[CI] [license check] Always specify project

During CI we run `dash-licenses` to check that the project's 3PP dependencies are approved by the Eclipse foundation. When a PR originates from the main repo, a token is available that permits running the tool in "automated review mode", which opens IP tickets automatically towards the Eclipse Foundation. When a PR originates from elsewhere, that token is not available and so we fall-back to reporting issues in the CI log. Until now, the "-project" option of `dash-licenses` was only thought useful in "automated review" mode, but it turns-out there is a rare case where we benefit providing this information all the time: when a 3PP dependency was narrowly approved, for use in Eclipse Theia only. Here is one such dependency: https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/2734 The dependency above is part of a recent PR from an outside contributor (non-committer), that originated from a fork: #12141 So far, for PRs originating from a fork, we would not provide the project when running `dash-licenses` and so such dependency are incorrectly flagged as unapproved: https://github.com/eclipse-theia/theia/actions/runs/4075784869/jobs/7077702838#step:5:186 This commit provides the project all the time, so that such dependencies will be correctly assessed, based on what's approved for our project, even for non-committer contributors. Signed-off-by: Marc Dumais <marc.dumais@ericsson.com>
eclipse-theia · Feb 6, 2023 · 393f050 · 393f050
1 parent d59d527
commit 393f050
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/scripts/check_3pp_licenses.js b/scripts/check_3pp_licenses.js
@@ -66,10 +66,10 @@ async function main() {
         fs.renameSync(dashLicensesSummary, `${dashLicensesSummary}.old`);
     }
     info('Running dash-licenses...');
-    const args = ['-jar', dashLicensesJar, 'yarn.lock', '-batch', '50', '-timeout', '240', '-summary', dashLicensesSummary];
+    const args = ['-jar', dashLicensesJar, 'yarn.lock', '-batch', '50', '-timeout', '240', '-project', project, '-summary', dashLicensesSummary];
     if (autoReviewMode && personalAccessToken) {
         info(`Using "review" mode for project: ${project}`);
-        args.push('-review', '-token', personalAccessToken, '-project', project);
+        args.push('-review', '-token', personalAccessToken);
     }
     const dashError = getErrorFromStatus(spawn('java', args, {
         stdio: ['ignore', 'ignore', 'inherit']