From 8200435c54a37c0be8ee4c5f999d524c8c2700b0 Mon Sep 17 00:00:00 2001 From: sema <42957356+samsemasen@users.noreply.github.com> Date: Sun, 14 Jul 2024 21:58:24 +0200 Subject: [PATCH 1/7] Update license-compliance.yml --- .github/workflows/license-compliance.yml | 34 ++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/.github/workflows/license-compliance.yml b/.github/workflows/license-compliance.yml index d67618e..7e10dab 100644 --- a/.github/workflows/license-compliance.yml +++ b/.github/workflows/license-compliance.yml @@ -32,6 +32,7 @@ jobs: . venv/bin/activate pip install pip-licenses pip-licenses --from=mixed --output-file=dependencies_licenses.txt + pip-licenses --from=mixed --output-file=dependency_licenses.json --format=json - name: Upload license reports uses: actions/upload-artifact@v3 @@ -39,5 +40,38 @@ jobs: name: dependencies-license-reports path: dependencies_licenses.txt + - name: 'Parse Dependency licenses' + id: parse-dependency-licenses + run: | + dependency_licenses=$(cat dependency_licenses.json) + echo "::set-output name=dependency-licenses::${dependency_licenses}" + + - name: 'Compare Dependency licenses' + run: | + dependency_licenses=${{ steps.parse-dependency-licenses.outputs.dependency-licenses }} + permitted_licenses="MIT,Apache-2.0,BSD,EPL1" + for package in $(echo "${dependency_licenses}" | jq -r '.[] | .Package') + do + license=$(echo "${dependency_licenses}" | jq -r --arg package "$package" '.[] | select(.Package == $package) | .License') + if [[ ! ",${permitted_licenses}," =~ ",${license}," ]]; then + echo "Error: Package $package has an unrecognized license: $license" + exit 1 + fi + done + + - name: Publish Test Results + uses: EnricoMi/publish-unit-test-result-action@v2.2.0 + if: always() + with: + junit_files: "**/*.json" + check_name: "Dependency License Compliance Check" + + - name: 'Upload Dependency License Report' + if: always() + uses: actions/upload-artifact@v2 + with: + name: dependency-license-report + path: dependency_licenses.json + - name: License compliance summary run: echo "License compliance check completed. See artifacts for details." From c78c2f522e61945965d8bf9e124ade6f1d1ee06c Mon Sep 17 00:00:00 2001 From: sema <42957356+samsemasen@users.noreply.github.com> Date: Sun, 14 Jul 2024 22:16:53 +0200 Subject: [PATCH 2/7] Update license-compliance.yml --- .github/workflows/license-compliance.yml | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/.github/workflows/license-compliance.yml b/.github/workflows/license-compliance.yml index 7e10dab..7344598 100644 --- a/.github/workflows/license-compliance.yml +++ b/.github/workflows/license-compliance.yml @@ -31,15 +31,8 @@ jobs: run: | . venv/bin/activate pip install pip-licenses - pip-licenses --from=mixed --output-file=dependencies_licenses.txt pip-licenses --from=mixed --output-file=dependency_licenses.json --format=json - - name: Upload license reports - uses: actions/upload-artifact@v3 - with: - name: dependencies-license-reports - path: dependencies_licenses.txt - - name: 'Parse Dependency licenses' id: parse-dependency-licenses run: | @@ -63,7 +56,7 @@ jobs: uses: EnricoMi/publish-unit-test-result-action@v2.2.0 if: always() with: - junit_files: "**/*.json" + junit_files: "dependency_licenses.json" check_name: "Dependency License Compliance Check" - name: 'Upload Dependency License Report' From d2da3404586f0bd87861dc4ff499e7210f5a0042 Mon Sep 17 00:00:00 2001 From: sema <42957356+samsemasen@users.noreply.github.com> Date: Wed, 17 Jul 2024 13:35:57 +0200 Subject: [PATCH 3/7] Update license-compliance.yml --- .github/workflows/license-compliance.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/license-compliance.yml b/.github/workflows/license-compliance.yml index 7344598..e3acee8 100644 --- a/.github/workflows/license-compliance.yml +++ b/.github/workflows/license-compliance.yml @@ -52,13 +52,6 @@ jobs: fi done - - name: Publish Test Results - uses: EnricoMi/publish-unit-test-result-action@v2.2.0 - if: always() - with: - junit_files: "dependency_licenses.json" - check_name: "Dependency License Compliance Check" - - name: 'Upload Dependency License Report' if: always() uses: actions/upload-artifact@v2 From 7f8aac2d6aee65b62802fec7106e66e8778b553e Mon Sep 17 00:00:00 2001 From: sema Date: Wed, 17 Jul 2024 15:19:55 +0200 Subject: [PATCH 4/7] Create test_license_compliance.py --- src/test/test_license_compliance.py | 57 +++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 src/test/test_license_compliance.py diff --git a/src/test/test_license_compliance.py b/src/test/test_license_compliance.py new file mode 100644 index 0000000..3ddb433 --- /dev/null +++ b/src/test/test_license_compliance.py @@ -0,0 +1,57 @@ +import unittest +import json +from unittest.mock import patch, mock_open + +class TestLicenseCompliance(unittest.TestCase): + + def setUp(self): + self.mock_dependency_licenses = ''' + [ + { + "License": "BSD License", + "Name": "Jinja2", + "Version": "3.1.4" + }, + { + "License": "MIT License", + "Name": "Mako", + "Version": "1.3.5" + }, + { + "License": "BSD License", + "Name": "MarkupSafe", + "Version": "2.1.5" + }, + { + "License": "GPL-3.0", + "Name": "SomeRestrictedPackage", + "Version": "1.0.0" + } + ] + ''' + + def test_parse_dependency_licenses(self): + with patch('builtins.open', mock_open(read_data=self.mock_dependency_licenses)): + with open('dependency_licenses.json', 'r') as f: + data = json.load(f) + self.assertEqual(len(data), 4) + self.assertEqual(data[0]['Name'], 'Jinja2') + self.assertEqual(data[1]['License'], 'MIT License') + + def test_compare_dependency_licenses(self): + permitted_licenses = ["MIT", "MIT License", "Apache-2.0", "BSD", "BSD License"] + + with patch('builtins.open', mock_open(read_data=self.mock_dependency_licenses)): + with open('dependency_licenses.json', 'r') as f: + data = json.load(f) + + for package in data: + license = package['License'] + package_name = package['Name'] + with self.subTest(package=package_name): + if license not in permitted_licenses: + print(f"Error: Package {package_name} has an unrecognized license: {license}") + self.assertIn(license, permitted_licenses, f"Package {package_name} has an unrecognized license: {license}") + +if __name__ == '__main__': + unittest.main() From 25cccdec93dcc2fd457e4de38fafe033d33c05de Mon Sep 17 00:00:00 2001 From: sema Date: Wed, 17 Jul 2024 15:33:17 +0200 Subject: [PATCH 5/7] deleted compliance unit test and updated license compliance --- .github/workflows/license-compliance.yml | 15 ++++++- src/test/test_license_compliance.py | 57 ------------------------ 2 files changed, 14 insertions(+), 58 deletions(-) delete mode 100644 src/test/test_license_compliance.py diff --git a/.github/workflows/license-compliance.yml b/.github/workflows/license-compliance.yml index e3acee8..54ed82d 100644 --- a/.github/workflows/license-compliance.yml +++ b/.github/workflows/license-compliance.yml @@ -40,17 +40,23 @@ jobs: echo "::set-output name=dependency-licenses::${dependency_licenses}" - name: 'Compare Dependency licenses' + id: compare-dependency-licenses run: | dependency_licenses=${{ steps.parse-dependency-licenses.outputs.dependency-licenses }} permitted_licenses="MIT,Apache-2.0,BSD,EPL1" + non_compliant_packages="" for package in $(echo "${dependency_licenses}" | jq -r '.[] | .Package') do license=$(echo "${dependency_licenses}" | jq -r --arg package "$package" '.[] | select(.Package == $package) | .License') if [[ ! ",${permitted_licenses}," =~ ",${license}," ]]; then echo "Error: Package $package has an unrecognized license: $license" - exit 1 + non_compliant_packages+="Package $package has an unrecognized license: $license\n" fi done + echo "::set-output name=non-compliant-packages::${non_compliant_packages}" + if [ -n "${non_compliant_packages}" ]; then + exit 1 + fi - name: 'Upload Dependency License Report' if: always() @@ -59,5 +65,12 @@ jobs: name: dependency-license-report path: dependency_licenses.json + - name: 'Upload License Compliance Results' + if: always() + uses: actions/upload-artifact@v2 + with: + name: license-compliance-results + path: license_compliance_results.txt + - name: License compliance summary run: echo "License compliance check completed. See artifacts for details." diff --git a/src/test/test_license_compliance.py b/src/test/test_license_compliance.py deleted file mode 100644 index 3ddb433..0000000 --- a/src/test/test_license_compliance.py +++ /dev/null @@ -1,57 +0,0 @@ -import unittest -import json -from unittest.mock import patch, mock_open - -class TestLicenseCompliance(unittest.TestCase): - - def setUp(self): - self.mock_dependency_licenses = ''' - [ - { - "License": "BSD License", - "Name": "Jinja2", - "Version": "3.1.4" - }, - { - "License": "MIT License", - "Name": "Mako", - "Version": "1.3.5" - }, - { - "License": "BSD License", - "Name": "MarkupSafe", - "Version": "2.1.5" - }, - { - "License": "GPL-3.0", - "Name": "SomeRestrictedPackage", - "Version": "1.0.0" - } - ] - ''' - - def test_parse_dependency_licenses(self): - with patch('builtins.open', mock_open(read_data=self.mock_dependency_licenses)): - with open('dependency_licenses.json', 'r') as f: - data = json.load(f) - self.assertEqual(len(data), 4) - self.assertEqual(data[0]['Name'], 'Jinja2') - self.assertEqual(data[1]['License'], 'MIT License') - - def test_compare_dependency_licenses(self): - permitted_licenses = ["MIT", "MIT License", "Apache-2.0", "BSD", "BSD License"] - - with patch('builtins.open', mock_open(read_data=self.mock_dependency_licenses)): - with open('dependency_licenses.json', 'r') as f: - data = json.load(f) - - for package in data: - license = package['License'] - package_name = package['Name'] - with self.subTest(package=package_name): - if license not in permitted_licenses: - print(f"Error: Package {package_name} has an unrecognized license: {license}") - self.assertIn(license, permitted_licenses, f"Package {package_name} has an unrecognized license: {license}") - -if __name__ == '__main__': - unittest.main() From 734c86630db59c73726201ce69ebc0ac2e4c5bcc Mon Sep 17 00:00:00 2001 From: sema Date: Wed, 17 Jul 2024 15:43:39 +0200 Subject: [PATCH 6/7] Update license-compliance.yml --- .github/workflows/license-compliance.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/license-compliance.yml b/.github/workflows/license-compliance.yml index 54ed82d..4f2ea25 100644 --- a/.github/workflows/license-compliance.yml +++ b/.github/workflows/license-compliance.yml @@ -42,7 +42,10 @@ jobs: - name: 'Compare Dependency licenses' id: compare-dependency-licenses run: | - dependency_licenses=${{ steps.parse-dependency-licenses.outputs.dependency-licenses }} + dependency_licenses=$(cat dependency_licenses.json) + echo "Dependency licenses content:" + echo "${dependency_licenses}" + permitted_licenses="MIT,Apache-2.0,BSD,EPL1" non_compliant_packages="" for package in $(echo "${dependency_licenses}" | jq -r '.[] | .Package') @@ -58,6 +61,7 @@ jobs: exit 1 fi + - name: 'Upload Dependency License Report' if: always() uses: actions/upload-artifact@v2 From 0ec685cf2f6b0c9ee1c462e17cd35bf85db77a1d Mon Sep 17 00:00:00 2001 From: sema Date: Wed, 17 Jul 2024 15:54:25 +0200 Subject: [PATCH 7/7] Update license-compliance.yml --- .github/workflows/license-compliance.yml | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/.github/workflows/license-compliance.yml b/.github/workflows/license-compliance.yml index 4f2ea25..0b720c8 100644 --- a/.github/workflows/license-compliance.yml +++ b/.github/workflows/license-compliance.yml @@ -46,21 +46,17 @@ jobs: echo "Dependency licenses content:" echo "${dependency_licenses}" - permitted_licenses="MIT,Apache-2.0,BSD,EPL1" - non_compliant_packages="" - for package in $(echo "${dependency_licenses}" | jq -r '.[] | .Package') - do - license=$(echo "${dependency_licenses}" | jq -r --arg package "$package" '.[] | select(.Package == $package) | .License') + permitted_licenses="MIT License,Apache-2.0,BSD,EPL1" # Updated permitted licenses list + + for package_info in $(echo "${dependency_licenses}" | jq -c '.[]'); do + package_name=$(echo "${package_info}" | jq -r '.Name') + license=$(echo "${package_info}" | jq -r '.License') + if [[ ! ",${permitted_licenses}," =~ ",${license}," ]]; then - echo "Error: Package $package has an unrecognized license: $license" - non_compliant_packages+="Package $package has an unrecognized license: $license\n" + echo "Error: Package ${package_name} has an unrecognized license: ${license}" + exit 1 fi done - echo "::set-output name=non-compliant-packages::${non_compliant_packages}" - if [ -n "${non_compliant_packages}" ]; then - exit 1 - fi - - name: 'Upload Dependency License Report' if: always()