Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prepare for 1st release #2

Draft
wants to merge 6 commits into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
85 changes: 85 additions & 0 deletions .github/workflows/ci-cd.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
name: ci-cd

on:
push:
branches:
- main
workflow_dispatch:
pull_request:
branches:
- main

jobs:

build-and-test:
name: Build and Test

strategy:
matrix:
os: [ubuntu-latest]
node: ['18']
java: ['11']

runs-on: ${{ matrix.os }}
timeout-minutes: 10

steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 1

- name: Use Node.js ${{ matrix.node }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node }}
registry-url: 'https://registry.npmjs.org'

- name: Use Java ${{ matrix.java }}
uses: actions/setup-java@v3
with:
distribution: 'adopt'
java-version: ${{ matrix.java }}

- name: Run Tests
if: matrix.tests != 'skip'
shell: bash
run: |
yarn
yarn test

publish:
needs: build-and-test
if: |
github.ref =='refs/heads/main' &&
github.event_name == 'push' &&
github.repository == 'eclipse-dash/nodejs-wrapper' &&
startsWith(github.event.head_commit.message, '[Release]:')
runs-on: ubuntu-latest
strategy:
matrix:
node: ['18']
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Use Node.js ${{ matrix.node }}
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node }}
registry-url: 'https://registry.npmjs.org'
- name: Pre-Publish
shell: bash
run: |
yarn
- name: Publish to npm
uses: nick-invision/retry@v2
with:
timeout_minutes: 5
retry_wait_seconds: 60
max_attempts: 3
retry_on: error
command: yarn publish:ci
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_AUTH_TOKEN }}
54 changes: 0 additions & 54 deletions .github/workflows/ci.yml

This file was deleted.

27 changes: 27 additions & 0 deletions .github/workflows/gh-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
name: Create or prepare GitHub release

on:
push:
branches:
- main
paths:
- 'RELEASE'
pull_request:
types: [opened, synchronize]
branches:
- main
paths:
- 'RELEASE'

jobs:
gh-release:
name: Create GitHub release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: pipe-cd/actions-gh-release@v2.3.4
with:
release_file: 'RELEASE'
token: ${{ secrets.GITHUB_TOKEN }}
2 changes: 1 addition & 1 deletion .github/workflows/license-check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ jobs:
# build a local npm package "payload" and install it
npm pack
npm install
npm install --no-save ./dash-licenses-wrapper-*.tgz
npm install --no-save ./eclipse-dash-nodejs-wrapper-*.tgz
npx dash-licenses-wrapper --inputFile=package-lock.json
env:
DASH_LICENSES_PAT: ${{ secrets.DASH_LICENSES_PAT }}
2 changes: 1 addition & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
node_modules
download
dependency-check-summary.txt
dependency-check-summary*
license-check-summary*
45 changes: 45 additions & 0 deletions NOTICE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
# Notices for Eclipse Dash

This content is produced and maintained by the Eclipse Dash project.

* Project home: https://projects.eclipse.org/projects/technology.dash

## Trademarks

Eclipse Dash™ is a trademark of the Eclipse Foundation.

## Copyright

All content is the property of the respective authors or their employers. For
more information regarding authorship of content, please consult the listed
source code repository logs.

## Declared Project Licenses

This program and the accompanying materials are made available under the terms
of the Eclipse Public License v. 2.0 which is available at
https://www.eclipse.org/legal/epl-2.0.

SPDX-License-Identifier: EPL-2.0

## Source Code

The project maintains the following source code repositories:

* https://github.com/eclipse-dash/.github
* https://github.com/eclipse-dash/nodejs-wrapper
* https://github.com/eclipse/dash-licenses
* https://gitlab.eclipse.org/eclipse/technology/dash/eclipse-api-for-java.git
* https://gitlab.eclipse.org/eclipse/technology/dash/eclipse-project-code.git
* https://gitlab.eclipse.org/eclipse/technology/dash/license-tool/nodejs-wrapper.git
* https://gitlab.eclipse.org/eclipse/technology/dash/org.eclipse.dash.handbook.git

## Cryptography

Content may contain encryption software. The country in which you are currently
may have restrictions on the import, possession, and use, and/or re-export to
another country, of encryption software. BEFORE using any encryption software,
please check the country's laws, regulations and policies concerning the import,
possession, or use, and re-export of encryption software, to see if this is
permitted.

