bobbai00 opened a new issue, #4691: URL: https://github.com/apache/texera/issues/4691
### Task Summary Sub-task of #4688. Extend `bin/licensing/check_binary_deps.py` with a new `--ignore-transitive-version` flag that relaxes the PR-time check so benign transitive version bumps no longer block merges, while still failing on anything that needs legal review. **Direct vs. transitive classification.** Load the set of *direct* dependencies for the current ecosystem from the primary requirement file(s): - `jar` → SBT files (`build.sbt`, any `project/*.sbt`, `project/Dependencies.scala` if present) - `npm` → `frontend/package.json` (`dependencies` + `devDependencies`) - `agent-npm` → `agent-service/package.json` - `python` → `operator/requirements.txt` and top-level `requirements.txt` Anything bundled that is not named in the primary file is treated as transitive. **Behavior with `--ignore-transitive-version`.** - Missing libraries (declared in `LICENSE-binary` but not bundled, or bundled but not declared) → still fail, regardless of direct/transitive — a brand-new dep must never silently skip legal review. - Version mismatch on a **direct** dep → still fail. - Version mismatch on a **transitive** dep → print as informational (`DRIFT (transitive)`), do not affect exit code. **Default behavior (no flag).** Exact-match behavior is preserved (current behavior). **CI integration.** Update `.github/workflows/build.yml` to pass `--ignore-transitive-version` on the four `check_binary_deps.py` invocations (frontend npm ~L112, jar ~L225, python ~L300, agent-npm ~L361). **Acceptance.** - A PR whose only license-check delta is a transitive-version bump (e.g. a `tifffile` release) passes the license check. - A PR that adds a brand-new direct or transitive dependency still fails until `LICENSE-binary` is updated. - A PR that bumps a *direct* dependency to a new version still fails until `LICENSE-binary` is updated. - Running the script without `--ignore-transitive-version` reproduces the strict pre-existing behavior. ### Task Type - [x] DevOps / Deployment / CI -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
