This document describes how the Apache OpenWhisk project's source code and release artifacts maintain compliance with ASF licensing policy in the following sections:
The Apache OpenWhisk project repositories MUST follow Apache Release Policy. every artifact distributed MUST contain only appropriately licensed code per Apache Licensing Policy. It includes two check points:
-
Each project repository MUST provide a LICENSE file and a NOTICE file.
-
With a few exceptions, source files consisting of works submitted directly to the ASF by the copyright owner or owner's agent must contain the appropriate ASF license header. Here are the exceptions:
- Files without any degree of creativity don't require a license header.
- Sometimes shorter form of ASF license header can be used if the recommended Apache source header is not appropriate.
In accordance with Apache LICENSE policies, the following tables lists the specific files, by type, that the community has discussed and have agreed MUST have an ASF approved Apache 2 license or can be excluded for a valid approved reason.
Note: These lists are not comprehensive and are intended to be informative only. Each project repository's respective LICENSE and NOTICE files should be considered the canonical source for their specific licensing declarations.
In accordance with Apache LICENSE policies, the table below lists files/file types that the community affirms MUST have an Apache LICENSE header since they are creating works representing Intellectual Property.
In addition, the recommended type of approved ASF license header (i.e., "full" or "minified" header) is noted as best practice.
| File type | ASF Header Type | Rationale |
|---|---|---|
Source code (e.g., *.scala, *.go, *.java, *.py, etc.) |
Full | Source code. |
Action functions (source) (e.g., .js, .py, .swift, etc, particularly under tests/dat folder.) |
Full | Source code. Use "Mini" header as best practice for performance reasons. |
Ansible Group vars. (YAML) (*/group_vars/all) |
Full | Project convention. |
Docker image build file (Dockerfile) |
Full | May contain functional (script) code. |
Documentation (e.g., *.md) |
Full | Intellectual property. |
Gradle files (build.gradle, *.gradle) |
Full | May contain functional scripts and code (e.g., Groovy, Kotlin). Includes build ( build.gradle) and settings (settings.gradle)files. |
Gradle properties files (*.properties) |
Full | Project convention. |
Groovy code (*.groovy) |
Full | Source code. |
| Makefile | Full | May contain functional (script) code. |
Scala Configurations (*.conf) |
Full | Scala (Java) configuration files may contain code or interfaces. |
Scala Properties (*.properties) |
Full | Project convention. Example: openwhisk/blob/master/tools/eclipse/scala.properties |
Script files (*.sh) |
Full | May contain functional (script) code. |
Vagrantfile configuration file (Vagrantfile) |
Full | Project convention. |
Web Content (e.g., *.html, .css) |
Full | Source code. |
Windows Command file (*.cmd) |
Full | May contain functional code. |
YAML files (*.yaml, *.yml) |
Full | May contain functional code. Note: Includes ( .travis.yml) |
- Full ASF License headers are always accepted regardless if a "Mini" header is recommended as best practice.
- Action source files used in performance testing may be added to "Known exclusions" when justified.
In accordance with Apache LICENSE policies, the table below lists general exclusions by file (type) as agreed to by the project community along with the justification.
| TAG | File type | Rationale |
|---|---|---|
| ANS.CFG | Ansible Configuration Files (*.cfg) |
Configuration files. Not much creativity. Example: openwhisk/ansible/ansible.cfg |
| ANS.ENV | Ansible environment files (*.env) |
Configuration files. Not much creativity. Example: ansible/environments/distributed/files/openstack/openstack.env |
| ANS.HOSTS | Ansible hosts files (hosts) |
Configuration files. Not much creativity. Example: openwhisk/ansible/environments/distributed/hosts |
| ANS.INI | Ansible (host) Inventory Files (*.ini) |
Configuration files. Not much creativity. Example: openwhisk/ansible/environments/local/hosts.j2.ini |
| API.ENC | Encrypted API Credentials used in Travis | Configuration data. Example: openwhisk-catalog/credentials.json.enc |
| DATA.AUTH | API Auth. key | Configuration data. Example: ansible/files/auth.guest |
| DATA.TEST | Empty (zero-length) test files | Empty test data file. Example: openwhisk/tests/dat/actions/empty.js |
| GIT.1 | Git configuration (.gitattributes, .gitignore) |
Configuration file. Not much creativity. |
| GIT.2 | Git tracking (.git subdirectory) |
Git file tracking. Not part of project source. |
| GODEPS.JSON | GoDeps dependencies data (Godeps.json) |
|
| GODEPS.README | GoDeps Readme file (Readme) |
