Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backport PR #16695 to 8.17: Update license checker with new dependency #16700

Merged
merged 1 commit into from
Nov 20, 2024

Conversation

github-actions[bot]
Copy link
Contributor

Backport PR #16695 to 8.17 branch, original message:


Release notes

[rn:skip]

What does this PR do?

A new transative dependency on the logger gem has been added. Update the license checker to ensure this is accounted for.

Why is it important/What is the impact to the user?

This should have no direct impact to the user other than ensuring all licenses are transparent for vendored code.

Checklist

  • My code follows the style guidelines of this project
    - [ ] I have commented my code, particularly in hard-to-understand areas
    - [ ] I have made corresponding changes to the documentation
    - [ ] I have made corresponding change to the default configuration files (and/or docker env variables)
    - [ ] I have added tests that prove my fix is effective or that my feature works

Author's Checklist

  • [ ]

How to test this PR locally

WIthout this patch the command (show successfull after this patch) will fail:

➜  logstash git:(update-license-for-logger) ✗ ./bin/dependencies-report --csv report.csv
Using system java: /Users/cas/.jenv/versions/21/bin/java
Finding gem dependencies
Finding gem embedded java/jar dependencies
Adding non-gem non-jar dependencies (such as jruby distribution)
Wrote temporary ruby deps CSV to /var/folders/cw/q_xjr4md1wj_w_c1xwfrnxdw0000gn/T/c6349f9a-c616-4457-8921-c7954862250a
Find gradle jar dependencies /Users/cas/elastic-repos/logstash
Executing ["./gradlew", "generateLicenseReport", "-PlicenseReportInputCSV=/var/folders/cw/q_xjr4md1wj_w_c1xwfrnxdw0000gn/T/c6349f9a-c616-4457-8921-c7954862250a", "-PlicenseReportOutputCSV=report.csv"]
WARNING: Unknown module: org.jruby.dist specified to --add-opens
WARNING: Unknown module: org.jruby.dist specified to --add-opens
WARNING: Unknown module: org.jruby.dist specified to --add-opens
WARNING: Unknown module: org.jruby.dist specified to --add-opens
To honour the JVM settings for this build a single-use Daemon process will be forked. For more on this, please refer to https://docs.gradle.org/8.7/userguide/gradle_daemon.html#sec:disabling_the_daemon in the Gradle documentation.
Daemon will be stopped at the end of the build

> Task :generateLicenseReport
Generated report with 160 dependencies (0 unknown or unacceptable licenses, 0 unknown or missing notices).

The following 49 license mappings were specified but unused:
awesome_print
builder
cgi
com.fasterxml.jackson.dataformat:jackson-dataformat-yaml
com.google.code.findbugs:jsr305
com.google.errorprone:error_prone_annotations
com.google.j2objc:j2objc-annotations
csv
diff-lcs
elastic-app-search
elastic-workplace-search
ffi-binary-libfixposix
gradle.plugin.com.github.jk1:gradle-license-report
io-console
io.netty:netty-all
mime-types
net-http
org.codehaus.janino:commons-compiler
org.codehaus.mojo:animal-sniffer-annotations
org.eclipse.core:org.eclipse.core.commands
org.eclipse.core:org.eclipse.core.contenttype
org.eclipse.core:org.eclipse.core.expressions
org.eclipse.core:org.eclipse.core.filesystem
org.eclipse.core:org.eclipse.core.jobs
org.eclipse.core:org.eclipse.core.resources
org.eclipse.core:org.eclipse.core.runtime
org.eclipse.equinox:org.eclipse.equinox.app
org.eclipse.equinox:org.eclipse.equinox.common
org.eclipse.equinox:org.eclipse.equinox.preferences
org.eclipse.equinox:org.eclipse.equinox.registry
org.eclipse.jdt:org.eclipse.jdt.core
org.eclipse.osgi:org.eclipse.osgi
org.eclipse.text:org.eclipse.text
reline
rspec
rspec-collection_matchers
rspec-core
rspec-expectations
rspec-mocks
rspec-support
rspec-wait
snappy
snappy-jars
snmp
strscan
time
unf
uri
webrick

Deprecated Gradle features were used in this build, making it incompatible with Gradle 9.0.

You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.

For more on this, please refer to https://docs.gradle.org/8.7/userguide/command_line_interface.html#sec:command_line_warnings in the Gradle documentation.

BUILD SUCCESSFUL in 2s
15 actionable tasks: 2 executed, 13 up-to-date
➜  logstash git:(update-license-fo

Logs

Example failing CI run https://buildkite.com/elastic/logstash-pull-request-pipeline/builds/1861#01934058-c2ca-4c87-a4c4-e05a4df19531

Add complying licenses (using the SPDX license ID from https://spdx.org/licenses) with URLs for the libraries listed below to tools/dependencies-report/src/main/resources/licenseMapping.csv:
"logger:1.6.1"
The following NOTICE.txt entries are missing, please add them:
LS_HOME/tools/dependencies-report/src/main/resources/notices/logger-NOTICE.txt

A new transative dependency on the `logger` gem has been added through sinatra 4.1.0. Update the
license checker to ensure this is accounted for.

(cherry picked from commit e0ed994)
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

cc @jsvd

Copy link
Member

@jsvd jsvd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jsvd jsvd merged commit 1051226 into 8.17 Nov 20, 2024
5 checks passed
@jsvd jsvd deleted the backport_16695_8.17 branch November 20, 2024 15:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants