[XN2vr37d] Add license files and gradle script

build.gradle

@@ -2,7 +2,6 @@ plugins {
     id 'java-library'
     id 'com.github.johnrengelman.shadow' version '7.1.0'  apply false
     id 'maven-publish'
-    id 'antlr'
     id "com.github.hierynomus.license-report" version"0.16.1"
 }
 
@@ -127,7 +126,10 @@ subprojects {
 
 }
 
+apply from: "licenses-3rdparties.gradle"
+
 ext {
+    publicDir =  "${project.rootDir}"
     neo4jVersionEffective = project.hasProperty("neo4jVersionOverride") ? project.getProperty("neo4jVersionOverride") : "5.8.0"
     testContainersVersion = '1.17.6'
 }

common/build.gradle

@@ -33,23 +33,12 @@ dependencies {
     apt project(':processor')
     apt group: 'org.neo4j', name: 'neo4j', version: neo4jVersionEffective
 
-    antlr "org.antlr:antlr4:4.7.2", {
-        exclude group: 'org.glassfish'
-        exclude group: 'com.ibm.icu'
-        exclude group: 'org.abego.treelayout'
-    }
-
     def withoutServers = {
         exclude group: 'org.eclipse.jetty'
         exclude group: 'org.eclipse.jetty.aggregate'
         exclude group: 'org.apache.hive', module: 'hive-service'
     }
 
-    def withoutJacksons = {
-        exclude group: 'com.fasterxml.jackson.core', module: 'jackson-annotations'
-        exclude group: 'com.fasterxml.jackson.core', module: 'jackson-databind'
-    }
-
     // These will be dependencies packaged with the .jar
     api group: 'com.jayway.jsonpath', name: 'json-path', version: '2.8.0'
     api group: 'org.hdrhistogram', name: 'HdrHistogram', version: '2.1.9'
@@ -71,6 +60,8 @@ dependencies {
     compileOnly group: 'org.neo4j', name: 'neo4j', version: neo4jVersionEffective
     compileOnly group: 'org.apache.commons', name: 'commons-configuration2', version: '2.9.0'
     compileOnly group: 'com.amazonaws', name: 'aws-java-sdk-s3', version: '1.12.425'
+    // If updated check if the transitive dependency to javax.servlet.jsp:jsp-api:2.1 has also updated
+    // and remove the manual licensing check for it in licenses-3rdparties.gradle
     compileOnly group: 'org.apache.hadoop', name: 'hadoop-common', version: '3.3.5', withoutServers
     compileOnly group: 'com.google.cloud', name: 'google-cloud-storage', version: '2.6.2'
 

core/build.gradle

@@ -3,7 +3,6 @@ import org.gradle.api.internal.artifacts.DefaultExcludeRule
 plugins {
     id 'java'
     id 'maven-publish'
-    id 'antlr'
     id "com.diffplug.spotless" version "6.7.2"
 }
 
@@ -40,32 +39,10 @@ javadoc {
     options.addStringOption('Xdoclint:none', '-quiet')
 }
 
-
-generateGrammarSource {
-    arguments += ["-package", "apoc.custom"]
-}
-
 dependencies {
     apt project(':processor')
     apt group: 'org.neo4j', name: 'neo4j', version: neo4jVersionEffective
 
-    antlr "org.antlr:antlr4:4.7.2", {
-        exclude group: 'org.glassfish'
-        exclude group: 'com.ibm.icu'
-        exclude group: 'org.abego.treelayout'
-    }
-
-    def withoutServers = {
-        exclude group: 'org.eclipse.jetty'
-        exclude group: 'org.eclipse.jetty.aggregate'
-        exclude group: 'org.apache.hive', module: 'hive-service'
-    }
-
-    def withoutJacksons = {
-        exclude group: 'com.fasterxml.jackson.core', module: 'jackson-annotations'
-        exclude group: 'com.fasterxml.jackson.core', module: 'jackson-databind'
-    }
-
     // These will be dependencies packaged with the .jar
     implementation project(":common")
     implementation group: 'com.opencsv', name: 'opencsv', version: '5.7.1'