Plain text Readme generated by the GoDeps utility; states the directory and JSON file within it were autogenerated. |
| GRDL.PROP | Gradle Wrapper properties (gradle-wrapper.properties) |
Generated by Gradle. Example: openwhisk-cli/gradle/wrapper/gradle-wrapper.properties |
| I18N.1 | Golang Internationalization resource files (i18n_resources.go) |
Not much creativity. The file is auto-generated; not able to add header. Example: openwhisk-client-go/wski18n/i18n_resources.go |
| IDE | IDE configuration files (e.g., .project) |
Not much creativity. |
| IGNORE | Tooling "ignore" files (e.g., .gitignore, .dockerignore) |
Not included in source release. |
| IMAGE | Binary Image files (e.g., .png, .jpg, .ico) |
Binary files. Example: openwhisk/docs/images/OpenWhisk.png |
| J2 | Jinja2 Template files (*.j2) |
REVIEW Not much creativity. Example: openwhisk/ansible/templates/whisk.properties.j2 |
| JSON | JSON files (*.json) |
Configuration and test data files. - Note: JSON files don't support comments Example: openwhisk/tests/dat/actions/echo.json |
| KUBE.1 | Kubernetes Configurations (e.g., *.env) |
Configuration file. Not much creativity. Example: openwhisk//ansible/environments/distributed/files/openstack/openstack.env |
| OAPI | Open API (Swagger) documents | JSON files describing API input data. Example: openwhisk/blob/master/tests/dat/apigw/testswaggerdoc2 for test input data |
| PEM | Privacy Enhanced Mail (PEM) files (*.pem) |
Contains generated, base64-encoded x509 keys. Example: openwhisk/ansible/roles/nginx/files/openwhisk-server-key.pem |
| PROFILE | Profiling configuration scripts (.profiling.*) |
Configure Docker container for profiling (build). |
| PYDEV | PyDev configuration files (.pydevproject) |
Not included in source release. |
| TEST.JAR | Java Application Resource (JAR) files (*.jar) |
Binary JAR files used for testing (Actions). |
| TEST.ZIP | ZIP compressed archive files (*.zip) |
Binary ZIP files used for testing (Actions). |
| XML | XML files (*.xml) |
Configuration and test data files. Example: openwhisk/tools/eclipse/java.xml |
The Apache OpenWhisk project enforces and verifies ASF License header conformance on all source files using the project's own scanCode utility (on all Travis CI builds) and Apache RAT tool (on all automated releases).
In accordance with Apache policy, these utilities exclude specific files from the ASF license header requirement which are configured in the following files:
- scanCode: ASF-Release.cfg
- Apache RAT: pom.xml (Apache Rat)
The following page contains a non-comprehensive listing of all project files, by repository that are known to not have ASF license headers along with the policy tag indicating the justification against the table above: license_exclusions.md
This section describes how the Apache OpenWhisk project enforces and verifies LICENSE and NOTICE file compliance as part of the DevOps and Release processes.
This utility is used to enforce LICENSE compliance on all contributions as they are submitted to GitHub.
The scancode utility code and documentation are under the OpenWhisk Utilities repository. The community has agreed that all repositories MUST include ASF LICENSE scanning as part of the Travis Continuous Integration (CI) process enabled to run on every contribution via a GitHub Pull Request (PR). This means no new or updated files can be merged unless they have a valid ASF LICENSE header where required by policy.
- The Utility itself is here: scancode
- The ASF Compliance configuration is here: ASF-Release.cfg
The README for this repository includes a table that indicates where the scancode utility is invoked, as part of the GitHub Travis CI process, per project repository.
The Apache Rat tool is used to verify LICENSE and NOTICE file compliance as part of the release process.
verify_source_code.sh in the tools folder is to verify license compliance. Apache Rat is used to verify license headers. Files excluded license header verification following the previous rules are configured in the file pom.xml.
cd $OPENWHISK_SOURCE_DIR
cp $SCRIPTDIR/lib/pom.xml ./
mvn clean apache-rat:check
The script snippet, shown below, is used to check LICENSE file and NOTICE file in every repository when either an automated or manual release is initiated by a Release Manager.
for repo in $(echo $repos | sed "s/,/ /g")
do
repo_name=$(echo "$repo" | sed -e 's/^"//' -e 's/"$//')
echo "Check the repository $repo_name"
cd $OPENWHISK_CLEANED_SOURCE_DIR/$repo_name && ls {LICENSE*,NOTICE*}
done
After downloading the source codes to your local disk, run the following script to verify license compliance:
$ ./tools/travis/verify_source_code.sh
Although Apache Tentacles is a tool to check LICENSE file and NOTICE file in artifacts uploading to a staging repository, it is not usable for the Apache OpenWhisk project because it doesn't support the unpacking of tar.gz files.### Known exclusions