18 changes: 8 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# dash-licenses nodejs-wrapper
# Eclipse dash-licenses nodejs-wrapper

This wrapper makes it easy to integrate and run the Eclipse [Dash Licenses](https://github.com/eclipse/dash-licenses) Tool in Eclipse Foundation project repositories, both locally and during CI on GitHub (i.e. on Pull Requests). Doing so is the best way to catch early, any 3PP components that has incompatible or have unclear licenses. Optionally, `dash-licenses` can be run in `automatic IP review mode`, to automatically create IP Check tickets, on the Eclipse Foundation Gitlab instance, one for each 3PP component that fails the check, for further scrutiny. These tickets can often be approved automatically in minutes.

Expand All @@ -15,19 +15,17 @@ This wrapper makes it easy to integrate and run the Eclipse [Dash Licenses](http

## How to install and use

(Note: This wrapper is planned to soon be made available as a `npm package` - until then the below will not work )

This npm package contains the `dash-licenses-wrapper.js` script that uses `dash-licenses` under-the-hood, an example GitHub workflow that uses the wrapper and some example configuration files.
The npm package produced from this repository contains the `dash-licenses-wrapper.js` script that uses `dash-licenses` under-the-hood, an example GitHub workflow that uses the wrapper and some example configuration files.

To install this package as a "devDependency" in your project, use one of the following commands from the root of your project, according to the project's npm client:

```bash
# yarn:
# note: if prompted to do so, you may need to add option "--ignore-workspace-root-check"
yarn add dash-licenses-wrapper --dev
yarn add @eclipse-dash/nodejs-wrapper --dev

# npm:
npm install dash-licenses-wrapper --save-dev
npm install @eclipse-dash/nodejs-wrapper --save-dev
```

Once installed, you can run a license check, from the repo root, with the following command:
Expand Down Expand Up @@ -73,7 +71,7 @@ A configuration file can be used. Values defined therein will override wrapper d
"inputFile": "./package-lock.json",
"batch": "50",
"timeout": "240",
"exclusionsFile": "configs/dashLicensesExclusions.json",
"exclusionsFile": "configs/license-check-exclusions.json",
"summaryFile": "dash-licenses-summary.txt"
}
```
Expand All @@ -99,7 +97,7 @@ The `exclusions file` contains one dependency per line, with an optional comment

Example scenario: an important Pull Request (PR) adds a 3PP dependency, whose license is believed by the project to be compatible, but for which `dash-licenses` disagrees (e.g. because of a low score). The dependency is submitted the IP team for further analysis but can't be automatically approved, quickly. In the meantime, to avoid delaying merging the important PR or merging and having the "License Check" CI job fail until the dependency is officially approved, it may be added to the `exclusions file`:

Let's say the project's exclusion file is `configs/dashLicensesExclusions.json`
Let's say the project's exclusion file is `configs/license-check-exclusions.json`

The following entry is added: the first field is the 3PP as reported by `dash-licenses` and the second field is an optional comment, that can be used to track the reason for excluding the dependency from failing the license check. e.g.:

Expand All @@ -110,14 +108,14 @@ The following entry is added: the first field is the 3PP as reported by `dash-li
And then the wrapper can be called with CLI parameter `--exclusions` pointing to the `exclusions` file, like so:

