Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Include licenses in packages #882

Closed
wants to merge 6 commits into from

Conversation

jsoriano
Copy link
Member

Include a new LICENSE.txt file when building packages that include the source.license field in their manifests.

Follow up of elastic/package-spec#355.
Part of elastic/package-spec#298.

@jsoriano jsoriano requested a review from a team June 30, 2022 11:13
@jsoriano jsoriano self-assigned this Jun 30, 2022
@@ -152,3 +152,5 @@ require (
sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)

replace github.com/elastic/package-spec => github.com/elastic/package-spec v1.12.2-0.20220629092545-9ee240e557a5
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be removed before merging, once elastic/package-spec#355 is included in the used package-spec.

Copy link
Contributor

@mtojek mtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that you may want to take a look also at the create command and add an option to select licenses there.

@@ -110,7 +110,10 @@ type PackageManifest struct {
Owner Owner `config:"owner" json:"owner" yaml:"owner"`
Description string `config:"description" json:"description" yaml:"description"`
License string `config:"license" json:"license" yaml:"license"`
Categories []string `config:"categories" json:"categories" yaml:"categories"`
Source struct {
License string `config:"license" json:"license" yaml:"license"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you plan to deprecate the license field in this PR?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is deprecated in the package-spec.
I think we are not doing anything with deprecations in elastic-package, do you have a proposal for something that we could do here?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would drop a comment in the source in this place as both fields are modeled. Frankly speaking, it's another argument for switching to a common place with business/model structures.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Frankly speaking, it's another argument for switching to a common place with business/model structures.

Yep, another +1 for something like elastic/package-spec#322.

internal/builder/packages.go Show resolved Hide resolved
}
if license := m.Source.License; license != "" {
logger.Debugf("Write license text for %q", license)
err := licenses.WriteTextToFile(license, filepath.Join(destinationDir, "LICENSE.txt"))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there an option to use your own license? Will it break the building logic here?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not at the moment, do we want to support it?

If we want, we could relax the check of unknown licenses, and include whatever the developer places in the source.license field and the LICENSE.txt file.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(it will break the current logic because it assumes that source.license if set, is set to one of the values enumerated in the spec)

Copy link
Contributor

@mtojek mtojek Jun 30, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Passing this to @akshay-saraswat. From developer's point of view, we may end up with an edge case, when a developer/team/customer needs to slightly modify the LICENSE text. For example, add an extra paragraph.

Comment on lines 157 to 166
if options.buildDir == "" {
destinationDir, err = BuildPackagesDirectory(options.PackageRoot)
if err != nil {
return "", errors.Wrap(err, "can't locate build directory")
}
} else {
destinationDir, err = buildPackagesDirectory(options.buildDir, options.PackageRoot)
if err != nil {
return "", errors.Wrap(err, "can't locate build directory")
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why exactly do you need this if-else block? It looks like it complicated the current logic.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added options.buildDir to have a predictable place where packages are built for testing.

I can move this logic to the new internal method. I didn't modify the behaviour or interface of BuildPackagesDirectory because it is a exposed method, though it is in an internal package.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moved logic to the current BuildPackagesDirectory and changed the other use we have of this.

internal/builder/packages.go Outdated Show resolved Hide resolved
@elasticmachine
Copy link
Collaborator

elasticmachine commented Jun 30, 2022

💚 Build Succeeded

the below badges are clickable and redirect to their specific view in the CI or DOCS
Pipeline View Test View Changes Artifacts preview preview

Expand to view the summary

Build stats

  • Start Time: 2022-06-30T15:28:28.984+0000

  • Duration: 30 min 26 sec

Test stats 🧪

Test Results
Failed 0
Passed 776
Skipped 0
Total 776

🤖 GitHub comments

To re-run your PR in the CI, just comment with:

  • /test : Re-trigger the build.

@elasticmachine
Copy link
Collaborator

elasticmachine commented Jun 30, 2022

🌐 Coverage report

Name Metrics % (covered/total) Diff
Packages 100.0% (33/33) 💚
Files 67.5% (81/120) 👍 1.121
Classes 62.874% (105/167) 👍 0.911
Methods 49.926% (337/675) 👍 0.155
Lines 33.064% (3025/9149) 👎 -0.1
Conditionals 100.0% (0/0) 💚

internal/builder/packages.go Outdated Show resolved Hide resolved
same "printed page" as the copyright notice for easier
identification within third-party archives.

Copyright [yyyy] [name of copyright owner]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we render this data or remove the entry?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment elastic/package-spec#367 (comment) applies here.

Copy link
Contributor

@mtojek mtojek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Recent changes look good to me, but will hold my "approval" until we clarify this point.

@jsoriano
Copy link
Member Author

jsoriano commented Jul 18, 2022

@mtojek I am thinking on closing this, and leaving developers the responsibility of properly licensing their code. Reasons:

  • As you mentioned, developers may require slightly variations of the license text.
  • Some licenses require to add additional headers or things like that to be properly added, so we would be providing a partial solution unless we do everything tools like go-licenser tools do.
  • This is a common practice. Developers use to use different tools to manage the licensing of their code.
  • We can still add more validations or tooling in the future.

The plan would still be:

  • source.license is an optional field that can be used to indicate the license of the code, it is responsibility of the developer to apply it correctly. It is not strongly validated, as similar fields in other packages as docker images or PIP are not validated.
  • Still merge Add definition for the license file package-spec#367 to formalize where the license code should reside, we don't do any validation on this.

@mtojek
Copy link
Contributor

mtojek commented Jul 18, 2022

SGTM, maybe you can focus on the spec profiles and forbid using deprecated properties, or enable format_version related logic.

@jsoriano jsoriano closed this Jul 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants