[theia-dev] 3PP FOSS license check now semi-automated, part of CI

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[theia-dev] 3PP FOSS license check now semi-automated, part of CI

From: Marc Dumais <marc.dumais@xxxxxxxxxxxx>
Date: Tue, 14 Sep 2021 16:31:53 +0000
Accept-language: en-US
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=qntPi8wCWE1dMpvaJD2avh45x7UmfF4dxt0aZeP0/zY=; b=fJyCXUyVFbeliEEEOD5RPyk4EoLUkXiTSbuPzQ7cnRU8dF1HbXgMeAhuCWcBiTHWoQO5Uhua1e93Lyzcm1nFctGaHlVkDdcnjp2fq6DNdhPFIcPPsNDiRtyPE7xZPCcYCzGXq6cOCt1Y5byKPEHbeA+NXq2P7xDwpZiFUb+JIE0Jw7CyXwrjKJoM/TUEAaKt3JwEtsodcudLPt2WafLNkHV/S7oVcaM9MJtseX3A7vFNqzbMj5ljtTUSDOkpsTmT1G7zqLbK+Xj0sYywCGgyyB006kq2AFr+foMcAyRbCXQb3F2CJzudExC5sfRAUPd0Mrtpy7PrjmdNhoO3D1sK5w==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=FWrt7oJneLy3CLU1Bs+3xvs89ePfPGQGd21D3kxBd3kkcQLaaqhKLWJHikvwYmhtj8+q9Fq6InA2crYqSAt37K9y2euT/P2idiwz5ceeoI9oCEoo6MDcbay5brbF5HCUnjQWVFnUwMJ5A647CplIBlkNalG7LyiDL3IntiiHJ8DAmJxuD84lyrBX5pcMXDhOmqlz+eG+b3GO8eHAboIaEFp1zA1+6cGvncHWnHamAy72k2nMGE4pcSewzzS9SLZTlForvT4lYgIQcVpxKwVc4UrjdTs6xauDbnUVxLiRQd9LwKRnWWpeWTJz+pYgt219+8jnVF28SpbrAbLdsRdncg==
Delivered-to: theia-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/theia-dev/>
List-help: <mailto:theia-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/theia-dev>, <mailto:theia-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/theia-dev>, <mailto:theia-dev-request@eclipse.org?subject=unsubscribe>
Suggested_attachment_session_id: 06f47676-3322-f58f-aca1-c37976d18382
Thread-index: AQHXqYLR9ZE4PWhz4U2LSbPyxtDvBA==
Thread-topic: 3PP FOSS license check now semi-automated, part of CI

Hi,

As mentioned in today's dev-meeting, we have recently added a new "License check" GitHub CI workflow (1) that validates the license of our project's dependencies. This replaces the manual process, that we had until now.

Under the hood, this uses Eclipse Foundation's dash-licenses tool (2), which in turn uses clearlydefined (like our now obsolete manual process) and also the Foundation's CQ database, to validate dependencies listed in our yarn.lock file.

In short, so long as the license check CI step passes, there is nothing extra to do. It means that the PR does not introduce any new dependency that's not known/approved, according to dash-licenses.

If the license check step fails, a committer needs to open a CQ about the dependency(ies) that were flagged by dash-licenses and wait for the IP team's permission before merging.

A bit of good news: opening CQs for such dependencies may soon be a thing of the past, in most cases: dash-licenses can be made to automatically (4) open CQ-equivalents (issues on EF Gitlab) that can often be automatically approved in minutes, and that the IP Team will manually investigate, if not.

Let me know if you have related questions.

Regards,

Marc

(1): for now in the main repo: https://github.com/eclipse-theia/theia/blob/master/.github/workflows/license-check.yml

(2): https://github.com/eclipse/dash-licenses

(3): https://github.com/eclipse-theia/theia/blob/master/license-check-baseline.json

(4): https://github.com/eclipse/dash-licenses#automatic-ip-team-review-requests

Prev by Date: Re: [theia-dev] Adopter Stories
Next by Date: [theia-dev] TheiaCon: Call for Presentation is open!
Previous by thread: [theia-dev] Adopter Stories
Next by thread: [theia-dev] TheiaCon: Call for Presentation is open!
Index(es):
- Date
- Thread

Breadcrumbs