Hi ! I agree that it is sometimes very time consuming to go into each PR's branch and manually fix the licenses, specially when dependabot opens several PR's in a single run. We can try out StormCrawler's approach.
On Thu, 23 Oct 2025 at 09:23, Richard Zowalla <[email protected]> wrote: > Hi, > After reviewing validate-license-files.py, it seems we already generate > the two license files, compare them with the existing ones, and fail the > check if any differences are found. > > Currently, most of our PRs involve dependency updates, and each time we > spend several cycles manually updating these files. > > I was wondering if we could adopt a similar approach to what we do in > StormCrawler (see here): > https://github.com/apache/stormcrawler/blob/main/.github/workflows/main.yml#L46 > automatically generate the license files and open a PR whenever > differences are detected. > > I assume the current license check was introduced to prevent accidentally > introducing a category X license or similar issue. > > However, I think the time saved by automating these updates outweighs the > minor additional review effort required during release preparation, since a > full license review happens at that stage anyway. > > This goes in the direction of https://github.com/apache/storm/issues/7751 > > What do you think? > > Gruß > Richard
