[ISSUE #4830] Generate LICENSE and NOTICE with Gradle tasks #4831
Conversation
Pil0tXia
force-pushed
the
pil0txia/license_4830
branch
from
3e999f7 to
8ad3029
Compare
ppkarwasz
left a comment
ppkarwasz
left a comment
There was a problem hiding this comment.
Great job!
I think other Apache projects might profit from it, if you transform it into a Gradle plugin.
# Conflicts: # build.gradle
|
This PR has completed the #4719 (comment) follow-up and is ready to be merged. Now executing the Incompatible artifacts will be printed on screen. Release Manager must remove these artifacts from classpath, remove their license files from |
Pil0tXia
added
the
ready for review
ppkarwasz
left a comment
ppkarwasz
left a comment
There was a problem hiding this comment.
I think it would be best to have more control on the licenses that are included in the distribution.
There is also the problem of software available under multiple licenses: e.g. Logback is available under EPL 1.0 and LGPL 2.1. The first one is a category B license and Apache projects can include it in binary form. The second one is a category X license and can not be included in Apache distributions.
Does it mean we shouldn't even mention that Logback is available under LGPL 2.1? I have no idea, better ask LEGAL about that. You probably could generate a snapshot of your distribution and ask them to look at the LICENSE part.
Pil0tXia
removed
the
ready for review
Pil0tXia
added
the
ready for review
|
@xwm1992 |
…ache#4831) * Update com.github.jk1.dependency-license-report to cyclonedx-gradle-plugin * Remove redundant mavenLocal() * Store license files by license name * Sort by version additionally * Stick to bundled dependencies * Auto generate NOTICE file * Add comments * Display "/" for 'Unicode/ICU License' * Rename 'third-party-licenses' to 'dist-license' to suit LICENSE file's meaning * Doing some paperwork * failed to apply plugins block, minor adjust * Remove logback completely * download license if only url is given * delete mysql's license * exempt licenses * minor optimize * Add checkDeniedLicense task * Output success
4 participants
Fixes #4830
Motivation
As is discussed in #4720, the LICENSE and NOTICE files of the EventMesh binary distribution release need to be maintained manually, and for a long time the contents of the files were incomplete and not updated in time when artifacts were introduced or updated.
Following the suggestion in #4720 (comment), I implemented
generateDistLicensetask that automatically generates theLICENSEfile andlicenses/directory, andgenerateDistNoticetask that automatically generates theNOTICEfile.They can be run manually, or automatically when the
disttask is executed. After #4719 is merged, I'll specify thegenerateDistLicensetask and thegenerateDistNoticetask as dependencies of thedisttask.The licenses generated by the
generateDistLicensetask are named after the license name, e.g.Apache-2.0.txt, which conforms to ASF regulations. I can also modify it to be named after an artifact, e.g.log4j-core 2.22.1 Apache-2.0.txt. Please let me know if you want to do like that.Modifications
generateDistLicensetask and thegenerateDistNoticetask.mavenLocal()was removed according to https://docs.gradle.org/current/userguide/declaring_repositories.html#sub:maven_localUpdate:
Now executing the
disttask automatically generates the LICENSE and NOTICE files and automatically packages them.Incompatible artifacts will be printed on screen. Release Manager must remove these artifacts from classpath, remove their license files from
licensesdir, and tell users to manually download them.Documentation