Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix fetching licenses for jvm packages #682

Merged
merged 4 commits into from
Nov 1, 2023
Merged

Fix fetching licenses for jvm packages #682

merged 4 commits into from
Nov 1, 2023

Conversation

puchta
Copy link
Contributor

@puchta puchta commented Oct 30, 2023
edited
Loading

I've found that license information of mvn packages may be stored in at least 4 ways (so far cdxgen used only the fist one).

  • in the field licenses.license of the POM document
  • in the field licenses.license of another POM document (defined by the parent field of the POM).
  • as a comment in the POM.xml
  • in the github repo specified in the POM document

I've implemented

  • merging POM witht the parent POM
  • regexping pom in search of license text
  • querying the repo (if specified in POM)
    • I've improved the way github api address is deduced from repo address - so that now it accepts more patterns.

puchta added 4 commits October 27, 2023 12:32
@puchta
Added several entries to lic-mapping.json
b7b5ab9 
Signed-off-by: Jacek Puchta <jacek.puchta@dotdata.com>
@puchta
Improved deducing license of MVN packages
5f21335 
Signed-off-by: Jacek Puchta <jacek.puchta@dotdata.com>
@puchta
Merge branch 'master' into fix-fetching-licenses-for-jvm-packages
407361e
@puchta
style
afbc1f3 
Signed-off-by: Jacek Puchta <jacek.puchta@dotdata.com>
@puchta
Copy link
Contributor Author

puchta commented Oct 30, 2023

@prabhu what do you think?

prabhu
prabhu approved these changes Oct 30, 2023
View reviewed changes
Copy link
Collaborator

@prabhu prabhu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks so good! Is it possible to add a test to repo tests?

@prabhu
Copy link
Collaborator

prabhu commented Oct 30, 2023

cc: @heubeck

@puchta
Copy link
Contributor Author

puchta commented Oct 31, 2023

Is it possible to add a test to repo tests?

OK, I'm working on it.

@prabhu
Copy link
Collaborator

prabhu commented Oct 31, 2023

@puchta, would you like to rebase and continue with the repo test?

@prabhu
Copy link
Collaborator

prabhu commented Nov 1, 2023

@puchta, ready to merge this PR and release 9.9.1. If you could contribute a test in a new PR, that would be awesome.

@prabhu prabhu merged commit cd495d0 into CycloneDX:master Nov 1, 2023
15 checks passed
theold190
theold190 reviewed Nov 2, 2023
View reviewed changes
data/lic-mapping.json
@@ -20,6 +22,9 @@
"Apache-2.0 OR MIT",
"Apache2.0",
"apache-2-0",
"APL2",
"the Apache License, ASL Version 2.0",
"Apache Publich License 2.0",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor typo: Publich

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you send a new PR? It is possible that the typo is deliberate so that it matches with the correct spdx id but let's not implement stemming algorithms in cdxgen (or not yet ;))

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The typeo is deliberate, see https://central.sonatype.com/artifact/org.scalanlp/breeze_2.12/1.3?smo=true

@puchta
Copy link
Contributor Author

puchta commented Nov 2, 2023

would you like to rebase and continue with the repo test?

Thanks for merging.
Yes, I'll push the tests as soon as I have them.

@puchta puchta deleted the fix-fetching-licenses-for-jvm-packages branch November 8, 2023 14:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@theold190 theold190 theold190 left review comments

@prabhu prabhu prabhu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@puchta @prabhu @theold190