add means to run dash-licenses #454
Conversation
MatthewKhouzam
requested review from
bhufmann,
PatrickTasse and
MatthewKhouzam
marcdumais-work
force-pushed
the
dash-licenses
branch
6 times, most recently
from
8295f75 to
82f2be3
Compare
|
@marcdumais-work Thanks for this contribution. Yes, changing the license to MIT as you suggested would help. The license check execution failed because some licenses could not be verified (I think). What would be the steps to fix this? Please let me know. |
+1, will do. Can you propose a license header for me to use? Looking at a few source files in this repo I could not find an example.
Correct. Or could not be verified with enough certainty (clearlydefined score) or the license(s) are not approved by the Foundation (exceptions can sometimes be sought - e.g. we obtained permission for Theia to use
We're still working on the Theia repo version of this PR. The idea we have it to:
You can follow the progress of the upstream PR, linked in the description above. |
|
FYI, the upstream PR has changed quite a bit since I opened this draft PR, with Paul helping improving it. I can uplift it, if you are interested to eventually merge. |
Signed-off-by: Marc Dumais <[email protected]>
Signed-off-by: Marc Dumais <[email protected]>
The upstream version is under the upstream project's license. Ericsson is the only contributor to that file, so we are able to license it otherwise here, as needed. Signed-off-by: Marc Dumais <[email protected]>
This file acts as a filter, that contains dependencies that fail the liocense check but are "known". This permits to ignore these, and be warned when any new dependency that fails the check is added, e.g. in a PR. For now I have kept upstream dependencies that are relevant here. Signed-off-by: Marc Dumais <[email protected]>
marcdumais-work
force-pushed
the
dash-licenses
branch
from
82f2be3 to
8c66575
Compare
Signed-off-by: Marc Dumais <[email protected]>
marcdumais-work
force-pushed
the
dash-licenses
branch
from
8c66575 to
ab5aef5
Compare
|
I have updated the PR and description, to match what we merged upstream. I kept multiple commits so the changes I made are clearer - I can squash before an eventual merge. |
|
FYI, Paul had the idea to contribute an npm packaging, directly in the |
|
This PR has become obsolete. We are working to create an easily integrated wrapper for |
Discussing with @MatthewKhouzam about 3PP license checks, I mentioned an Eclipse Foundation tool, dash-licenses, that I am integrating in Theia's CI. Here's a quick integration for
theia-trace-extension. Since only Ericsson employees have contributed to this, and both Eclipse Theia and this project here are done for Ericsson, I think I can change the license of the license check script to match this repo's license (and have done so).The PR adds:
license-check-baseline.json), that acts as a filter, for the check to temporarily ignore some dependencies that are already known to fail the license checkdash-licensecan report false positives - they can also be added to that file.check_3pp_licenses.jsand a script entry inpackage.jsonto run itTo run locally, do:
yarn license:checkTo get the full results, first temporarily remove file
license-check-baseline.json:A summary, with all dependencies listed, is created:
license-check-summary.txt