Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Upgrade licensee #549

Merged
merged 6 commits into from
Jun 12, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 10 additions & 11 deletions DevDockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ ENV CRAWLER_BUILD_NUMBER=$BUILD_NUMBER
# Ruby and Python Dependencies
RUN apt-get update && apt-get install -y --no-install-recommends --no-install-suggests curl bzip2 build-essential libssl-dev libreadline-dev zlib1g-dev cmake python3 python3-dev python3-pip xz-utils libxml2-dev libxslt1-dev libpopt0 && \
rm -rf /var/lib/apt/lists/* && \
curl -L https://github.com/rbenv/ruby-build/archive/v20180822.tar.gz | tar -zxvf - -C /tmp/ && \
curl -L https://github.com/rbenv/ruby-build/archive/refs/tags/v20231012.tar.gz | tar -zxvf - -C /tmp/ && \
cd /tmp/ruby-build-* && ./install.sh && cd / && \
ruby-build -v 2.5.1 /usr/local && rm -rfv /tmp/ruby-build-* && \
gem install bundler -v 2.3.26 --no-document
ruby-build -v 3.2.2 /usr/local && rm -rfv /tmp/ruby-build-* && \
gem install bundler -v 2.5.4 --no-document

# Scancode
ARG SCANCODE_VERSION="30.1.0"
Expand All @@ -27,14 +27,13 @@ RUN pip3 install --upgrade pip setuptools wheel && \
ENV SCANCODE_HOME=/usr/local/bin

# Licensee
# The latest version of nokogiri (1.13.1) and faraday (2.3.0) requires RubyGem 2.6.0 while
# the current RubyGem is 2.5.1. However, after upgrading RubyGem to 3.1.2, licensee:9.12.0 starts
# to have hard time to find license in LICENSE file, like component npm/npmjs/-/caniuse-lite/1.0.30001344.
# So we pin to the previous version of nokogiri and faraday.
RUN gem install nokogiri:1.12.5 --no-document && \
gem install faraday:1.10.0 --no-document && \
gem install public_suffix:4.0.7 --no-document && \
gem install licensee:9.12.0 --no-document
# Licensee and its dependencies pinned to its latest version which helped to update the ruby to its recent version,
# Component npm/npmjs/-/caniuse-lite/1.0.30001344 is getting identified by its correct license but the matcher is dice.
# The match is not an exact match and hence not adopted by CD licensee summarizer.
RUN gem install nokogiri:1.16.0 --no-document && \
gem install faraday:2.9.0 --no-document && \
gem install public_suffix:5.0.4 --no-document && \
gem install licensee:9.16.1 --no-document

# REUSE
RUN pip3 install setuptools
Expand Down
21 changes: 10 additions & 11 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,10 @@ ENV CRAWLER_BUILD_NUMBER=$BUILD_NUMBER
# Ruby and Python Dependencies
RUN apt-get update && apt-get install -y --no-install-recommends --no-install-suggests curl bzip2 build-essential libssl-dev libreadline-dev zlib1g-dev cmake python3 python3-dev python3-pip xz-utils libxml2-dev libxslt1-dev libpopt0 && \
rm -rf /var/lib/apt/lists/* && \
curl -L https://github.com/rbenv/ruby-build/archive/v20180822.tar.gz | tar -zxvf - -C /tmp/ && \
curl -L https://github.com/rbenv/ruby-build/archive/refs/tags/v20231012.tar.gz | tar -zxvf - -C /tmp/ && \
cd /tmp/ruby-build-* && ./install.sh && cd / && \
ruby-build -v 2.5.1 /usr/local && rm -rfv /tmp/ruby-build-* && \
gem install bundler -v 2.3.26 --no-document
ruby-build -v 3.2.2 /usr/local && rm -rfv /tmp/ruby-build-* && \
gem install bundler -v 2.5.4 --no-document

# Scancode
ARG SCANCODE_VERSION="30.1.0"
Expand All @@ -33,14 +33,13 @@ RUN pip3 install --upgrade pip setuptools wheel && \
ENV SCANCODE_HOME=/usr/local/bin

# Licensee
# The latest version of nokogiri (1.13.1) and faraday (2.3.0) requires RubyGem 2.6.0 while
# the current RubyGem is 2.5.1. However, after upgrading RubyGem to 3.1.2, licensee:9.12.0 starts
# to have hard time to find license in LICENSE file, like component npm/npmjs/-/caniuse-lite/1.0.30001344.
# So we pin to the previous version of nokogiri and faraday.
RUN gem install nokogiri:1.12.5 --no-document && \
gem install faraday:1.10.0 --no-document && \
gem install public_suffix:4.0.7 --no-document && \
gem install licensee:9.12.0 --no-document
# Licensee and its dependencies pinned to its latest version which helped to update the ruby to its recent version,
# Component npm/npmjs/-/caniuse-lite/1.0.30001344 is getting identified by its correct license but the matcher is dice.
# The match is not an exact match and hence not adopted by CD licensee summarizer.
RUN gem install nokogiri:1.16.0 --no-document && \
gem install faraday:2.9.0 --no-document && \
gem install public_suffix:5.0.4 --no-document && \
gem install licensee:9.16.1 --no-document

# REUSE
RUN pip3 install setuptools
Expand Down