licenses-3rdparties.gradle

@@ -0,0 +1,196 @@
+// All licenses that we accept, and their aliases
+def allowList = [
+        [name: 'BSD-2-Clause', url: 'http://opensource.org/licenses/BSD-2-Clause', aliases: [
+                [name: 'BSD-style', url: 'http://www.opensource.org/licenses/bsd-license.php'],
+                [name: 'The BSD License', url: 'http://www.opensource.org/licenses/bsd-license.php'],
+                [name: 'BSD 2-Clause License'],
+                [name: 'BSD 2-Clause license', url: 'http://opensource.org/licenses/BSD-2-Clause'],
+                [name: 'BSD', url: 'http://www.jcraft.com/jzlib/LICENSE.txt'],
+                [name: 'Revised BSD', url: 'http://www.jcraft.com/jsch/LICENSE.txt'],
+        ]],
+        [name: 'BSD-3-Clause', url: 'http://opensource.org/licenses/BSD-3-Clause', aliases: [
+                [name: 'BSD-3-Clause', url: 'https://asm.ow2.io/license.html'],
+                [name: 'The BSD 3-Clause License'],
+                [name: 'The 3-Clause BSD License'],
+                [name: '3-Clause BSD License'],
+                [name: 'BSD 3-Clause'],
+                [name: 'BSD 3 Clause'],
+                [name: 'BSD 3-clause'],
+                [name: 'BSD 3-Clause License'],
+                [name: 'BSD Licence 3'],
+                [name: 'BSD License 3'],
+                [name: 'New BSD License'],
+                [name: 'New BSD license'],
+                [name: 'The New BSD License'],
+                [name: 'BSD License', url: 'http://www.antlr.org/license.html'],
+                [name: 'BSD licence', url: 'http://antlr.org/license.html'],
+                [name: 'The BSD License', url: 'http://www.antlr.org/license.html'],
+                [name: 'BSD', url: 'http://asm.ow2.org/license.html'],
+                [name: 'BSD', url: 'http://www.jcraft.com/jsch/LICENSE.txt'],
+                [name: 'BSD', url: 'https://github.com/sbt/test-interface/blob/master/LICENSE'],
+                [name: 'BSD', url: 'LICENSE.txt'],
+                [name: 'BSD 3-Clause "New" or "Revised" License (BSD-3-Clause)'],
+                [name: '', url: 'http://asm.ow2.org/license.html'],
+                [name: 'BSD', url: 'http://asm.objectweb.org/license.html'],
+        ]],
+        [name: 'Apache-2.0', url: 'https://opensource.org/licenses/Apache-2.0', aliases: [
+                [name: 'The Apache Software License, Version 2.0'],
+                [name: 'The Apache License, Version 2.0'],
+                [name: 'The Apache Software License, version 2.0'],
+                [name: 'Apache 2'],
+                [name: 'Apache v2'],
+                [name: 'Apache License, Version 2.0'],
+                [name: 'Apache License, Version 2'],
+                [name: 'Apache Software License - Version 2.0'],
+                [name: 'Apache License 2.0'],
+                [name: 'Apache License'],
+                [name: 'Apache 2.0'],
+                [name: 'Apache-2.0'],
+                [name: 'Apache 2.0 License'],
+                [name: 'ASL'],
+                [name: 'ASL 2.0'],
+                [name: 'the Apache License, ASL Version 2.0'],
+                [name: 'Apache License V2.0'],
+                [name: 'Apache License v2.0'],
+                [name: 'Apache License Version 2.0'],
+                [name: '', url: 'http://www.apache.org/licenses/LICENSE-2.0.txt'],
+        ]],
+        [name: 'MIT', url: 'https://opensource.org/licenses/MIT', aliases: [
+                [name: 'MIT'],
+                [name: 'MIT license'],
+                [name: 'MIT License'],
+                [name: 'The MIT License'],
+                [name: 'Bouncy Castle Licence'],
+                [name: 'MIT-0', url: 'https://spdx.org/licenses/MIT-0.html'],
+        ]],
+        [name: 'Eclipse Distribution License - v 1.0', url: 'https://www.eclipse.org/licenses/edl-v10.html', aliases: [
+                [name: 'Eclipse Distribution License - v 1.0', url: 'http://www.eclipse.org/org/documents/edl-v10.php'],
+                [name: 'EDL 1.0'],
+        ]],
+        [name: 'Eclipse Public License - v 1.0', url: 'https://www.eclipse.org/legal/epl-v10.html', aliases: [
+                [name: 'Eclipse Public License 1.0'],
+                [name: 'EPL', url: 'http://www.eclipse.org/legal/epl-v10.html']
+        ]],
+        [name: 'Eclipse Public License - v 2.0', url: 'http://www.eclipse.org/legal/epl-2.0.html', aliases: [
+                [name: 'Eclipse Public License 2.0'],
+                [name: 'Eclipse Public License v2.0', url: 'https://www.eclipse.org/legal/epl-v20.html'],
+                [name: 'EPL 2.0', url: 'http://www.eclipse.org/legal/epl-2.0'],
+                [name: 'Eclipse Public License - v 2.0', url: 'https://www.eclipse.org/legal/epl-v20.html']
+        ]],
+        [name: 'GNU General Public License (GPL), version 2, with the Classpath exception', url: 'http://openjdk.java.net/legal/gplv2+ce.html', aliases: [
+                [name: 'GPL-2.0'],
+                [name: 'GPL'],
+                [name: 'GNU General Public License Version 2', url: 'http://www.gnu.org/copyleft/gpl.html']
+        ]],
+        [name: 'GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1', url: 'https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html'],
+        [name: 'Public Domain, per Creative Commons CC0', url: 'http://creativecommons.org/publicdomain/zero/1.0/', aliases: [
