Hannah-Jiang commented on a change in pull request #11067: [BEAM-9136]Add licenses for dependencies URL: https://github.com/apache/beam/pull/11067#discussion_r398884324
########## File path: sdks/go/container/license_scripts/pull_licenses_go.py ########## @@ -0,0 +1,132 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +"""A script to pull licenses for Go. +""" + +import os +import re +import shutil +import subprocess + +from tenacity import retry +from tenacity import stop_after_attempt + +def run_bash_command(command): + process = subprocess.Popen(command.split(), + stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + result, error = process.communicate() + if error: + raise RuntimeError('Error occurred when running a bash command.', + 'command: ', command, 'error message: ', + error.decode('utf-8')) + return result.decode('utf-8') + + +def get_final_dependencies(deps): + final_deps = set() + for dep in deps: + # remove Beam internal dependencies. + if dep.startswith('github.com/apache/beam'): + continue + if dep.startswith('vendor/'): + dep = dep.replace('vendor/', '') + # the list contains all nested dependencies, following if statements + # dedup nested dependencies and includes root dependencies only. + # if dep is from github.com, ex: github.com/golang/protobuf/proto + if dep.startswith('github.com'): + final_deps.add('/'.join(dep.split('/')[:3])) + # if dep is from google.golang.org, ex:google.golang.org/grpc + elif dep.startswith('google.golang.org'): + final_deps.add('/'.join(dep.split('/')[:2])) + # if dep is from golang.org, ex: golang.org/x/net/http2 + elif dep.startswith('golang.org'): + final_deps.add('/'.join(dep.split('/')[:3])) + else: # embedded dependencies, ex: debug, crypto/tls + final_deps.add(dep.split('/')[0]) + return final_deps + + +def get_dependency_list(): + command = "go list -f '{{.Deps}}' github.com/apache/beam/sdks/go/pkg/beam" + dependencies = run_bash_command(command) + # dependencies returned from the command is '[dep0 dpe1 ...]'. + # "'", "[", "]" should be removed from the bytes. + str_dependencies = re.sub(r"([\'\[\]])", r"", dependencies) + final_dependencies = get_final_dependencies(str_dependencies.split()) + return final_dependencies + + +@retry(stop=stop_after_attempt(3)) +def pull_license(dep): Review comment: There are four different type of Go packages. 1. Go embedded packages. (hash, byte etc) (BSD 3-Clause, with copyright 2009) 2. github.com/golang/ package. (BSD 3-Clause, with copyright 2010) 3. golang.org/x/ (BSD 3-Clause, with copyright 2009) 4. google.golang.org/ (Apache-2.0), 2 packages so the 2 licenses are from 4, 1 licenses are from 2 and other 36 licenses are from 1 and 3. I manually checked several of the licenses and the script pulled the licenses correctly. I think this is an expected behavior. Go packages seem like don't update licenses and use default licenses. Then I think we don't need to include embedded licenses in 1 because they are not third party dependencies, I will go ahead and update the scripts if it sounds good. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
