Python client: add license check #2580
Conversation
MonkeyCanCode
requested review from
HonahX,
eric-maynard,
flyrain and
snazy
flyrain
left a comment
flyrain
left a comment
There was a problem hiding this comment.
+1 Thanks for working on it, @MonkeyCanCode !
github-project-automation
bot
moved this from PRs In Progress
to Ready to merge
in Basic Kanban Board
HonahX
left a comment
HonahX
left a comment
There was a problem hiding this comment.
LGTM! Thanks for working on this.
I've verified this can catch non-supported license in deps. e.g.
--- Starting license compliance check ---
license GNU Lesser General Public License v2 or later (LGPLv2+) not in allow-only licenses was found for package chardet:5.2.0
make: *** [client-license-check] Error 1
| .PHONY: client-license-check | ||
| client-license-check: client-setup-env ## Run license compliance check | ||
| @echo "--- Starting license compliance check ---" | ||
| @$(ACTIVATE_AND_CD) && pip-licenses |
There was a problem hiding this comment.
Somehow this does not work for me in an old poetry environment.
pip-licenses: command not found
But I've verified that a clean install will work.
There was a problem hiding this comment.
Maybe the previous poetry env doesn't have this dependency installed as I added it last night via this PR. In case if u want that env to work, u can source the venv then run poetry command to install all again.
There was a problem hiding this comment.
Yeah I ran make install-dependencies and I saw poetry explicitly said it installed pip-licenses yet it still could not found it. Could be some other weird issue in that env. So I ends up using a clean environment to verify : )
Using poetry run pip-licenses will work btw
github-project-automation
bot
moved this from Ready to merge
to Done
in Basic Kanban Board
|
@MonkeyCanCode the merge broke CI on |
NVM, merged your fix. |
4 participants
This is requested by @snazy a while back via #822 and @DaniilRoman did the initial implementation via #1102. This is the PR for merged the changes from sample PR with our GH action and Makefile.
There are a lot more allowed licenses from ASF (https://www.apache.org/legal/resolved.html#category-x) and a bunch for which should't be included as well. For now, I put the allow list with the packages that are currently being used.