```bash
npx dash-licenses-wrapper --inputFile=./package-lock.json --exclusions=configs/dashLicensesExclusions.json
npx dash-licenses-wrapper --inputFile=./package-lock.json --exclusions=configs/license-check-exclusions.json
```

Exclusion file: `<repo_root>/dependency-check-baseline.json`

## GitHub workflow

An example workflow, that runs the license check, is provided in directory `examples` (by default under `node_modules/dash-licenses-wrapper/examples/license-check-workflow.yml`). It can be copied to a GitHub project's directory `<repo root>/.github/workflows` and adapted for the given project.
An example workflow, that runs the license check, is provided in directory `examples` (by default under `node_modules/@eclipse-dash/nodejs-wrapper/examples/license-check-workflow.yml`). It can be copied to a GitHub project's directory `<repo root>/.github/workflows` and adapted for the given project.

If the project has added a `scripts` entry in the root `package.json` to run the license check, that may be used instead of `npx dash-licenses-wrapper [...]`. E.g. `yarn license:check [...]`.

Expand Down
8 changes: 8 additions & 0 deletions RELEASE
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
tag: v0.0.1

commitInclude:
parentOfMergeCommit: true

releaseNoteGenerator:
showAbbrevHash: true
showCommitter: false
Binary file removed dash-licenses-wrapper-1.0.0.tgz
Binary file not shown.
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@
"inputFile": "examples/package-lock.json",
"batch": 51,
"timeout": 241,
"exclusions": "examples/dashLicensesExclusions.json",
"summary": "dependency-check-summary.txt"
"exclusions": "examples/license-check-exclusions.json",
"summary": "license-check-summary.txt"
}
21 changes: 17 additions & 4 deletions package.json
Original file line number Diff line number Diff line change
@@ -1,18 +1,31 @@
{
"name": "dash-licenses-wrapper",
"version": "1.0.0",
"name": "@eclipse-dash/nodejs-wrapper",
"version": "0.0.0",
"description": "Node.js wrapper for dash-licenses, that makes it easier to perform license checks for JS/TS Eclipse Foundation projects",
"publishConfig": {
"access": "public"
"access": "public",
"registry": "https://registry.npmjs.org"
},
"bin": {
"dash-licenses-wrapper": "src/dash-licenses-wrapper.js"
},
"scripts": {
"test": "mocha --reporter spec"
"start": "node src/dash-licenses-wrapper.js",
"test": "mocha --reporter spec",
"publish:ci": "yarn publish --non-interactive --access public --registry https://registry.npmjs.org/",
"version:major": "lerna version major --exact --no-push --yes -m \"[Release]: v%s #major\n\nGitHub workflow shall publish and tag upon merge.\"",
"version:minor": "lerna version minor --exact --no-push --yes -m \"[Release]: v%s #minor\n\nGitHub workflow shall publish and tag upon merge.\"",
"version:patch": "lerna version patch --exact --no-push --yes -m \"[Release]: v%s #patch\n\nGitHub workflow shall publish and tag upon merge.\""
},
"files": [
"src/*",
"NOTICE.md",
"SECURITY.md",
"examples/license-check-*"
],
"devDependencies": {
"chai": "^4.3.10",
"lerna": "^7.0.0",
"mocha": "^10.2.0"
},
"mocha": {
Expand Down
2 changes: 1 addition & 1 deletion publishing.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Publishing `dash-licenses-wrapper`
# Publishing `@eclipse-dash/nodejs-wrapper`

```bash
# Setup npm token. e.g.
Expand Down
2 changes: 1 addition & 1 deletion src/dash-licenses-wrapper.js
Original file line number Diff line number Diff line change
Expand Up @@ -295,7 +295,7 @@ function printHelp() {
help(' npx dash-licenses-wrapper --dry-run --configFile=configs/dashLicensesConfig.json');
help(' npx dash-licenses-wrapper --inputFile=package-lock.json --summary=/tmp/license-check-summary.txt --review');
help(' npx dash-licenses-wrapper --summary=license-check-summary.txt --review --project=ecd.theia');
help(' npx dash-licenses-wrapper --summary=license-check-summary.txt --review --project=ecd.theia --exclusions=license-check-exclusions.json');
help(' npx dash-licenses-wrapper --summary=license-check-summary.txt --review --project=ecd.theia --exclusions=configs/license-check-exclusions.json');
}

function getPrintableConfig(configObj) {
Expand Down
8 changes: 4 additions & 4 deletions test/dash-licenses-wrapper.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -107,17 +107,17 @@ describe("dash-licenses-wrapper tests", function() {
"--noColor",
"--dryRun",
"--verbose",
"--configFile=examples/dashLicensesConfig.json"
"--configFile=examples/license-check-config.json"
]);

expect(status).to.equal(0);
expect(cfgFinal.configFile).to.equal(cfgCLI.configFile).to.equal("examples/dashLicensesConfig.json");
expect(cfgFinal.configFile).to.equal(cfgCLI.configFile).to.equal("examples/license-check-config.json");
expect(cfgFinal.project).to.equal(cfgFile.project).to.equal("ecd.cdt-cloud");
expect(cfgFinal.inputFile).to.equal(cfgFile.inputFile).to.equal("examples/package-lock.json");
expect(cfgFinal.batch).to.equal(cfgFile.batch).to.equal(51);
expect(cfgFinal.timeout).to.equal(cfgFile.timeout).to.equal(241);
expect(cfgFinal.exclusions).to.equal(cfgFile.exclusions).to.equal("examples/dashLicensesExclusions.json");
expect(cfgFinal.summary).to.equal(cfgFile.summary).to.equal("dependency-check-summary.txt");
expect(cfgFinal.exclusions).to.equal(cfgFile.exclusions).to.equal("examples/license-check-exclusions.json");
expect(cfgFinal.summary).to.equal(cfgFile.summary).to.equal("license-check-summary.txt");
});
});

Expand Down
Loading
Loading