Add license check about vlsi-release-plugins HOT 9 CLOSED

Thanks for the quick response!
I tried to dig into it, but I have to admit I didn't understand yet how all the pieces fit together and won't have the time in the near future to continue working on it.

from vlsi-release-plugins.

Hi,

I think it makes sense. Historically, the only license classification I saw was https://www.apache.org/legal/resolved.html (which was basically the only motivation for the plugin itself).

So I have

Splitting "verify license" from Apache2LicenseRenderer into a separate task sounds like the right thing to do.

from vlsi-release-plugins.

Do you think you could prepare a PR for a "check license compatibility" or "verify license compatibility" (I'm not sure regarding the naming) task in license-gather-plugin?

from vlsi-release-plugins.

By the way, do you have a use-case (a github project?) for this "license check"?

from vlsi-release-plugins.

I have a use-case, but the project I'm working on is not open source unfortunately.

from vlsi-release-plugins.

I see. Do you have a reference for the known compatible licenses? Are you going to add "allowed" licenses one by one?

For instance, the ASF has three license categories: A (allowed in source form), B (allowed only in binary artifacts), and X (forbidden everywhere).

So one of the configurations could be:

val gatherLicenes by tasks.registering(GatherLicenseTask::class) {
    configuration(configurations.runtimeClasspath)
    // configure license overrides, etc
}

val verifyLicenseCompatibility by tasks.register(VerifyLicenseCompatibilityTask::class) {
    metadata.set(gatherLicenes) // <-- "metadata" could probably have a better naming
    allow(AsfLicenseCategory.A)
}

from vlsi-release-plugins.

Allowing whole categories would be a nice usability helper, but in the general case I think we would also need the ability to allow licenses one by one as well as custom named licenses (e.g. jgit which is detected as Eclipse Distribution License (New BSD License))

from vlsi-release-plugins.

I think behind the lines of VerifyLicenseCompatibilityTask below, so adding "non-standard" would be like

allow(
    SimpleLicense(
        "Java HTML Tidy License",
        uri("http://jtidy.svn.sourceforge.net/viewvc/jtidy/trunk/jtidy/LICENSE.txt?revision=95")
    )
)

class VerifyLicenseCompatibilityTask : DefaultTask() {
    /**
     * This is a file collected by [GatherLicenseTask].
     */
    @InputFiles
    val metadata = objectFactory.fileCollection()

    @Input
    val acceptableLicenses = objectFactory.setProperty<LicenseExpression>()

    /**
     * Outputs `OK` when verification is successful.
     */
    @OutputFile
    val resultFile = objectFactory.fileProperty()

    fun allow(license: License) {
        acceptableLicenses.add(license.asExpression())
    }

    fun allow(license: Set<License>) { // or vararg?
        acceptableLicenses.add(license.asExpression())
    }

    fun allow(licenseExpression: LicenseExpression) {
        acceptableLicenses.add(licenseExpression)
    }

    fun allow(licenseExpression: Set<LicenseExpression>) { // or vararg?
        acceptableLicenses.add(licenseExpression)
    }
...

from vlsi-release-plugins.

Sounds good 🙂
Thank you very much for pushing that idea forward!

from vlsi-release-plugins.