+                [name: 'CC0'],
+                [name: 'Public Domain'],
+        ]],
+        [name: 'MPL-2.0', url: 'https://www.mozilla.org/MPL/2.0/', aliases: [
+                [name: 'Mozilla Public License Version 2.0'],
+                [name: 'Mozilla Public License, v. 2.0', url: 'http://mozilla.org/MPL/2.0/'],
+        ]],
+        [name: 'Common Development and Distribution License Version 1.0', aliases: [
+                [name: 'COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0']
+        ]],
+        [name: 'Common Development and Distribution License Version 1.1', aliases: [
+                [name: 'CDDL1.1'],
+                [name: 'CDDL 1.1'],
+                [name: 'Common Development and Distribution License (CDDL), Version 1.1'],
+                [name: 'CDDL License', url: 'http://www.opensource.org/licenses/cddl1.php']
+        ]],
+        [name: 'Common Development and Distribution License Version 1.1 and GNU General Public License, version 2 with the Classpath Exception', aliases: [
+                [name: 'CDDL1.1-GPL2/CPE'],
+                [name: 'Dual license consisting of the CDDL v1.1 and GPL v2'],
+                [name: 'CDDL + GPLv2 with classpath exception'],
+        ]],
+        [name: 'The Go license', url: 'https://golang.org/LICENSE'],
+]
+
+// Dependency license reporting
+downloadLicenses {
+    dependencyConfiguration = 'runtimeClasspath'
+    // Add licenses to some libraries which don't declare their license inside the POM. Should be rechecked if the version is updated.
+    licenses = [
+            'javax.servlet.jsp:jsp-api:2.1' : license('Common Development and Distribution License Version 1.1', null),
+    ]
+    aliases = allowList.collectEntries { lic ->
+        def actual = license(lic.name, lic.url)
+        def alternatives = lic.aliases.collect { it.url ? license(it.name, it.url) : it.name }
+        [(actual): alternatives]
+    }
+}
+
+tasks.downloadLicenses.ext.licenseToDependencyJson = { ->
+    def jsonDir = tasks.downloadLicenses.jsonDestination
+    def jsonFile = file("$jsonDir/license-dependency.json")
+    new groovy.json.JsonSlurper().parseText(jsonFile.text)
+}
+
+tasks.downloadLicenses.ext.dependencyToLicenseJson = { ->
+    def jsonDir = tasks.downloadLicenses.jsonDestination
+    def jsonFile = file("$jsonDir/dependency-license.json")
+    new groovy.json.JsonSlurper().parseText(jsonFile.text)
+}
+
+// Dependency license validation
+tasks.register("validateLicenses") {
+    group = 'license'
+    description = 'Checks 3rd-party dependency licenses against an allowlist'
+
+    dependsOn tasks.downloadLicenses
+
+    var excludeNeo4jPattern = /^(org|com)\.neo4j.*/
+    doLast {
+        def allowListedNames = allowList.collect { it.name }
+        tasks.downloadLicenses.dependencyToLicenseJson().dependencies
+                .findAll { dep -> !dep.name.matches(excludeNeo4jPattern) }
+                .findAll { dep -> allowListedNames.intersect(dep.licenses.collect { it.name }).isEmpty() }
+                .each { dep -> logger.error("In project ${project.name}: Could not find an allowed license for dependency '$dep.name'. Details: ${dep.toMapString()}") }
+                .each { dep -> throw new GradleException("The dependency '$dep.name' has no allowed license") }
+    }
+}
+tasks.check.dependsOn tasks.validateLicenses
+
+tasks.register("generateLicensesFiles") {
+    group = 'license'
+    description 'Generates a LICENSES and NOTICE file with 3rd-party dependency license information'
+
+    dependsOn tasks.downloadLicenses, tasks.validateLicenses
+
+    ext.licensesFile = file("$tasks.downloadLicenses.jsonDestination/LICENSES.txt")
+    ext.noticeFile = file("$tasks.downloadLicenses.jsonDestination/NOTICE.txt")
+    outputs.file(ext.licensesFile)
+    outputs.file(ext.noticeFile)
+    doLast {
+        // LICENSES.txt
+        licensesFile.createNewFile()
+        licensesFile.text = rootProject.file("$publicDir/licenses/headers/LICENSES-header.txt").text
+
+        tasks.downloadLicenses.licenseToDependencyJson().licences
+                .findAll { lic -> allowList.any { lic.name == it.name }}
+                .sort { it.name }.each {
+            licensesFile << '\n\n'
+            licensesFile << "------------------------------------------------------------------------------\n"
+            licensesFile << "$it.name\n"
+            it.dependencies.sort { it }.each { licensesFile << "  $it\n" }
+            licensesFile << "------------------------------------------------------------------------------\n"
+            licensesFile << '\n'
+            licensesFile << rootProject.file("$publicDir/licenses/text/$it.name").text
+        }
+
+        // NOTICE.txt
+        noticeFile.createNewFile()
+        noticeFile.text = rootProject.file("$publicDir/licenses/headers/NOTICE-header.txt").text
+        noticeFile << '\n\n'
+        noticeFile << "Third-party licenses\n"
+        noticeFile << "--------------------\n"
+        tasks.downloadLicenses.licenseToDependencyJson().licences.sort { it.name }.each {
+            noticeFile << '\n'
+            noticeFile << "$it.name\n"
+            it.dependencies.sort { it }.each { noticeFile << "  $it\n" }
+        }
+    }
+}
+tasks.check.dependsOn tasks.generateLicensesFiles

