Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GH-40899: [CI][Java] Check dependency licenses #40901

Closed
wants to merge 1 commit into from

Conversation

lidavidm
Copy link
Member

@lidavidm lidavidm commented Mar 29, 2024

Rationale for this change

Check licenses of Java dependencies so that we don't accidentally pick up something that isn't fully acceptable to Apache (like the Eclipse Public License which is Category B).

What changes are included in this PR?

Run license-maven-plugin at build time. Since the plugin itself is LGPL, we don't depend on it directly, we just use it in the build scripts.

Are these changes tested?

This change itself a test.

It should fail until rebased on the fix for #40896.

Are there any user-facing changes?

No.

Copy link
Member

@jbonofre jbonofre left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good start. I think we can leverage existing Maven plugins to simplify. Let me test.

kou pushed a commit that referenced this pull request Apr 2, 2024
)

### Rationale for this change

Remove runtime dependencies on [Category B](https://apache.org/legal/resolved.html#category-b) dependencies.

### What changes are included in this PR?

- logback: move to test-only
- eclipse: remove dependency, vendor the Netty implementation we originally used

I wanted to remove javax.annotation.Generated but gRPC doesn't yet let us do that (grpc/grpc-java#9179). That's ~okay though since effectively that's a build only dependency.

### Are these changes tested?

#40901

### Are there any user-facing changes?

No.

**This PR contains a "Critical Fix".** License issues do not cause runtime issues but are important as an Apache project.
* GitHub Issue: #40896

Authored-by: David Li <li.davidm96@gmail.com>
Signed-off-by: Sutou Kouhei <kou@clear-code.com>
@lidavidm lidavidm marked this pull request as ready for review April 2, 2024 07:53
Copy link
Member

@raulcd raulcd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we merge this for 16.0.0?

fail=$((fail + 1))
fi
done
exit ${fail}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should the exit go after popd :) otherwise we can just remove the popd

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated.

@github-actions github-actions bot added awaiting changes Awaiting changes and removed awaiting committer review Awaiting committer review labels Apr 9, 2024
@lidavidm
Copy link
Member Author

lidavidm commented Apr 9, 2024

It's not exactly critical for 16.0.0. I wouldn't hold up the release. This is just to prevent future mistakes.

@jbonofre
Copy link
Member

jbonofre commented Apr 9, 2024

IMHO, it's good to have but definitely not a release blocker.

@github-actions github-actions bot added awaiting change review Awaiting change review awaiting changes Awaiting changes and removed awaiting changes Awaiting changes awaiting change review Awaiting change review labels Apr 11, 2024
@lidavidm lidavidm closed this Apr 30, 2024
tolleybot pushed a commit to tmct/arrow that referenced this pull request May 2, 2024
apache#40904)

### Rationale for this change

Remove runtime dependencies on [Category B](https://apache.org/legal/resolved.html#category-b) dependencies.

### What changes are included in this PR?

- logback: move to test-only
- eclipse: remove dependency, vendor the Netty implementation we originally used

I wanted to remove javax.annotation.Generated but gRPC doesn't yet let us do that (grpc/grpc-java#9179). That's ~okay though since effectively that's a build only dependency.

### Are these changes tested?

apache#40901

### Are there any user-facing changes?

No.

**This PR contains a "Critical Fix".** License issues do not cause runtime issues but are important as an Apache project.
* GitHub Issue: apache#40896

Authored-by: David Li <li.davidm96@gmail.com>
Signed-off-by: Sutou Kouhei <kou@clear-code.com>
tolleybot pushed a commit to tmct/arrow that referenced this pull request May 4, 2024
apache#40904)

### Rationale for this change

Remove runtime dependencies on [Category B](https://apache.org/legal/resolved.html#category-b) dependencies.

### What changes are included in this PR?

- logback: move to test-only
- eclipse: remove dependency, vendor the Netty implementation we originally used

I wanted to remove javax.annotation.Generated but gRPC doesn't yet let us do that (grpc/grpc-java#9179). That's ~okay though since effectively that's a build only dependency.

### Are these changes tested?

apache#40901

### Are there any user-facing changes?

No.

**This PR contains a "Critical Fix".** License issues do not cause runtime issues but are important as an Apache project.
* GitHub Issue: apache#40896

Authored-by: David Li <li.davidm96@gmail.com>
Signed-off-by: Sutou Kouhei <kou@clear-code.com>
rok pushed a commit to tmct/arrow that referenced this pull request May 8, 2024
apache#40904)

### Rationale for this change

Remove runtime dependencies on [Category B](https://apache.org/legal/resolved.html#category-b) dependencies.

### What changes are included in this PR?

- logback: move to test-only
- eclipse: remove dependency, vendor the Netty implementation we originally used

I wanted to remove javax.annotation.Generated but gRPC doesn't yet let us do that (grpc/grpc-java#9179). That's ~okay though since effectively that's a build only dependency.

### Are these changes tested?

apache#40901

### Are there any user-facing changes?

No.

**This PR contains a "Critical Fix".** License issues do not cause runtime issues but are important as an Apache project.
* GitHub Issue: apache#40896

Authored-by: David Li <li.davidm96@gmail.com>
Signed-off-by: Sutou Kouhei <kou@clear-code.com>
rok pushed a commit to tmct/arrow that referenced this pull request May 8, 2024
apache#40904)

### Rationale for this change

Remove runtime dependencies on [Category B](https://apache.org/legal/resolved.html#category-b) dependencies.

### What changes are included in this PR?

- logback: move to test-only
- eclipse: remove dependency, vendor the Netty implementation we originally used

I wanted to remove javax.annotation.Generated but gRPC doesn't yet let us do that (grpc/grpc-java#9179). That's ~okay though since effectively that's a build only dependency.

### Are these changes tested?

apache#40901

### Are there any user-facing changes?

No.

**This PR contains a "Critical Fix".** License issues do not cause runtime issues but are important as an Apache project.
* GitHub Issue: apache#40896

Authored-by: David Li <li.davidm96@gmail.com>
Signed-off-by: Sutou Kouhei <kou@clear-code.com>
vibhatha pushed a commit to vibhatha/arrow that referenced this pull request May 25, 2024
apache#40904)

### Rationale for this change

Remove runtime dependencies on [Category B](https://apache.org/legal/resolved.html#category-b) dependencies.

### What changes are included in this PR?

- logback: move to test-only
- eclipse: remove dependency, vendor the Netty implementation we originally used

I wanted to remove javax.annotation.Generated but gRPC doesn't yet let us do that (grpc/grpc-java#9179). That's ~okay though since effectively that's a build only dependency.

### Are these changes tested?

apache#40901

### Are there any user-facing changes?

No.

**This PR contains a "Critical Fix".** License issues do not cause runtime issues but are important as an Apache project.
* GitHub Issue: apache#40896

Authored-by: David Li <li.davidm96@gmail.com>
Signed-off-by: Sutou Kouhei <kou@clear-code.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
awaiting changes Awaiting changes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants