ppkarwasz commented on code in PR #4831:
URL: https://github.com/apache/eventmesh/pull/4831#discussion_r1570554606
##########
build.gradle:
##########
@@ -252,6 +251,107 @@ tasks.register('printProjects') {
})
}
+cyclonedxBom {
+ includeConfigs = ["runtimeClasspath"]
+}
+
+tasks.register('generateDistLicense') {
+ dependsOn('cyclonedxBom') // Task from 'org.cyclonedx.bom' plugin
+ doLast {
+ // Inputs
+ def bomFile = file("$buildDir/reports/bom.json")
+ def bom = new JsonSlurper().parseText(bomFile.text)
+ def projectLicenseText = file('LICENSE').text
+
+ // Outputs
+ def distLicenseFile = file('tools/dist-license/LICENSE')
+ def licensesDir = file('tools/dist-license/licenses/java/')
+ if (licensesDir.exists()) {
+ licensesDir.eachFile { it.delete() }
+ } else {
+ licensesDir.mkdirs()
+ }
+
+ List<Map<String, String>> thirdPartyArtifacts = new
ArrayList<Map<String, String>>()
+ // Parse BOM
+ bom.components.each { component ->
+ // Exclude project modules
+ if (!component.group.startsWith('org.apache.eventmesh')) {
+ component.licenses.each { artifactLicense ->
+ if (artifactLicense.license != null) {
+ Map<String, String> artifact = new HashMap<String,
String>()
+ artifact.put("name", component.name)
+ artifact.put("version", component.version)
+ if (artifactLicense.license.id != null) {
+ artifact.put("license", artifactLicense.license.id)
+ if (artifactLicense.license.text != null) {
+ artifact.put("licenseContent", new
String(artifactLicense.license.text.content.decodeBase64()))
+ }
+ } else {
+ artifact.put("license",
artifactLicense.license.name)
+ artifact.put("licenseContent",
artifactLicense.license.url)
+ }
+ thirdPartyArtifacts.add(artifact)
+ }
+ }
+ }
+ }
+ thirdPartyArtifacts.sort { a, b ->
+ def nameComparison = a.name <=> b.name
+ if (nameComparison == 0) {
+ return a.version <=> b.version
+ } else {
+ return nameComparison
+ }
+ }
+
+ def distLicenseText = projectLicenseText +
"\n=======================================================================\n" +
+ "This distribution contains the following third-party
artifacts:\n\n"
+ thirdPartyArtifacts.each { artifact ->
+ // Write licenses
+ def artifactLicenseFilename = artifact.license.replaceAll("/",
"-") + ".txt"
+ def artifactLicenseFile = new File(licensesDir,
artifactLicenseFilename)
Review Comment:
You don't need the complete list, you only need a bunch of license, which
are already in the `tools/dist-license/licenses/java` folder of this PR. And
you also have many duplicates: e.g. the wording of
https://www.bouncycastle.org/licence.html is exactly the same as the MIT
license.
When it comes to artifacts that don't comply with SPDX, IMHO they can not be
included in an Open Source distribution until a lawyer proof-reads the license.
In this case you might as well wait until the license gets a SPDX identifier
and is vetted by the ASF.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@eventmesh.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@eventmesh.apache.org
For additional commands, e-mail: issues-h...@eventmesh.apache.org
