Skip to content

feat: REUSE/SPDX compliance - license headers, dep5 bulk assignment, CI check#102

Merged
mwaldheim merged 1 commit into
mainfrom
feat/79-reuse-spdx-compliance
May 23, 2026
Merged

feat: REUSE/SPDX compliance - license headers, dep5 bulk assignment, CI check#102
mwaldheim merged 1 commit into
mainfrom
feat/79-reuse-spdx-compliance

Conversation

@mwaldheim
Copy link
Copy Markdown
Contributor

@mwaldheim mwaldheim commented May 22, 2026

Summary

Brings the repository into full REUSE 3.x compliance — a requirement for CNCF Sandbox eligibility and CLOMonitor Green status.

Closes #79

Changes

File What
\LICENSES/Apache-2.0.txt\ Canonical license text (REUSE requires a file per SPDX ID)
.reuse/dep5\ Bulk SPDX assignment for Markdown, YAML, Makefile, go.mod/sum, Actions, config, legal files
\�pi/proto/v1/semantic_release.proto\ Replace verbose Apache boilerplate with compact SPDX tags
.github/workflows/reuse.yaml\ New CI job: \ sfe/reuse-action@v5.0.0\ (SHA-pinned) on every PR + main push
\Makefile\ Add \make reuse\ target for local checks (\pip install reuse)

Note

All .go\ files already carried correct SPDX headers from PR #87 — no changes needed there.

Checklist

@mwaldheim
feat: REUSE/SPDX compliance - license headers, LICENSES dir, dep5 bul…
c6f9aa1 
…k assignment

Closes #79

Brings the repository into full REUSE 3.x compliance:

- LICENSES/Apache-2.0.txt: canonical license text (required by REUSE spec;
  all SPDX identifiers must have a corresponding file in LICENSES/)
- .reuse/dep5: bulk SPDX assignment for non-source files (Markdown, YAML,
  Makefile, go.mod/sum, GitHub Actions, config files, legal files)
- api/proto/v1/semantic_release.proto: replace verbose Apache 2.0 boilerplate
  with compact SPDX tags (consistent with existing .go files)
- .github/workflows/reuse.yaml: new CI job using fsfe/reuse-action@v5.0.0
  (SHA-pinned) to enforce REUSE lint on every PR and push to main
- Makefile: add 'reuse' target for local compliance checks

All .go source files already carried correct SPDX headers from the initial
scaffold (PR #87).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Signed-off-by: mwaldheim <mwaldheim@users.noreply.github.com>
@mwaldheim mwaldheim added priority: high High priority type: chore Maintenance / scaffolding area: cncf CNCF compliance, governance and supply chain security labels May 22, 2026
@mwaldheim mwaldheim mentioned this pull request May 22, 2026
Open
3 tasks
Base automatically changed from feat/89-proto-definition to main May 23, 2026 17:15
@mwaldheim mwaldheim merged commit 6929203 into main May 23, 2026
@mwaldheim mwaldheim deleted the feat/79-reuse-spdx-compliance branch May 23, 2026 17:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area: cncf CNCF compliance, governance and supply chain security priority: high High priority type: chore Maintenance / scaffolding

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

REUSE compliance: SPDX license headers in all source files

1 participant

@mwaldheim