Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce REUSE licenses and tooling #9360

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Introduce REUSE licenses and tooling #9360

wants to merge 1 commit into from

Conversation

kikofernandez
Copy link
Contributor

@kikofernandez kikofernandez commented Jan 30, 2025
edited
Loading

  • the files have been manually checked and were created by members of OTP. the addition of SPDX notation at the header was performed using REUSE tool.
  • this PR makes use of REUSE, and makes OTP REUSE compliant
  • add a github action to check for reuse compliance
  • adds licenses used to the repo. one exception is LicenseRef-NOASSERTION which states that these files have no assertion. the reuse tool says that all spdx licenses are supported, but they do not support SPDX-LicenseIdentifier: NOASSERTION, so we resort to this way of referencing files for which we have not yet look at the license. These files are mostly examples and tests.
  • generation of TOML file from an OTP SBOM. This fixes having to immediately annotate all files, where some test files may break due to this.

@kikofernandez kikofernandez self-assigned this Jan 30, 2025
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 30, 2025
edited
Loading

CT Test Results

  1 files   11 suites   4m 11s ⏱️
 93 tests  91 ✅ 2 💤 0 ❌
109 runs  107 ✅ 2 💤 0 ❌

Results for commit 1bc517d.

♻️ This comment has been updated with latest results.

To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass.

See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally.

Artifacts

// Erlang/OTP Github Action Bot

@kikofernandez kikofernandez force-pushed the kiko/licenses/add-spdx-license-headers branch from 92cf9fe to dd9684a Compare January 30, 2025 09:13
garazdawi
garazdawi reviewed Jan 30, 2025
View reviewed changes
Copy link
Contributor

@garazdawi garazdawi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As you added LICENSES, should we delete system/COPYRIGHT? Or do they have different purposes?

.github/dockerfiles/init.sh Outdated Show resolved Hide resolved
.github/ISSUE_TEMPLATE/bug_report.md Outdated Show resolved Hide resolved
@kikofernandez kikofernandez force-pushed the kiko/licenses/add-spdx-license-headers branch from dd9684a to ce9fa60 Compare January 30, 2025 09:38
@kikofernandez
Copy link
Contributor Author

As you added LICENSES, should we delete system/COPYRIGHT? Or do they have different purposes?

Good question for @rickard-green
I do not know. I would get rid of system/COPYRIGHT, as it contains the licenses, which are now included in LICENSES, and anyone can run reuse spdx and generate a SBOM

This generated SBOM cannot claim concluded licenses and may have minor issues, but it is a perfectly informal but valid SBOM for people to use.

The main issue of the generated SBOM is that all LicenseRef-NOASSERTION should be turn into NOASSERTION.

@kikofernandez kikofernandez force-pushed the kiko/licenses/add-spdx-license-headers branch 2 times, most recently from 9b26a8a to 37c7f71 Compare January 30, 2025 13:32
@kikofernandez kikofernandez mentioned this pull request Jan 30, 2025
Merged
6 tasks
@kikofernandez kikofernandez force-pushed the kiko/licenses/add-spdx-license-headers branch 2 times, most recently from 60b6bc5 to 2308146 Compare February 1, 2025 20:10
@rickard-green rickard-green added the team:VM Assigned to OTP team VM label Feb 3, 2025
@kikofernandez kikofernandez force-pushed the kiko/licenses/add-spdx-license-headers branch from d1270b5 to ea3b7b6 Compare February 3, 2025 21:41
@kikofernandez kikofernandez added the testing currently being tested, tag is used by OTP internal CI label Feb 3, 2025
@kikofernandez kikofernandez changed the title adds spdx annotations to files without license Introduce REUSE licenses and tooling Feb 4, 2025
@kikofernandez
add licenses as per REUSE and Github Action
1bc517d 
adds licenses detected by REUSE, github actions to check that all files
either exist in the REUSE.toml or in its own file with its own SPDX
license identifier.
@kikofernandez kikofernandez force-pushed the kiko/licenses/add-spdx-license-headers branch from ea3b7b6 to 1bc517d Compare February 4, 2025 08:50
@kikofernandez kikofernandez mentioned this pull request Feb 4, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@garazdawi garazdawi garazdawi left review comments

@rickard-green rickard-green Awaiting requested review from rickard-green

At least 1 approving review is required to merge this pull request.

Assignees

@kikofernandez kikofernandez

Labels
enhancement team:VM Assigned to OTP team VM testing currently being tested, tag is used by OTP internal CI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@kikofernandez @garazdawi @rickard-green