-
pkg/deps/check.go | 26 +++++++++++++++-------
pkg/deps/check_test.go | 42 +++++++++++++++++++++++++++++-------
4 files changed, 81 insertions(+), 17 deletions(-)
diff --git a/assets/compatibility/Apache-2.0.yaml
b/assets/compatibility/Apache-2.0.yaml
index 752f871..4111a24 100644
--- a/assets/compatibility/Apache-2.0.yaml
+++ b/assets/compatibility/Apache-2.0.yaml
@@ -89,3 +89,22 @@ incompatible:
- CPOL-1.02
- NPL-1.0
- NPL-1.1
+
+weak-compatible:
+ - CDDL-1.0
+ - CDDL-1.1
+ - CPL-1.0
+ - EPL-1.0
+ - EPL-2.0
+ - ErlPL-1.1
+ - IPA
+ - IPL-1.0
+ - LicenseRef-scancode-ubuntu-font-1.0
+ - LicenseRef-scancode-unrar
+ - MPL-1.0
+ - MPL-1.1
+ - MPL-2.0
+ - OFL-1.1
+ - OSL-3.0
+ - Ruby
+ - SPL-1.0
\ No newline at end of file
diff --git a/commands/deps_check.go b/commands/deps_check.go
index 8073d0b..87aab07 100644
--- a/commands/deps_check.go
+++ b/commands/deps_check.go
@@ -26,6 +26,15 @@ import (
"github.com/apache/skywalking-eyes/pkg/deps"
)
+var weakCompatible bool
+
+func init() {
+ DepsCheckCommand.PersistentFlags().BoolVarP(&weakCompatible,
"weak-compatible", "w", false,
+ "if set to true, treat the weak-compatible licenses as
compatible in dependencies check. "+
+ "Note: when set to true, make sure to manually confirm
that weak-compatible licenses "+
+ "are used under the required conditions.")
+}
+
var DepsCheckCommand = &cobra.Command{
Use: "check",
Aliases: []string{"c"},
@@ -34,7 +43,7 @@ var DepsCheckCommand = &cobra.Command{
var errors []error
configDeps := Config.Dependencies()
for _, header := range Config.Headers() {
- if err := deps.Check(header.License.SpdxID,
configDeps); err != nil {
+ if err := deps.Check(header.License.SpdxID, configDeps,
weakCompatible); err != nil {
errors = append(errors, err)
}
}
diff --git a/pkg/deps/check.go b/pkg/deps/check.go
index f5c663a..04e8301 100644
--- a/pkg/deps/check.go
+++ b/pkg/deps/check.go
@@ -30,8 +30,9 @@ import (
)
type CompatibilityMatrix struct {
- Compatible []string `yaml:"compatible"`
- Incompatible []string `yaml:"incompatible"`
+ Compatible []string `yaml:"compatible"`
+ Incompatible []string `yaml:"incompatible"`
+ WeakCompatible []string `yaml:"weak-compatible"`
}
var matrices = make(map[string]CompatibilityMatrix)
@@ -63,7 +64,7 @@ func init() {
}
}
-func Check(mainLicenseSpdxID string, config *ConfigDeps) error {
+func Check(mainLicenseSpdxID string, config *ConfigDeps, weakCompatible bool)
error {
matrix := matrices[mainLicenseSpdxID]
report := Report{}
@@ -71,7 +72,7 @@ func Check(mainLicenseSpdxID string, config *ConfigDeps)
error {
return nil
}
- return CheckWithMatrix(mainLicenseSpdxID, &matrix, &report)
+ return CheckWithMatrix(mainLicenseSpdxID, &matrix, &report,
weakCompatible)
}
func compare(list []string, spdxID string) bool {
@@ -99,16 +100,22 @@ func compareAny(spdxIDs []string, compare func(spdxID
string) bool) bool {
return false
}
-func CheckWithMatrix(mainLicenseSpdxID string, matrix *CompatibilityMatrix,
report *Report) error {
+func compareCompatible(matrix *CompatibilityMatrix, spdxID string,
weakCompatible bool) bool {
+ if weakCompatible {
+ return compare(matrix.Compatible, spdxID) ||
compare(matrix.WeakCompatible, spdxID)
+ }
+ return compare(matrix.Compatible, spdxID)
+}
+
+func CheckWithMatrix(mainLicenseSpdxID string, matrix *CompatibilityMatrix,
report *Report, weakCompatible bool) error {
var incompatibleResults []*Result
var unknownResults []*Result
for _, result := range append(report.Resolved, report.Skipped...) {
operator, spdxIDs :=
parseLicenseExpression(result.LicenseSpdxID)
-
