From 51ab396f41929afef8cd3135d03a7e3b709d792d Mon Sep 17 00:00:00 2001 From: Andreas Bucksteeg Date: Thu, 2 Jan 2025 12:39:48 +0100 Subject: [PATCH 1/5] chore: fixes for monorepo work Removed static .bin paths and using script dir as reference, use JQ for checking if runtime deps are defined in package.json, switch back to license-checker for npm and revert workaround as it was not working in cloud --- licenses/license-engine.sh | 4 ++-- licenses/licenses | 5 ++++- licenses/list-licenses | 33 +++++++++++---------------------- 3 files changed, 17 insertions(+), 25 deletions(-) diff --git a/licenses/license-engine.sh b/licenses/license-engine.sh index f4eec1e..42a5951 100755 --- a/licenses/license-engine.sh +++ b/licenses/license-engine.sh @@ -98,8 +98,8 @@ done # remove pre-approved modules for approved in "${APPROVED_MODULES[@]}"; do - input=$(echo "$input" | grep -v "\"${approved}\"") - input=$(echo "$input" | grep -v "\"Custom: ${approved}\"") + input=$(echo "$input" | grep -vE "\"${approved}\"") + input=$(echo "$input" | grep -vE "\"Custom: ${approved}\"") done # remove allowed licenses diff --git a/licenses/licenses b/licenses/licenses index bbe6026..8b2877d 100755 --- a/licenses/licenses +++ b/licenses/licenses @@ -1,5 +1,8 @@ #!/bin/sh set -e +# Get the directory where this script is located +bin_dir="$(cd "$(dirname "$0")" && pwd)" + { echo "Checking licenses ..."; } 2>/dev/null -.bin/list-licenses | .bin/license-engine.sh +"${bin_dir}/list-licenses" | "${bin_dir}/license-engine.sh" \ No newline at end of file diff --git a/licenses/list-licenses b/licenses/list-licenses index f5cd6e8..d5db6ce 100755 --- a/licenses/list-licenses +++ b/licenses/list-licenses @@ -1,23 +1,17 @@ #!/bin/sh set -e +bin_dir="$(cd "$(dirname "$0")" && pwd)" + # list Node licenses if [ -f package.json ]; then - if grep -q '"dependencies":\s+{[^}]*"[^"]+":' package.json; then - # List all direct Go module dependencies, transform their paths to root module paths - # (e.g., github.com/ory/x instead of github.com/ory/x/foo/bar), and generate a license report - # for each unique root module. This ensures that the license report is generated for the root - # module of a repository, where licenses are typically defined. - go list -f "{{if not .Indirect}}{{.Path}}{{end}}" -m ... | - sort -u | - awk -F/ '{ if ($1 == "github.com" && NF >= 3) { print $1"/"$2"/"$3 } else { print } }' | - sort -u | - xargs -I {} sh -c '.bin/go-licenses report --template .bin/license-template-go.tpl {}' 2>/dev/null | - grep -v '^$' - { echo; } 2>/dev/null - else - echo "No dependencies found in package.json" >&2 - fi + if jq -e '.dependencies and (.dependencies | keys | length > 0)' package.json > /dev/null; then + npm install &> /dev/null + npm exec --yes license-checker -- --production --csv --excludePrivatePackages --customPath ${bin_dir}/license-template-node.json | grep -v '^$' + { echo; } 2>/dev/null + else + echo "No dependencies found in package.json" >&2 + fi fi # list Go licenses @@ -28,14 +22,9 @@ if [ -f go.mod ]; then exit 1 fi - go_modules=$(go list -f "{{if not .Indirect}}{{.Path}}{{end}}" -m ... | sort -u) - if [ -z "$go_modules" ]; then - echo "No Go modules found" >&2 - exit 0 - fi - # Workaround until https://github.com/google/go-licenses/issues/307 is fixed # .bin/go-licenses report "$module_name" --template .bin/license-template-go.tpl 2>/dev/null - echo "$go_modules" | xargs -I {} sh -c '.bin/go-licenses report --template .bin/license-template-go.tpl {}' 2>/dev/null | grep -v '^$' + # go list -f "{{if not .Indirect}}{{.Path}}{{end}}" -m ... | xargs -I {} sh -c '${bin_dir}/go-licenses report --template ${bin_dir}/license-template-go.tpl {}' 2>/dev/null | grep -v '^$' + ${bin_dir}/go-licenses report "$module_name" --template ${bin_dir}/license-template-go.tpl 2>/dev/null | grep -v '^$' { echo; } 2>/dev/null