License checker extensions

[netsettler]

Some additions to license checkers.

• New license framework for R (tentatively implemented)
• New license framework for Conda (tentatively implemented)
• Much new license metadata
• New script run-license-checker for people to use this without installing it in code.

Having done this, though, we removed the scan2-pipeline policy definition because it can now be modularly added elsewhere, in that code. Such a definition can be added in an external module and then invoked interactively by:

run-license-checker scan2-pipeline --policy-dir <dir>

or from code by:

from dcicutils.license_utils import LicenseCheckerRegistry
Scan2PipelineLicenseChecker = LicenseCheckerRegistry.lookup_checker('scan2-pipeline', policy_dir=<policy-dir>)
Scan2PIpelineLicenseChecker.validate()

Note that if the conda checkers do not run, you may be in the wrong directory or Conda may not have set its CONDA_PREFIX environment variable. You can specify the directory by:

from dcicutils.license_utils import LicenseCheckerRegistry, LicenseOptions
Scan2PipelineLicenseChecker = LicenseCheckerRegistry.lookup_checker('scan2-pipeline', policy_dir="<policy-dir>")
with LicenseOptions.selected_options(conda_prefix="<conda-dir>"):
    Scan2PIpelineLicenseChecker.validate()

or you can override the search for Conda's CONDA_PREFIX environment variable by setting the CONDA_LICENSE_CHECKER_PREFIX environment variable, which can be used to override CONDA_PREFIX.

[coveralls]

Pull Request Test Coverage Report for Build 6354777482

• 254 of 331 (76.74%) changed or added relevant lines in 3 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage decreased (-0.1%) to 77.659%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
dcicutils/license_utils.py	240	317	75.71%

Totals
Change from base Build 6240767306:	-0.1%
Covered Lines:	8478
Relevant Lines:	10917

---

💛 - Coveralls

[willronchetti]

These changes look good and the tool in general looks super useful and extendable as needed

[willronchetti]

This could use some docstring as the function name reads like its generic but you've got some GPL specific things going on here

[netsettler]

It's true that it might not actually matter a lot if someone else used it. I can look at that.

[willronchetti]

Should this be read from a file?

[netsettler]

I'm going to look into that. The trade-off is that these are really things that should be matters of fixed policy, at least insofar as the validator functions are, and people should not be thinking they can just casually edit this stuff to make it go away. It requires a lot of thought about legalities. But, that said, the command line form allows someone to explore whether they're compliant and to work toward getting things in order. For that it can be useful to evolve something and propose it as a coherent whole. So it's not a technical matter but a social, workflow, and legal issue. I'll do a little more functionality on that, though.

[netsettler]

This got done and is now merged to this PR.

[willronchetti]

Could you explain why this needs a separate class? Is this because it uses mixed software not living under one language?

[netsettler]

We only have this one worked case of someone new working on things, but my definite sense from the experience is that this is one of those places where exceptions are the most likely. Every now and then you can make exceptions on a broad basis, like for docutils, because it's simply the nature of docutils that people mostly use those at dev time. But for other libraries, the thing is that you only know you can make an exception if the use is conforming because of how that particular repo uses something, like we know we only use it in some maintenance script and it's not part of the core library that gets delivered to pypi, or something like that. So I can't put that kind of exception in the main classes. But there could be some other place these are kept. Maybe someplace maintained by an employer or a corporate division (in our case dbmi or hms).