Add generate third party licenses #799
Conversation
| truncate -s 0 "${license_file}" | ||
| { | ||
| # The apache 2.0 license doesn't get modified with a copywrite. To reduce duplication, add attribution for each project using the license, but include the license text just once. | ||
| go-licenses report --template="${root}/scripts/third_party_licenses/apache.tpl" --ignore github.com/awslabs/amazon-ecr-credential-helper/ecr-login ./... |
There was a problem hiding this comment.
Some projects might have dual/multi licenses, with one being Apache 2.0. This approach would avoid copying those extra licenses, but I guess we don't really care as long as one is Apache 2.0 that's fine.
There was a problem hiding this comment.
We might want to double check this, but I think the project would just show up in the list twice. Once under the Apache section, and a second time with its other license.
There was a problem hiding this comment.
It might be a limitation of the go-licenses tool. See google/go-licenses#117
austinvazquez
force-pushed
the
add-generate-third-party-licenses
branch
3 times, most recently
from
6e41943
to
b305079
Compare
This change is a raw important of the third party license generation code from https://github.com/awslabs/soci-snapshotter/tree/be8940b39667bc3975cf7ea8a71177e4bfb5f6e0 Signed-off-by: Austin Vazquez <[email protected]>
Signed-off-by: Austin Vazquez <[email protected]>
This change updates the repo's THIRD-PARTY-LICENSES file for the latest dependencies. Signed-off-by: Austin Vazquez <[email protected]>
austinvazquez
force-pushed
the
add-generate-third-party-licenses
branch
2 times, most recently
from
e21aa2d
to
3f5e467
Compare
This change adds 3rd party license checks to CI to ensure only pre-approved licenses are used by the Amazon ECR credential helper project. Signed-off-by: Austin Vazquez <[email protected]>
austinvazquez
force-pushed
the
add-generate-third-party-licenses
branch
from
3f5e467
to
2416e54
Compare
|
@pendo324, @Kern--, please review. I was unable to solve the dual license problem. The workaround I am proposing is to include a license check in GitHub Actions CI which will fail if a license is not pre-approved. Of our existing dependencies, 1 in 26 is dual licensed. See THIRD-PARTY-LICENSES for gopkg.in/yaml.v3 (a test dependency). Both licenses are being listed in the third party licenses file currently. |
|
Note to maintainers: this change was drafted such that each change is buildable. Commits in this PR should not be squashed to preserve import of code from awslabs/soci-snapshotter project. |
Issue #, if available:
The repositories' THIRD-PARTY-LICENSE file is out of date with the list of dependencies used.
Description of changes:
This change imports third party licenses file generation from the SOCI project and modifies it based on the Amazon ECR credential helper project's needs. Additionally this change will add license checks such that only pre-approved licenses are used in the project. This will be checked in GitHub Actions CI.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.