Comments (7)
This seems to have stopped on our workstation, but @gonzedge is having the same issue right now. Weird.
from licensefinder.
Possibly-related work done last year around not updating the database if there are no changes: 23f4cae
(This is just a note to myself)
from licensefinder.
Looking into this today.
- get a reproducible test case
- investigate if we're using UTC under the hood (Taavo's comment implies we're not)
- spike on how to fix this
from licensefinder.
Note there's a branch which provides a reproducible test failure: flavorjones-fix-timestamp-issue-114
from licensefinder.
@taavo take a look at #126, a PR which is a step towards resolving your problem. The main change that would affect you is that LF wouldn't write any reports to the file system unless explicitly asked to. So, here's a workflow I can imagine you would adopt...
- When committing, run
license_finder
to see if there are any unapproved dependencies. You could have unapproved dependencies either because they are new and don't fall under your whitelist, or because you changed license_finder's configuration (e.g. removed a license from the whitelist) so old dependencies are no longer approved. This will not modify the file system in any way, so it will never change timestamps in the reports. - Check whether Gemfile.lock (or whatever files your package managers use) changed, to see whether the reports are likely to include new dependencies.
- If step 1 or 2 report any changes, run
license_finder report --format html > doc/dependencies.html
to update the HTML. Timestamps will change, but this is expected and desired.
The PR is a major refactoring and so probably won't be merged for awhile (if at all) but if your problem is really urgent, you could point your Gemfile at the pull or at https://github.com/mainej/LicenseFinder/tree/decisions.
from licensefinder.
I thought about the workflow I laid out earlier. It wouldn't work very well in a rake command or pre-commit hook. The problem is that in #126 there was no longer a single place to check whether anything had changed - whether dependencies were added or removed, and whether more or fewer were approved.
Since merging that PR I've added a CSV report that will show all dependencies, including which are approved: license_finder report --format csv --columns approved name version licenses
. This allows a reasonably simple script you could use in a rake task or pre-commit hook. The script is in a gist, so you can modify at will, but it's copied here for documentation:
#!/bin/bash
HTML_REPORT=doc/dependencies.html
STATUS_REPORT=doc/dependencies.csv
checksum_before=$(md5 -q < $STATUS_REPORT)
checksum_after=$(license_finder report --format csv --columns approved name version licenses | tee $STATUS_REPORT | md5 -q)
# # Alternatively
# CHECKSUM_FILE=doc/dependencies_status.md5
# checksum_before=$(cat $CHECKSUM_FILE)
# checksum_after=$(license_finder report --format csv --columns approved name version licenses | md5 -q | tee $CHECKSUM_FILE)
if [ "$checksum_before" != "$checksum_after" ]
then
license_finder report --format html > $HTML_REPORT;
exit 1
fi
from licensefinder.
Closing this with the release of 2.0. Fixing this kind of problem was a major motivation for the 2.0 work, so thanks for contributing to this discussion.
from licensefinder.
Related Issues (20)
- Scanning for Flutter dependency licenses is broken HOT 3
- SPM local packages HOT 2
- Pathname with spaces is not properly escaped HOT 2
- LicenseFinder hangs / stuck with Electron and Yarn HOT 3
- Unable to parse requirements file containing arguments to pip HOT 2
- Asterisk shouldn't affect license permission HOT 1
- Parse and validate valid license expressions HOT 2
- Don't get licenses when running docker in Azure Pipeline HOT 1
- False Negative on AGPL HOT 1
- ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath. Using SimpleLogger to log to the console... (RuntimeError) HOT 1
- Breaking change after 7.2.0 ? HOT 6
- nuget <licenseUrl> is deprecated HOT 1
- [BUG] 'permitted_licenses add' not working properly for all licenses using spdx-id format. LGPL and Python for sure. HOT 2
- docker image has EOL python 3 version HOT 2
- Gradle command issue HOT 2
- Add possibility to permit / restrict licenses based on regex HOT 2
- Yarn 2 does not work for recursive projects HOT 2
- Ubuntu PHP PPA has dropped support for Bionic HOT 2
- Missing licenses for npm packages HOT 6
- Prune unnecessary decisions when packages/LicenseFinder improves HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from licensefinder.