Merge pull request #1558 from kintone-labs/SSR-4321_Migrate-LicenseFi…

…nder-to-license-manager SSR-4321: migrate LicenseFinder to @cybozu/license-manager
kintone-labs · Nov 25, 2024 · 1450d8e · 1450d8e
2 parents 369f6ba + d85e1ac
commit 1450d8e
Show file tree

Hide file tree

Showing 14 changed files with 357 additions and 503 deletions.
diff --git a/.github/actions/generate_licenses/action.yml b/.github/actions/generate_licenses/action.yml
@@ -0,0 +1,10 @@
+name: 'Create licenses file'
+description: 'Create licenses file'
+
+outputs:
+  license_file_path:
+    description: 'The file path of the generated LICENSE file'
+
+runs:
+  using: 'node20'
+  main: 'index.js'
diff --git a/.github/actions/generate_licenses/index.js b/.github/actions/generate_licenses/index.js
@@ -0,0 +1,123 @@
+const core = require("@actions/core");
+const fs = require("fs");
+const path = require("path");
+const { isMatchPackage } = require("@cybozu/license-manager");
+
+const workingDirectory = path.resolve("./");
+const productLicenseFile = path.resolve("./license-manager/product-license");
+
+const licenseFile = `${workingDirectory}/LICENSE`;
+
+const packagePath = `${workingDirectory}/package.json`;
+const extractedProdLicenseFilePath = `${workingDirectory}/licenses-prod.json`;
+
+const licenseManagerDevConfigPath = `${workingDirectory}/license-manager/license-manager-dev.config.js`;
+const extractedDevLicenseFilePath = `${workingDirectory}/licenses-dev.json`;
+
+const formatLicenseContent = (licenseInfo) => {
+  let repository;
+  if (Object.prototype.hasOwnProperty.call(licenseInfo, "repository")) {
+    if (typeof licenseInfo.repository === "string") {
+      repository = licenseInfo.repository;
+    } else {
+      repository = licenseInfo.repository?.url
+        ? licenseInfo.repository.url
+        : "";
+    }
+  }
+
+  return `\n\n\n${licenseInfo.name}${repository ? `\nrepository: ${repository}` : ""}
+version: ${licenseInfo.version}
+license: ${licenseInfo.license}
+${licenseInfo.licenseText}`;
+};
+
+const generateProdLicenseContent = (packagePath, extractedProdLicenseFilePath) => {
+  let packageInfo = {};
+  try {
+    packageInfo = JSON.parse(fs.readFileSync(packagePath).toString());
+  } catch (error) {
+    core.setFailed(error.message);
+  }
+
+  let dependenciesList;
+  try {
+    dependenciesList = Object.keys(packageInfo.dependencies);
+  } catch (_) {
+    dependenciesList = [];
+  }
+
+  let prodLicensesInfo = [];
+  try {
+    prodLicensesInfo = JSON.parse(
+      fs.readFileSync(extractedProdLicenseFilePath).toString(),
+    );
+  } catch (error) {
+    core.setFailed(error.message);
+  }
+
+  let prodLicenseContent = "";
+  dependenciesList.forEach((dependency) => {
+    for (let i = 0; i < prodLicensesInfo.length; i++) {
+      const licenseInfo = prodLicensesInfo[i];
+      if (dependency === licenseInfo.name) {
+        prodLicenseContent += formatLicenseContent(licenseInfo);
+        break;
+      }
+    }
+  });
+
+  return prodLicenseContent;
+};
+
+const generateDevLicenseContent = (licenseManagerDevConfigPath, extractedDevLicenseFilePath) => {
+  let devLicensesInfo = [];
+  try {
+    devLicensesInfo = JSON.parse(
+      fs.readFileSync(extractedDevLicenseFilePath).toString(),
+    );
+  } catch (error) {
+    core.setFailed(error.message);
+  }
+
+  let devLicenseContent = "";
+  const devConfig = require(licenseManagerDevConfigPath);
+  if (devConfig.analyze && devConfig.analyze.allowPackages) {
+    const devAllowPackages = devConfig.analyze.allowPackages;
+    devAllowPackages.forEach((devAllowPackage) => {
+      for (let i = 0; i < devLicensesInfo.length; i++) {
+        const licenseInfo = devLicensesInfo[i];
+        if (isMatchPackage(licenseInfo, devAllowPackage)) {
+          devLicenseContent += formatLicenseContent(licenseInfo);
+        }
+      }
+    });
+  }
+
+  return devLicenseContent;
+};
+
+let licenseContent;
+
+try {
+  licenseContent = `${fs.readFileSync(productLicenseFile).toString()}`;
+} catch (e) {
+  licenseContent = "";
+}
+
+const prodLicenseContent = generateProdLicenseContent(packagePath, extractedProdLicenseFilePath);
+const devLicenseContent = generateDevLicenseContent(licenseManagerDevConfigPath, extractedDevLicenseFilePath);
+
+if (prodLicenseContent || devLicenseContent) {
+  licenseContent += licenseContent ? "\n\n\n" : "";
+  licenseContent += `Licenses for Third-Party Libraries
+
+  The following sections contain licensing information for libraries that
+  we have included with the kuc.min.js.`;
+
+  licenseContent += prodLicenseContent ? prodLicenseContent : "";
+  licenseContent += devLicenseContent ? devLicenseContent : "";
+}
+
+fs.writeFileSync(licenseFile, licenseContent);
+core.setOutput("license_file_path", licenseFile);
diff --git a/.github/workflows/check_license_v1.yml b/.github/workflows/check_license_v1.yml
@@ -1,60 +1,69 @@
 name: Check v1 license
 
 on:
-  push:
-    branches: [master]
   pull_request:
     branches: [master]
-  release:
-    types: [created]
 
 jobs:
-  license_finder:
-    name: Check License On Dependency
+  license_manager:
+    name: Check License
     runs-on: ubuntu-latest
     steps:
-      - name: Set up License Finder
-        run: sudo gem install license_finder
-
       - name: Check out repository
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
       - name: Install node
         uses: actions/setup-node@v4
         with:
           node-version: 20
+          cache: 'npm'
       - name: Cache Dependencies
         uses: actions/cache@v4
         with:
           path: ~/.npm
           key: npm-${{ hashFiles('package-lock.json') }}
           restore-keys: npm-
 
-      - name: Install Dependencies
-        run: npm ci
-      - name: Check licenses
-        run: license_finder --decisions-file=licensefinder/doc/check-dependency-license.yml
+      - name: Install dependencies
+        run: |
+          npm ci
+          npm install @actions/core @cybozu/license-manager --no-save
 
-  license_finder-dev:
-    name: Check License On Devdependency
-    runs-on: ubuntu-latest
-    steps:
-      - name: Set up License Finder
-        run: sudo gem install license_finder
+      - name: Analyze and extract prod licenses
+        run: |
+          npx license-manager analyze -c ./license-manager/license-manager-prod.config.js
+          npx license-manager extract -c ./license-manager/license-manager-prod.config.js
 
-      - name: Check out repository
-        uses: actions/checkout@v4
-      - name: Install node
-        uses: actions/setup-node@v4
-        with:
-          node-version: 20
-      - name: Cache Devdependencies
-        uses: actions/cache@v4
+      - name: Analyze and extract dev licenses
+        run: |
+          npx license-manager analyze -c ./license-manager/license-manager-dev.config.js
+          npx license-manager extract -c ./license-manager/license-manager-dev.config.js
+
+      - name: Generate licenses file
+        id: generate_licenses
+        uses: ./.github/actions/generate_licenses
+      - name: Upload LICENSE
+        uses: actions/upload-artifact@v4
         with:
-          path: ~/.npm
-          key: npm-${{ hashFiles('package-lock.json') }}
-          restore-keys: npm-
+          name: LICENSE
+          path: ${{ steps.generate_licenses.outputs.license_file_path }}
+
+      - name: Check for modified LICENSE file
+        run: |
+          if git diff --name-only | grep -q 'LICENSE' || git ls-files --others --exclude-standard | grep -q 'LICENSE'; then
+            echo "LICENSE_changed=true" >> $GITHUB_ENV
+          else
+            echo "LICENSE is NOT changed"
+          fi
 
-      - name: Install Dependencies
-        run: npm ci
-      - name: Check dev-licenses
-        run: license_finder --decisions-file=licensefinder/doc/check-devdependency-license.yml
+      - name: Update LICENSE in repository
+        if: env.LICENSE_changed == 'true'
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+          git add LICENSE
+          git commit -m "Update LICENSE file"
+          git push origin HEAD:$GITHUB_HEAD_REF
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
diff --git a/LICENSE b/LICENSE
@@ -21,17 +21,19 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 
 
-Licenses for Third-Party Components
+Licenses for Third-Party Libraries
 
   The following sections contain licensing information for libraries that
   we have included with the kuc.min.js.
 
 
 @webcomponents/webcomponentsjs
+repository: https://github.com/webcomponents/polyfills.git
+version: 2.8.0
+license: BSD-3-Clause
+# License
 
-This product includes Web Components Polyfills.
-
-webcomponents/polyfills is licensed under the BSD 3-Clause "New" or "Revised" License.
+Everything in this repo is BSD style license unless otherwise specified.
 
 Copyright (c) 2015 The Polymer Authors. All rights reserved.
 
@@ -51,11 +53,9 @@ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
 
 
 core-js
-
-This product includes core-js.
-
-zloirock/core-js is licensed under the MIT License.
-
+repository: git+https://github.com/zloirock/core-js.git
+version: 3.38.1
+license: MIT
 Copyright (c) 2014-2024 Denis Pushkarev
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -77,10 +77,11 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
 
 
-lit
-
-This product includes lit.
 
+lit
+repository: https://github.com/lit/lit.git
+version: 3.2.0
+license: BSD-3-Clause
 BSD 3-Clause License
 
 Copyright (c) 2017 Google LLC. All rights reserved.
@@ -112,9 +113,9 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 
 regenerator-runtime
-
-This product includes regenerator-runtime.
-
+repository: https://github.com/facebook/regenerator/tree/main/packages/runtime
+version: 0.14.1
+license: MIT
 MIT License
 
 Copyright (c) 2014-present, Facebook, Inc.
@@ -138,10 +139,11 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 
 
-uuid
-
-This product includes uuid.
 
+uuid
+repository: git+https://github.com/uuidjs/uuid.git
+version: 10.0.0
+license: MIT
 The MIT License (MIT)
 
 Copyright (c) 2010-2020 Robert Kieffer and other contributors
@@ -150,4 +152,4 @@ Permission is hereby granted, free of charge, to any person obtaining a copy of
 
 The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
 
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.