Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check the license header for Notation and its dependencies #706

Closed
2 tasks
FeynmanZhou opened this issue Jun 5, 2023 · 3 comments · Fixed by #739
Closed
2 tasks

Check the license header for Notation and its dependencies #706

FeynmanZhou opened this issue Jun 5, 2023 · 3 comments · Fixed by #739
Assignees
@Two-Hearts
Labels
enhancement New feature or request
Milestone
1.0.0

Comments

@FeynmanZhou
Copy link
Member

FeynmanZhou commented Jun 5, 2023
edited

What is the areas you would like to add the new feature to?

Notation CLI

Is your feature request related to a problem?

This is a requirement about scanning and checking whether code changes contain correct license headers and their dependencies in each PRchecking

What solution do you propose?

We want to check license headers and dependencies' licenses for Notation. This is important to align with the CNCF open-source compliance policy.

SkyWalking-Eyes might be a good tool to implement the license header check and can be integrated into the GitHub Actions workflow.

It will scan and check whether code changes contain correct license headers and their dependencies in each PR (CI). There is an example in ORAS: https://github.com/oras-project/oras/actions/runs/4912774337/jobs/8772170747

What alternatives have you considered?

N/A

Any additional context?

Two things we need to complete for this issue:

  • Generate a template to generate the summary of dependencies' licenses
  • Add this license check to GitHub Actions
@FeynmanZhou FeynmanZhou added enhancement New feature or request triage Need to triage good first issue Good for newcomers labels Jun 5, 2023
@kokamkarsahil
Copy link

I have noticed it has been given write permission to run it, will it be fine to give it?

https://github.com/oras-project/oras/blob/3ff15bbcb516fe5f3a766fb37ac0d92efe15c98e/.github/workflows/license-checker.yml#L26-L28

There is also an official action by GitHub which can perform licence check: https://github.com/actions/dependency-review-action#configuration-options along with other features.
But there seems to be an open issue which can cause problems actions/dependency-review-action#459

Thank you!

The link the to Skywalking Action is broken https://github.com/marketplace/actions/license-eye correct link-> https://github.com/marketplace/actions/license-eye-header

@zr-msft
Copy link
Contributor

zr-msft commented Jun 15, 2023

@FeynmanZhou have you considered creating a NOTICE file to include the dependency licenses?

cc @toddysm

This was referenced Jun 16, 2023
Closed
Closed
@yizha1 yizha1 removed good first issue Good for newcomers triage Need to triage labels Jul 11, 2023
@yizha1 yizha1 added this to the 1.0.0 milestone Jul 11, 2023
@FeynmanZhou
Copy link
Member Author

@FeynmanZhou have you considered creating a NOTICE file to include the dependency licenses?

cc @toddysm

@zr-msft Not yet. Only Apache software has a requirement for creating a NOTICE file https://www.apache.org/legal/src-headers.html#notice. CNCF seems don't have such a requirement to include a NOTICE file for the project.

@Two-Hearts Two-Hearts mentioned this issue Jul 12, 2023
Merged
priteshbandi pushed a commit that referenced this issue Jul 18, 2023
@Two-Hearts
chore: add license header to files and github action workflow to chec…
57a0a6e 
…k license (#739)

Resolves #706

Signed-off-by: Patrick Zheng <patrickzheng@microsoft.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Two-Hearts Two-Hearts

Labels
enhancement New feature or request
Projects
Notary Project Planning Board
Status: Done
Milestone
1.0.0
Development

Successfully merging a pull request may close this issue.

chore: add license header to files and github action workflow to check license Two-Hearts/notation
5 participants
@FeynmanZhou @zr-msft @kokamkarsahil @yizha1 @Two-Hearts