feat(spdx): Expose the validation of license text files' existence

[nnobelis]

ORT has a complicate logic to search for a file containing the full license text of a given license: several search paths are tried. Unfortunately, the latter are not exposed, making it hard for an alternative LicenseTextProvider to have the same logic. Additionally, the current code assumes that the license files are on a local storage and the I/Os are therefore cheap. To allow the current utility function to be used with a LicenseTextProvider that works with license text files stored on a network storage, this commit exposes the validation function.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 67.97%. Comparing base (a093540) to head (ed2f67e).
Report is 129 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##               main    #9523   +/-   ##
=========================================
  Coverage     67.97%   67.97%           
  Complexity     1290     1290           
=========================================
  Files           249      249           
  Lines          8813     8813           
  Branches        916      916           
=========================================
  Hits           5991     5991           
  Misses         2433     2433           
  Partials        389      389           

Flag	Coverage Δ
funTest-docker	64.84% <ø> (ø)
funTest-non-docker	33.24% <ø> (ø)
test	35.84% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[fviernau]

Have you considered refactoring the function to stop returning a lambda, in favour of the actual text / String?

[nnobelis]

No, what would be the motivation to do it ? Just for code cleanup ?

BTW, do you know why it was decided to return a lambda in the first place ?

EDIT: I think @mnonnenmacher wrote the implementation. Could you please share your opinion on this ?

[sschuberth]

BTW, do you know why it was decided to return a lambda in the first place ?

Git blame is your friend, the rationale is in the commit message of 45a3087.

[fviernau]

No, what would be the motivation to do it ?

Motivation IMO would be to have a cleaner / simpler (public) API.
The approach to do this lazily could still be kept, but by an ORT internal function.

(To me this API looks a bit more complicated than necessary / not clean enough, which I believe it should be fixed before made public).

I don't understand why exposing something like the following does not suffice (which I believe we already have).

interface LicenseTextReader {
    fun getLicenseText(licenseId: String, handleExceptions: Boolean)
}

fun getLicenseTextReader(textDirectories: List<File>)

[nnobelis]

@fviernau I think this is already the case. The public function hides the lambda return type https://github.com/boschglobal/oss-review-toolkit/blob/ed2f67ed59a0d7970ab7d4efb0767622cef05659/utils/spdx/src/main/kotlin/Utils.kt#L113.

[fviernau]

This PR exposes return type (() -> String)? of getLicenseTextReader(), doesn't it ?

[nnobelis]

Yes, but this is because the LicenseTextProvider.getLicenseTextReader also exposes this return type:

ort/reporter/src/main/kotlin/LicenseTextProvider.kt

Line 36 in 6a7d63d

fun getLicenseTextReader(licenseId: String): (() -> String)?

getLicenseText -> String?
getLicenseTextReader -> (() -> String)?

Therefore this is consistent with the current state of the implementation.

[sschuberth]

ORT has a complicate logic to search for a file containing the full license text of a given license: several search paths are tried. Unfortunately, the latter are not exposed, making it hard for an alternative LicenseTextProvider to have the same logic. Additionally, the current code assumes that the license files are on a local storage and the I/Os are therefore cheap. To allow the current utility function to be used with a LicenseTextProvider that works with license text files stored on a network storage, this commit exposes the validation function.

I totally agree to the described limitation, and that the current code with top-level functions is really ugly and hard to maintain.

That's why I started a while ago to think about a "license text provider API" where implementations should be done as plugins. Now that we have the KSP-based plugin architecture, it's probably a good time to revive that effort and implement it before making further changes to this code area.

[nnobelis]

@sschuberth Even if the current License Test Providers is migrated to a plugin architecture, you would still need to decouple the DefaultLicenseProvider to the logic for searching different paths with a given naming convention, so that other providers can use and extends it.
IMO, the API you mention should allow to:

• control the logic for the lookup of the licence texts, by adding/remove paths and controlling their priority
• control the file loading mechanism to allow some pre- and postprocessing

and in parallel you would have a core engine that processes the paths according to their priority, and call the processing functions.

However, we should discuss that with the Core developers in tech meeting.

The question is: How to move forward now ?
Who is going to actively work on this task ?

[nnobelis]

This PR is not needed by the ORT Server anymore:
Superseeded by eclipse-apoapsis/ort-server#1654

See also #9620 for the continuation of the discussion.