fi From 4876c1a9965fc29dd2897120a745fcc13c5291dd Mon Sep 17 00:00:00 2001 From: Andreas Bucksteeg Date: Thu, 2 Jan 2025 12:52:39 +0100 Subject: [PATCH 2/5] chore: fix download of shellcheck on macOS --- licenses/Makefile | 6 ++---- licenses/list-licenses | 8 ++++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/licenses/Makefile b/licenses/Makefile index 9b34f3c..65efb54 100644 --- a/licenses/Makefile +++ b/licenses/Makefile @@ -5,10 +5,7 @@ ifeq ($(ARCH),x86_64) ARCH_SHCK=x86_64 else ifeq ($(ARCH),arm64) ARCH=arm64 - ARCH_SHCK=arm64 -else ifeq ($(ARCH),aarch64) - ARCH=arm64 - ARCH_SHCK=arm64 + ARCH_SHCK=aarch64 else ifeq ($(ARCH),i386) ARCH=386 ARCH_SHCK=386 @@ -34,6 +31,7 @@ test: .bin/shellcheck .bin/shfmt # runs all automated tests .bin/shellcheck: Makefile echo installing Shellcheck ... + echo "curl -sSL https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.$(OS).$(ARCH_SHCK).tar.xz" curl -sSL https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.$(OS).$(ARCH_SHCK).tar.xz | tar xJ mkdir -p .bin mv shellcheck-stable/shellcheck .bin diff --git a/licenses/list-licenses b/licenses/list-licenses index d5db6ce..8357bdf 100755 --- a/licenses/list-licenses +++ b/licenses/list-licenses @@ -6,8 +6,8 @@ bin_dir="$(cd "$(dirname "$0")" && pwd)" # list Node licenses if [ -f package.json ]; then if jq -e '.dependencies and (.dependencies | keys | length > 0)' package.json > /dev/null; then - npm install &> /dev/null - npm exec --yes license-checker -- --production --csv --excludePrivatePackages --customPath ${bin_dir}/license-template-node.json | grep -v '^$' + npm install > /dev/null 2>&1 + npm exec --yes license-checker -- --production --csv --excludePrivatePackages --customPath "${bin_dir}"/license-template-node.json | grep -v '^$' { echo; } 2>/dev/null else echo "No dependencies found in package.json" >&2 @@ -24,7 +24,7 @@ if [ -f go.mod ]; then # Workaround until https://github.com/google/go-licenses/issues/307 is fixed # .bin/go-licenses report "$module_name" --template .bin/license-template-go.tpl 2>/dev/null - # go list -f "{{if not .Indirect}}{{.Path}}{{end}}" -m ... | xargs -I {} sh -c '${bin_dir}/go-licenses report --template ${bin_dir}/license-template-go.tpl {}' 2>/dev/null | grep -v '^$' - ${bin_dir}/go-licenses report "$module_name" --template ${bin_dir}/license-template-go.tpl 2>/dev/null | grep -v '^$' + # go list -f "{{if not .Indirect}}{{.Path}}{{end}}" -m ... | xargs -I {} sh -c '"${bin_dir}"/go-licenses report --template "${bin_dir}"/license-template-go.tpl {}' 2>/dev/null | grep -v '^$' + "${bin_dir}"/go-licenses report "$module_name" --template "${bin_dir}"/license-template-go.tpl 2>/dev/null | grep -v '^$' { echo; } 2>/dev/null fi From 27e2b7f919810c595a15fc923be1fb9567a7b75b Mon Sep 17 00:00:00 2001 From: Andreas Bucksteeg Date: Thu, 2 Jan 2025 12:53:23 +0100 Subject: [PATCH 3/5] chore: fix download of shellcheck on macOS --- licenses/Makefile | 1 - licenses/licenses | 2 +- licenses/list-licenses | 14 +++++++------- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/licenses/Makefile b/licenses/Makefile index 65efb54..39d6ca4 100644 --- a/licenses/Makefile +++ b/licenses/Makefile @@ -31,7 +31,6 @@ test: .bin/shellcheck .bin/shfmt # runs all automated tests .bin/shellcheck: Makefile echo installing Shellcheck ... - echo "curl -sSL https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.$(OS).$(ARCH_SHCK).tar.xz" curl -sSL https://github.com/koalaman/shellcheck/releases/download/stable/shellcheck-stable.$(OS).