From b599644c58c71a57b6959f74c382e9b764a0f965 Mon Sep 17 00:00:00 2001 From: ewelinagr Date: Mon, 2 Dec 2024 16:19:00 +0100 Subject: [PATCH 1/4] Add setup for Saturn licenses verification (ISO, 5.32) --- projects/saturn/allowed-licenses.json | 37 +++++++++++++++++++ projects/saturn/build.gradle | 7 ++++ .../saturn/license-normalizer-bundle.json | 10 +++++ 3 files changed, 54 insertions(+) create mode 100644 projects/saturn/allowed-licenses.json create mode 100644 projects/saturn/license-normalizer-bundle.json diff --git a/projects/saturn/allowed-licenses.json b/projects/saturn/allowed-licenses.json new file mode 100644 index 000000000..f1b97f4bd --- /dev/null +++ b/projects/saturn/allowed-licenses.json @@ -0,0 +1,37 @@ +{ + "allowedLicenses": [ + { + "moduleLicense": "Apache License, Version 2.0" + }, + { + "moduleLicense": "MIT License" + }, + { + "moduleLicense": "MIT-0" + }, + { + "moduleLicense": "Eclipse Public License - v 1.0" + }, + { + "moduleLicense": "Eclipse Public License - v 2.0" + }, + { + "moduleLicense": "The 3-Clause BSD License" + }, + { + "moduleLicense": "The 2-Clause BSD License" + }, + { + "moduleLicense": "Creative Commons Legal Code" + }, + { + "moduleLicense": "Bouncy Castle Licence" + }, + { + "moduleLicense": "Similar to Apache License but with the acknowledgment clause removed" + }, + { + "moduleLicense": "PUBLIC DOMAIN" + } + ] +} \ No newline at end of file diff --git a/projects/saturn/build.gradle b/projects/saturn/build.gradle index c5eadb827..61bfd7b62 100644 --- a/projects/saturn/build.gradle +++ b/projects/saturn/build.gradle @@ -17,6 +17,7 @@ plugins { id 'jacoco' id "org.owasp.dependencycheck" version "8.2.1" id "com.diffplug.spotless" version "6.25.0" + id 'com.github.jk1.dependency-license-report' version '2.9' } group 'io.fairspace' @@ -116,3 +117,9 @@ test { jvmArgs = ['--add-opens', 'java.base/java.util=ALL-UNNAMED'] useJUnitPlatform() } + +import com.github.jk1.license.filter.LicenseBundleNormalizer +licenseReport { + filters = [new LicenseBundleNormalizer(bundlePath: "$projectDir/license-normalizer-bundle.json")] + allowedLicensesFile = new File("$projectDir/allowed-licenses.json") +} \ No newline at end of file diff --git a/projects/saturn/license-normalizer-bundle.json b/projects/saturn/license-normalizer-bundle.json new file mode 100644 index 000000000..111c01694 --- /dev/null +++ b/projects/saturn/license-normalizer-bundle.json @@ -0,0 +1,10 @@ +{ + "bundles" : [ + { "bundleName" : "apache2", "licenseName" : "Apache License, Version 2.0", "licenseUrl" : "http://www.apache.org/licenses/LICENSE-2.0" } + ], + "transformationRules" : [ + { "bundleName" : "apache2", "licenseNamePattern" : ".*The Apache Software License, Version 2.0.*" }, + { "bundleName" : "apache2", "licenseNamePattern" : "Apache 2" }, + { "bundleName" : "apache2", "licenseNamePattern" : "Apache License 2.0" } + ] +} \ No newline at end of file From ac4f9d04b9ea1ae9fd54a657065bbd392ef73a31 Mon Sep 17 00:00:00 2001 From: ewelinagr Date: Mon, 30 Dec 2024 13:06:10 +0100 Subject: [PATCH 2/4] Add setup for Pluto licenses verification (ISO, 5.32) --- projects/pluto/allowed-licenses.json | 28 +++++++++++++++++++ projects/pluto/build.gradle | 7 +++++ projects/pluto/license-normalizer-bundle.json | 10 +++++++ 3 files changed, 45 insertions(+) create mode 100644 projects/pluto/allowed-licenses.json create mode 100644 projects/pluto/license-normalizer-bundle.json diff --git a/projects/pluto/allowed-licenses.json b/projects/pluto/allowed-licenses.json new file mode 100644 index 000000000..103003173 --- /dev/null +++ b/projects/pluto/allowed-licenses.json @@ -0,0 +1,28 @@ +{ + "allowedLicenses": [ + { + "moduleLicense": "Apache License, Version 2.0" + }, + { + "moduleLicense": "MIT License" + }, + { + "moduleLicense": "MIT-0" + }, + { + "moduleLicense": "Eclipse Public License - v 1.0" + }, + { + "moduleLicense": "Eclipse Public License - v 2.0" + }, + { + "moduleLicense": "Creative Commons Legal Code" + }, + { + "moduleLicense": "Bouncy Castle Licence" + }, + { + "moduleLicense": "PUBLIC DOMAIN" + } + ] +} \ No newline at end of file diff --git a/projects/pluto/build.gradle b/projects/pluto/build.gradle index aec18f57a..0f523fee8 100644 --- a/projects/pluto/build.gradle +++ b/projects/pluto/build.gradle @@ -13,6 +13,7 @@ plugins { id "org.owasp.dependencycheck" version '8.2.1' id 'io.spring.dependency-management' version '1.1.4' id "com.diffplug.spotless" version "6.25.0" + id 'com.github.jk1.dependency-license-report' version '2.9' } group 'nl.fairspace' @@ -98,3 +99,9 @@ dependencyManagement { mavenBom "org.springframework.cloud:spring-cloud-dependencies:${springCloudVersion}" } } + +import com.github.jk1.license.filter.LicenseBundleNormalizer +licenseReport { + filters = [new LicenseBundleNormalizer(bundlePath: "$projectDir/license-normalizer-bundle.json")] + allowedLicensesFile = new File("$projectDir/allowed-licenses.json") +} \ No newline at end of file diff --git a/projects/pluto/license-normalizer-bundle.json b/projects/pluto/license-normalizer-bundle.json new file mode 100644 index 000000000..111c01694 --- /dev/null +++ b/projects/pluto/license-normalizer-bundle.json @@ -0,0 +1,10 @@ +{ + "bundles" : [ + { "bundleName" : "apache2", "licenseName" : "Apache License, Version 2.0", "licenseUrl" : "http://www.apache.org/licenses/LICENSE-2.0" } + ], + "transformationRules" : [ + { "bundleName" : "apache2", "licenseNamePattern" : ".*The Apache Software License, Version 2.0.*" }, + { "bundleName" : "apache2", "licenseNamePattern" : "Apache 2" }, + { "bundleName" : "apache2", "licenseNamePattern" : "Apache License 2.0" } + ] +} \ No newline at end of file From 25a5ad06bf983bf09753a504041a8a3e29cdef49 Mon Sep 17 00:00:00 2001 From: ewelinagr Date: Mon, 30 Dec 2024 14:03:57 +0100 Subject: [PATCH 3/4] Document usage of Gradle license plugin. --- projects/pluto/README.md | 8 ++++++++ projects/saturn/README.md | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/projects/pluto/README.md b/projects/pluto/README.md index 5cb3617e3..6b666aebd 100644 --- a/projects/pluto/README.md +++ b/projects/pluto/README.md @@ -34,4 +34,12 @@ To format the code, run the following command: NOTE: The Spotless plugin also runs as part of the CI pipeline. Build will fail if the code is not formatted correctly. +### Licenses +The project uses the Gradle license plugin to manage licenses. To check if the licenses of the dependencies +are compatible with list of allowed licenses defined in [allowed-licenses.json](allowed-licenses.json), +run the following command: + +```bash +./gradlew :checkLicense +``` diff --git a/projects/saturn/README.md b/projects/saturn/README.md index 2693cc0b1..b7b6e2688 100644 --- a/projects/saturn/README.md +++ b/projects/saturn/README.md @@ -34,4 +34,12 @@ To format the code, run the following command: NOTE: The Spotless plugin also runs as part of the CI pipeline. Build will fail if the code is not formatted correctly. +### Licenses +The project uses the Gradle license plugin to manage licenses. To check if the licenses of the dependencies +are compatible with list of allowed licenses defined in [allowed-licenses.json](allowed-licenses.json), +run the following command: + +```bash +./gradlew :checkLicense +``` From 85937f90cfb29b14adc7c916943d694639ba6943 Mon Sep 17 00:00:00 2001 From: ewelinagr Date: Fri, 3 Jan 2025 10:48:50 +0100 Subject: [PATCH 4/4] Fix missing EOF lines. --- projects/pluto/allowed-licenses.json | 2 +- projects/pluto/build.gradle | 2 +- projects/pluto/license-normalizer-bundle.json | 2 +- projects/saturn/allowed-licenses.json | 2 +- projects/saturn/build.gradle | 2 +- projects/saturn/license-normalizer-bundle.json | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/projects/pluto/allowed-licenses.json b/projects/pluto/allowed-licenses.json index 103003173..c3c7e4514 100644 --- a/projects/pluto/allowed-licenses.json +++ b/projects/pluto/allowed-licenses.json @@ -25,4 +25,4 @@ "moduleLicense": "PUBLIC DOMAIN" } ] -} \ No newline at end of file +} diff --git a/projects/pluto/build.gradle b/projects/pluto/build.gradle index 0f523fee8..db8f6e9a9 100644 --- a/projects/pluto/build.gradle +++ b/projects/pluto/build.gradle @@ -104,4 +104,4 @@ import com.github.jk1.license.filter.LicenseBundleNormalizer licenseReport { filters = [new LicenseBundleNormalizer(bundlePath: "$projectDir/license-normalizer-bundle.json")] allowedLicensesFile = new File("$projectDir/allowed-licenses.json") -} \ No newline at end of file +} diff --git a/projects/pluto/license-normalizer-bundle.json b/projects/pluto/license-normalizer-bundle.json index 111c01694..fc338b12c 100644 --- a/projects/pluto/license-normalizer-bundle.json +++ b/projects/pluto/license-normalizer-bundle.json @@ -7,4 +7,4 @@ { "bundleName" : "apache2", "licenseNamePattern" : "Apache 2" }, { "bundleName" : "apache2", "licenseNamePattern" : "Apache License 2.0" } ] -} \ No newline at end of file +} diff --git a/projects/saturn/allowed-licenses.json b/projects/saturn/allowed-licenses.json index f1b97f4bd..cd9c55d42 100644 --- a/projects/saturn/allowed-licenses.json +++ b/projects/saturn/allowed-licenses.json @@ -34,4 +34,4 @@ "moduleLicense": "PUBLIC DOMAIN" } ] -} \ No newline at end of file +} diff --git a/projects/saturn/build.gradle b/projects/saturn/build.gradle index 61bfd7b62..81b9a3012 100644 --- a/projects/saturn/build.gradle +++ b/projects/saturn/build.gradle @@ -122,4 +122,4 @@ import com.github.jk1.license.filter.LicenseBundleNormalizer licenseReport { filters = [new LicenseBundleNormalizer(bundlePath: "$projectDir/license-normalizer-bundle.json")] allowedLicensesFile = new File("$projectDir/allowed-licenses.json") -} \ No newline at end of file +} diff --git a/projects/saturn/license-normalizer-bundle.json b/projects/saturn/license-normalizer-bundle.json index 111c01694..fc338b12c 100644 --- a/projects/saturn/license-normalizer-bundle.json +++ b/projects/saturn/license-normalizer-bundle.json @@ -7,4 +7,4 @@ { "bundleName" : "apache2", "licenseNamePattern" : "Apache 2" }, { "bundleName" : "apache2", "licenseNamePattern" : "Apache License 2.0" } ] -} \ No newline at end of file +}