-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add license check #46
Comments
Hi, I think it makes sense. Historically, the only license classification I saw was https://www.apache.org/legal/resolved.html (which was basically the only motivation for the plugin itself). So I have Lines 173 to 186 in acaadb5
Splitting "verify license" from |
Do you think you could prepare a PR for a "check license compatibility" or "verify license compatibility" (I'm not sure regarding the naming) task in license-gather-plugin? |
Thanks for the quick response! |
By the way, do you have a use-case (a github project?) for this "license check"? |
I have a use-case, but the project I'm working on is not open source unfortunately. |
I see. Do you have a reference for the known compatible licenses? Are you going to add "allowed" licenses one by one? For instance, the ASF has three license categories: A (allowed in source form), B (allowed only in binary artifacts), and X (forbidden everywhere). So one of the configurations could be: val gatherLicenes by tasks.registering(GatherLicenseTask::class) {
configuration(configurations.runtimeClasspath)
// configure license overrides, etc
}
val verifyLicenseCompatibility by tasks.register(VerifyLicenseCompatibilityTask::class) {
metadata.set(gatherLicenes) // <-- "metadata" could probably have a better naming
allow(AsfLicenseCategory.A)
} |
Allowing whole categories would be a nice usability helper, but in the general case I think we would also need the ability to allow licenses one by one as well as custom named licenses (e.g. jgit which is detected as |
I think behind the lines of allow(
SimpleLicense(
"Java HTML Tidy License",
uri("http://jtidy.svn.sourceforge.net/viewvc/jtidy/trunk/jtidy/LICENSE.txt?revision=95")
)
) class VerifyLicenseCompatibilityTask : DefaultTask() {
/**
* This is a file collected by [GatherLicenseTask].
*/
@InputFiles
val metadata = objectFactory.fileCollection()
@Input
val acceptableLicenses = objectFactory.setProperty<LicenseExpression>()
/**
* Outputs `OK` when verification is successful.
*/
@OutputFile
val resultFile = objectFactory.fileProperty()
fun allow(license: License) {
acceptableLicenses.add(license.asExpression())
}
fun allow(license: Set<License>) { // or vararg?
acceptableLicenses.add(license.asExpression())
}
fun allow(licenseExpression: LicenseExpression) {
acceptableLicenses.add(licenseExpression)
}
fun allow(licenseExpression: Set<LicenseExpression>) { // or vararg?
acceptableLicenses.add(licenseExpression)
}
... |
Sounds good 🙂 |
Hi @vlsi,
I would like to have the possibility to specify a set of licenses that I want to allow for the project and a task that checks whether only matching licenses are found. This would allow to detect early when a dependency with an incompatible license is introduced. As the
GatherLicenseTask
already does the hard work of collecting that information this should not be very complicated to add I guess.The API could look similar to https://github.com/cashapp/licensee#allow.
(Your plugin is way better in determining the correct SPDX identifier and allows overriding in contrast to licensee)
What do you think?
Would you accept a PR adding this feature?
The text was updated successfully, but these errors were encountered: