fix(reporter): Add ScanCode license texts to reporter docker image #1680
Conversation
wkl3nk
force-pushed
the
wkl3nk/add-scancode-license-texts-to-reporter-image
branch
from
5ea0573 to
99e6636
Compare
wkl3nk
requested review from
bs-ondem,
MarcelBochtler,
mnonnenmacher,
nnobelis,
oheger-bosch and
sschuberth
as code owners
This comment was marked as resolved.
This comment was marked as resolved.
wkl3nk
force-pushed
the
wkl3nk/add-scancode-license-texts-to-reporter-image
branch
from
99e6636 to
4da28f7
Compare
| RUN apt-get update && apt-get install -y curl libgomp1 && rm -rf /var/lib/apt/lists/* | ||
|
|
||
| # Use pip to install ScanCode | ||
| RUN curl -Os https://raw.githubusercontent.com/nexB/scancode-toolkit/v$SCANCODE_VERSION/requirements.txt && \ |
There was a problem hiding this comment.
I wonder whether in this case, where ScanCode itself it not really needed, it wouldn't be more efficient to use e.g. curl (and some jq magic) on the LicenseDB API and download the *.LICENSE files directly.
There was a problem hiding this comment.
But then the procedere to fetch the *.LICENSE files would be different from how it is done in the ORT docker image. I would prefer to do it in the same way for both docker images: The ORT docker image and the ORT Server Reporter docker image.
There was a problem hiding this comment.
I can understand your motivation. However, the constraints are a bit different: The ORT Docker image needs ScanCode anyway, so it's natural to also use scancode-license-data. But here, we're adding all of ScanCode just to run scancode-license-data.
That's just something I wanted to point out. For simplicity, we should probably still do as you propose. I believe we anyway need to rework the way ORT provides ScanCode license texts. But that can and probably should be addressed separately.
There was a problem hiding this comment.
I agree that we should first improve the way we get license texts in ORT itself. There might be ways to implement this more efficiently, but as this only affects build performance in the multi-stage build and not the final image I don't see it as a pressing issue.
wkl3nk
force-pushed
the
wkl3nk/add-scancode-license-texts-to-reporter-image
branch
from
4da28f7 to
74c966d
Compare
Dump the ScanCode license texts to directory /opt/scancode-license-data when creating the reporter docker container. This directory is used by ORT as fallback option if the ScanCode license texts cannot be located by the existing heuristic look-up algorithm. See oss-review-toolkit/ort#9622. Signed-off-by: Wolfgang Klenk <[email protected]>
wkl3nk
force-pushed
the
wkl3nk/add-scancode-license-texts-to-reporter-image
branch
from
74c966d to
fd2563d
Compare
mnonnenmacher
deleted the
wkl3nk/add-scancode-license-texts-to-reporter-image
branch
Dump the ScanCode license texts to directory /opt/scancode-license-data when creating the reporter docker container.
This directory is used by ORT as fallback option if the ScanCode license texts cannot be located by the existing heuristic look-up algorithm.
See oss-review-toolkit/ort#9622.