$(ARCH_SHCK).tar.xz | tar xJ mkdir -p .bin mv shellcheck-stable/shellcheck .bin diff --git a/licenses/licenses b/licenses/licenses index 8b2877d..25d3c9d 100755 --- a/licenses/licenses +++ b/licenses/licenses @@ -5,4 +5,4 @@ set -e bin_dir="$(cd "$(dirname "$0")" && pwd)" { echo "Checking licenses ..."; } 2>/dev/null -"${bin_dir}/list-licenses" | "${bin_dir}/license-engine.sh" \ No newline at end of file +"${bin_dir}/list-licenses" | "${bin_dir}/license-engine.sh" diff --git a/licenses/list-licenses b/licenses/list-licenses index 8357bdf..478e4f2 100755 --- a/licenses/list-licenses +++ b/licenses/list-licenses @@ -5,13 +5,13 @@ bin_dir="$(cd "$(dirname "$0")" && pwd)" # list Node licenses if [ -f package.json ]; then - if jq -e '.dependencies and (.dependencies | keys | length > 0)' package.json > /dev/null; then - npm install > /dev/null 2>&1 - npm exec --yes license-checker -- --production --csv --excludePrivatePackages --customPath "${bin_dir}"/license-template-node.json | grep -v '^$' - { echo; } 2>/dev/null - else - echo "No dependencies found in package.json" >&2 - fi + if jq -e '.dependencies and (.dependencies | keys | length > 0)' package.json >/dev/null; then + npm install >/dev/null 2>&1 + npm exec --yes license-checker -- --production --csv --excludePrivatePackages --customPath "${bin_dir}"/license-template-node.json | grep -v '^$' + { echo; } 2>/dev/null + else + echo "No dependencies found in package.json" >&2 + fi fi # list Go licenses From 95867bd48d7b535712262a632cae62905ea09d3c Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 2 Jan 2025 13:02:21 +0100 Subject: [PATCH 4/5] fix: go mod --- licenses/list-licenses | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/licenses/list-licenses b/licenses/list-licenses index 478e4f2..9a7cfa8 100755 --- a/licenses/list-licenses +++ b/licenses/list-licenses @@ -16,15 +16,23 @@ fi # list Go licenses if [ -f go.mod ]; then - module_name=$(grep "^module" go.mod | awk '{print $2}') - if [ -z "$module_name" ]; then - echo "Cannot determine the Go module name" >&2 - exit 1 + # List all direct Go module dependencies, transform their paths to root module paths + # (e.g., github.com/ory/x instead of github.com/ory/x/foo/bar), and generate a license report + # for each unique root module. This ensures that the license report is generated for the root + # module of a repository, where licenses are typically defined. + go_modules=$( + go list -f "{{if not .Indirect}}{{.Path}}{{end}}" -m ... | + sort -u | + awk -F/ '{ if ($1 == "github.com" && NF >= 3) { print $1"/"$2"/"$3 } else { print } }' | + sort -u + { echo; } 2>/dev/null + ) + if [ -z "$go_modules" ]; then + echo "No Go modules found" >&2 + else + # Workaround until https://github.com/google/go-licenses/issues/307 is fixed + # .bin/go-licenses report "$module_name" --template .bin/license-template-go.tpl 2>/dev/null + # + echo "$go_modules" | xargs -I {} sh -c '.bin/go-licenses report --template .bin/license-template-go.tpl {}' 2>/dev/null | grep -v '^$' fi - - # Workaround until https://github.com/google/go-licenses/issues/307 is fixed - # .bin/go-licenses report "$module_name" --template .bin/license-template-go.tpl 2>/dev/null - # go list -f "{{if not .Indirect}}{{.Path}}{{end}}" -m ... | xargs -I {} sh -c '"${bin_dir}"/go-licenses report --template "${bin_dir}"/license-template-go.tpl {}' 2>/dev/null | grep -v '^$' - "${bin_dir}"/go-licenses report "$module_name" --template "${bin_dir}"/license-template-go.tpl 2>/dev/null | grep -v '^$' - { echo; } 2>/dev/null fi From 0c87db6bf8984c89a595e7ffe69ee146c4c4f5cc Mon Sep 17 00:00:00 2001 From: aeneasr <3372410+aeneasr@users.noreply.github.com> Date: Thu, 2 Jan 2025 13:02:49 +0100 Subject: [PATCH 5/5] ci: install jq --- licenses/setup/action.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/licenses/setup/action.yml b/licenses/setup/action.yml index bccb7f2..ce774a7 100644 --- a/licenses/setup/action.yml +++ b/licenses/setup/action.yml @@ -19,6 +19,7 @@ runs: - uses: actions/setup-node@v2 with: node-version: "22" + - run: sudo apt-get install jq - name: Install license scanner run: curl https://raw.githubusercontent.com/ory/ci/master/licenses/install |