licenses/headers/LICENSES-header.txt

@@ -0,0 +1,2 @@
+This file contains the full license text of the included third party
+libraries. For an overview of the licenses see the NOTICE.txt file.

licenses/headers/NOTICE-header.txt

@@ -0,0 +1,22 @@
+Neo4j
+Copyright © 2002-2023 Neo4j Sweden AB (referred to in this notice as "Neo4j")
+[http://neo4j.com]
+
+This product includes software ("Software") developed by Neo4j.
+
+The copyright in the bundled Neo4j graph database (including the
+Software) is owned by Neo4j. The Software developed and owned
+by Neo4j is licensed under the GNU GENERAL PUBLIC LICENSE Version 3
+(http://www.fsf.org/licensing/licenses/gpl-3.0.html) ("GPL")
+to all third parties and that license, as required by the GPL, is
+included in the LICENSE.txt file.
+
+However, if you have executed an End User Software License and Services
+Agreement or an OEM Software License and Support Services Agreement, or
+another commercial license agreement with Neo4j or one of its
+affiliates (each, a "Commercial Agreement"), the terms of the license in
+such Commercial Agreement will supersede the GPL and you may use the
+software solely pursuant to the terms of the relevant Commercial
+Agreement.
+
+Full license texts are found in LICENSES.txt.

licenses/headers/source-header.txt

@@ -0,0 +1,16 @@
+Copyright (c) "Neo4j"
+Neo4j Sweden AB [http://neo4j.com]
+
+This file is part of Neo4j.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.