This repository has been archived by the owner on Apr 1, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cnr
reviewed
Jun 18, 2021
cnr
reviewed
Jun 18, 2021
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall looks really good -- one major suggestion and some nits
skilly-lily
suggested changes
Jun 21, 2021
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left a ton of nits, but found a major issue that might allow files with no dependencies.
This should also be formatted
zlav
force-pushed
the
feat/license-scan-deps
branch
from
June 22, 2021 00:04
5648d6e
to
340115b
Compare
skilly-lily
approved these changes
Jun 22, 2021
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, a few leftover nits, but this is ready to go.
This pull request was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
This PR adds support for license scanning vendored dependencies in a user's project. This initial implementation relies on the archive uploader.
These dependencies can be specified in the
fossa-deps.yml
file asvendored-dependencies
Acceptance criteria
Adding a dependency to the
fossa-deps.yml
file causes it to be archive uploaded, license scanned on the backend, and displayed in the projects list of dependencies.Testing plan
Validate that the archive upload works end to end
fossa-deps.yml
file with a dependency in the vendored sectionfossa analyze
Risks
I am most concerned about decisions that won't be reversible in the future. The biggest risk is unintuitive behavior to the user, so if anyone sees a spot a warning or an error should exist let me know.
References
#245
Closes https://github.com/fossas/team-analysis/issues/544
Checklist
haskell-language-server
) any files I touched in this PR.docs/
.Changelog.md
. If this PR did not mark a release, I added my changes into an# Unreleased
section at the top.