switch operator {
case LicenseOperatorAND:
if compareAll(spdxIDs, func(spdxID string) bool {
- return compare(matrix.Compatible, spdxID)
+ return compareCompatible(matrix, spdxID,
weakCompatible)
}) {
continue
}
@@ -120,7 +127,7 @@ func CheckWithMatrix(mainLicenseSpdxID string, matrix
*CompatibilityMatrix, repo
case LicenseOperatorOR:
if compareAny(spdxIDs, func(spdxID string) bool {
- return compare(matrix.Compatible, spdxID)
+ return compareCompatible(matrix, spdxID,
weakCompatible)
}) {
continue
}
@@ -134,6 +141,9 @@ func CheckWithMatrix(mainLicenseSpdxID string, matrix
*CompatibilityMatrix, repo
if compatible := compare(matrix.Compatible,
spdxIDs[0]); compatible {
continue
}
+ if weakCompatible && compare(matrix.WeakCompatible,
spdxIDs[0]) {
+ continue
+ }
if incompatible := compare(matrix.Incompatible,
spdxIDs[0]); incompatible {
incompatibleResults =
append(incompatibleResults, result)
continue
diff --git a/pkg/deps/check_test.go b/pkg/deps/check_test.go
index db4a250..2799991 100644
--- a/pkg/deps/check_test.go
+++ b/pkg/deps/check_test.go
@@ -18,9 +18,10 @@
package deps_test
import (
- "github.com/apache/skywalking-eyes/pkg/deps"
"strings"
"testing"
+
+ "github.com/apache/skywalking-eyes/pkg/deps"
)
var TestMatrix = deps.CompatibilityMatrix{
@@ -52,6 +53,9 @@ var TestMatrix = deps.CompatibilityMatrix{
"GPL-2.0-only",
"GPL-2.0-or-later",
},
+ WeakCompatible: []string{
+ "MPL-2.0",
+ },
}
func TestCheckWithMatrix(t *testing.T) {
@@ -62,7 +66,7 @@ func TestCheckWithMatrix(t *testing.T) {
LicenseSpdxID: "Apache-2.0",
},
},
- }); err != nil {
+ }, false); err != nil {
t.Errorf("Shouldn't return error")
}
@@ -77,7 +81,7 @@ func TestCheckWithMatrix(t *testing.T) {
LicenseSpdxID: "LGPL-2.0",
},
},
- }); err == nil {
+ }, false); err == nil {
t.Errorf("Should return error")
} else if !strings.Contains(err.Error(), "Bar | LGPL-2.0") {
t.Errorf("Should return error and contains dependency Bar, now
is `%s`", err.Error())
@@ -96,7 +100,7 @@ func TestCheckWithMatrix(t *testing.T) {
LicenseSpdxID: "Unknown",
},
},
- }); err == nil {
+ }, false); err == nil {
t.Errorf("Should return error")
} else if !strings.Contains(err.Error(), "Bar | Unknown") {
t.Errorf("Should return error and has dependency Bar, now is
`%s`", err.Error())
@@ -109,7 +113,7 @@ func TestCheckWithMatrix(t *testing.T) {
LicenseSpdxID: "Apache-2.0 OR MIT",
},
},
- }); err != nil {
+ }, false); err != nil {
t.Errorf("Shouldn't return error")
}
@@ -120,7 +124,7 @@ func TestCheckWithMatrix(t *testing.T) {
LicenseSpdxID: "GPL-3.0 and GPL-3.0-or-later",
},
},
- }); err == nil {
+ }, false); err == nil {
t.Errorf("Should return error")
}
@@ -131,7 +135,7 @@ func TestCheckWithMatrix(t *testing.T) {
LicenseSpdxID: "LGPL-2.1-only AND MIT AND
BSD-2-Clause",
},
},
- }); err == nil {
+ }, false); err == nil {
t.Errorf("Should return error")
}
@@ -142,7 +146,29 @@ func TestCheckWithMatrix(t *testing.T) {
LicenseSpdxID: "GPL-2.0-or-later WITH
Bison-exception-2.2",
},
},
- }); err == nil {
+ }, false); err == nil {
t.Errorf("Should return error")
}
+
+ if err := deps.CheckWithMatrix("Apache-2.0", &TestMatrix, &deps.Report{
+ Resolved: []*deps.Result{
+ {
+ Dependency: "Foo",
+ LicenseSpdxID: "MPL-2.0",
+ },
+ },
+ }, false); err == nil {
+ t.Errorf("Should return error since weak-compatible is turned
off")
+ }
+
+ if err := deps.CheckWithMatrix("Apache-2.0", &TestMatrix, &deps.Report{
+ Resolved: []*deps.Result{
+ {
+ Dependency: "Bar",
+ LicenseSpdxID: "MPL-2.0",
+ },
+ },
+ }, true); err != nil {
+ t.Errorf("Shouldn't return error")
+ }
}
