[improve][build] Replace check-binary-license.sh with a Gradle task#25673
Merged
Conversation
Move LICENSE/NOTICE coverage validation of the binary distributions into a build-logic Gradle task so it integrates with the build lifecycle, depends on the producing tarballs, and no longer requires a separate bash/tar/grep/sed invocation outside of Gradle.
merlimat
approved these changes
May 5, 2026
poorbarcode
pushed a commit
to poorbarcode/pulsar
that referenced
this pull request
May 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
Validating LICENSE/NOTICE coverage of the binary distributions used to require a manual two-step ritual: build with
./gradlew assemble, then invokesrc/check-binary-license.shagainst each tarball. The shell script depends onbash/tar/grep/sed, sits outside the Gradle build lifecycle, and is wired into CI as a separate post-build step.This change ports the validation into a first-class Gradle task so:
./gradlew checkBinaryLicensebuilds the tarballs (if needed) and runs the checks,:distribution:pulsar-server-distribution:checkBinaryLicense,:distribution:pulsar-shell-distribution:checkBinaryLicense),build-logicplugin.Modifications
CheckBinaryLicenseTask(build-logic/conventions/src/main/kotlin/CheckBinaryLicenseTask.kt): a@CacheableTaskthat mirrors the legacy bash logic — enumerates bundled jars (with the same path/name exclusions), parses jar references from LICENSE/NOTICE, and runs the three checks (every non-pulsar bundled jar must appear in LICENSE; every LICENSE jar reference must be bundled; every NOTICE jar reference exceptchecker-qual.jarmust be bundled). Reads the tarball through Gradle's injectedArchiveOperations, so the task action does not captureProjectand survives configuration-cache serialization. LICENSE/NOTICE jar references are matched as regex against the bundled-jar set to preserve the existing wildcard semantics that bashgrepalready provided (e.g.org.rocksdb.*.jar).pulsar.binary-license-check-conventionsprecompiled-script plugin inbuild-logic. It registerscheckBinaryLicenseand exposes abinaryLicenseCheck { archive = ... }extension so consumers can wire the producing tarball lazily through aProviderchain. No cross-project access — configure-on-demand safe.distribution/server/build.gradle.ktsanddistribution/shell/build.gradle.kts, wired toserverDistTar/shellDistTar. The provider chain auto-derives the task dependency, so./gradlew checkBinaryLicensebuilds the tarballs first.checkBinaryLicenseinbuild.gradle.ktsthat depends on both per-distribution tasks via string-pathdependsOn, mirroring the existingserverDistTaraggregation pattern (configure-on-demand safe)..github/workflows/pulsar-ci.yamlso the existing "Check binary licenses" step in the build job invokes./gradlew checkBinaryLicense --no-configuration-cache(matching the assemble step's CC opt-out). Remove the duplicate post-Docker-build invocation in the docker job since the build-job step already covers both distributions.README.mdnext to the existing checkstyle / spotless instructions, framed around the use case of confirming that newly added/changed runtime dependencies are properly recorded.src/check-binary-license.sh.Verifying this change
This change is already covered by existing tests, namely the CI "Check binary licenses" step, which now runs the new Gradle task end-to-end.
Verified locally:
./gradlew checkBinaryLicensebuilds both distributions and runs the checks; both pass../gradlew :distribution:pulsar-server-distribution:checkBinaryLicenseand the shell variant work in isolation.UP-TO-DATEon both per-distribution tasks and the root aggregation../gradlew checkBinaryLicense --configuration-cache --configure-on-demandstores a CC entry on first run and reuses it on the second, with no CC problems reported.src/check-binary-license.shon the same tarballs — both agree (both pass; an early run flagged a missing LICENSE entry, identical to what the bash script would have flagged, confirming failure-mode parity)../gradlew spotlessCheck checkstyleMain checkstyleTestpasses.Does this pull request potentially affect one of the following parts:
If the box was checked, please highlight the changes