Skip to content

scripts: ci: check_compliance: Warn on missing Apache-2.0 license #99003

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

scripts: ci: check_compliance: Warn on missing Apache-2.0 license #99003

wants to merge 3 commits into from

Conversation

@pdgendt
Copy link
Contributor

@pdgendt pdgendt commented Nov 6, 2025
edited
Loading

Print a compliance warning if a modified file is not licensed under Apache-2.0.

Missing license files are now turned into compliance errors.

@pdgendt pdgendt requested a review from kartben November 6, 2025 12:54
kartben
kartben reviewed Nov 6, 2025
View reviewed changes
scripts/ci/check_compliance.py
paths,
"License may not be allowed",
"warning",
"error",
Copy link
Contributor

@kartben kartben Nov 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this seems like an unrelated change? We'd first need to add all okay-ish license to /LICENSES until we can turn this into an error?

Copy link
Contributor Author

@pdgendt pdgendt Nov 6, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, the PR was a draft for that reason, the intention is to add the allowed licenses alongside that change.

But I wanted to get some feedback first 🙂

EDIT: License files added

@pdgendt pdgendt force-pushed the license-apache-missing branch from f9e97ce to 7f9c2a6 Compare November 6, 2025 13:43
@pdgendt pdgendt requested a review from nashif November 6, 2025 13:44
@pdgendt pdgendt force-pushed the license-apache-missing branch from 7f9c2a6 to 1e40022 Compare November 6, 2025 13:46
@pdgendt
scripts: ci: check_compliance: Warn on missing Apache-2.0 license
3f89334 
Print a compliance warning if a modified file is not licensed under
Apache-2.0.

Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
@pdgendt pdgendt force-pushed the license-apache-missing branch from 1e40022 to 5f7a0e3 Compare November 6, 2025 13:51
@pdgendt pdgendt marked this pull request as ready for review November 6, 2025 15:07
@pdgendt
LICENSES: Add Apache 2.0 compliant licenses
0f69de6 
Add license files for the reuse tool, downloaded using reuse download.

Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
@pdgendt
scripts: ci: check_compliance: Error on non-allowed licenses
a8d128e 
Increase the severity if a file is licensed without it being allowed.

Signed-off-by: Pieter De Gendt <pieter.degendt@basalte.be>
@pdgendt pdgendt force-pushed the license-apache-missing branch from 5f7a0e3 to a8d128e Compare November 12, 2025 10:46
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 12, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@fabiobaltieri
Copy link
Member

fabiobaltieri commented Nov 12, 2025

Ok so now if any file that does not have an apache spdx header gets modified it'll fail compliance, right? Meaning that to merge it we'll have to bypass the check.

@pdgendt
Copy link
Contributor Author

pdgendt commented Nov 12, 2025

Ok so now if any file that does not have an apache spdx header gets modified it'll fail compliance, right? Meaning that to merge it we'll have to bypass the check.

Not really, if it has a compliant license header (from the LICENSES directory), but misses the apache one, it will put a non-blocking warning annotation (similar to the generic missing one currently).
If it has a non-compliant license header (missing from the LICENSES directory), it will be an error annotation and (presumably) block the merge.

nashif
nashif reviewed Nov 13, 2025
View reviewed changes
scripts/ci/check_compliance.py
files_without_apache,
"No Apache-2.0 license",
"warning",
"File is not licensed under Apache-2.0",
Copy link
Member

@nashif nashif Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is the rationale behind this? This is just going to be generating noise and might trigger someone to take unnecessary action, i.e. I change checkpatch, I get:

File:scripts/checkpatch.pl
Line:1
WARNING : Test LicenseAndCopyrightCheck warning:
No Apache-2.0 license:File is not licensed under Apache-2.0
File:scripts/checkpatch.pl
Line:1
ERROR   : Test LicenseAndCopyrightCheck failed:
License may not be allowed:License file for 'GPL-2.0' not found in /LICENSES. Please check https://docs.zephyrproject.org/latest/contribute/guidelines.html#components-using-other-licenses.
File:scripts/checkpatch.pl

so now we will error on this as well?

nashif
nashif requested changes Nov 13, 2025
View reviewed changes
Copy link
Member

@nashif nashif left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

errors on modified files that are GPL for example, checkpatch.pl

@pdgendt
Copy link
Contributor Author

pdgendt commented Nov 13, 2025

errors on modified files that are GPL for example, checkpatch.pl

Should we list and exclude these files explicitly?

what is the rationale behind this? This is just going to be generating noise

We currently have the same "noise" as the reuse tool won't find the license. The warning message is just more specific.

@fabiobaltieri
Copy link
Member

fabiobaltieri commented Nov 13, 2025
edited
Loading

Should we list and exclude these files explicitly?

They are kindof already listed in doc/LICENSING.rst, maybe we can list them in a structured way and generate that doc instead?

@nashif
Copy link
Member

nashif commented Nov 13, 2025

They are kindof already listed in doc/LICENSING.rst, maybe we can list them in a structured way and generate that doc instead?

yeah, that is something we should do, all exceptions in some yaml file, use it to generate the LICENSING.rst file and then apply exclusions when runnning reuse if that is possible. everyone will be happy.

@pdgendt pdgendt mentioned this pull request Nov 26, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kartben kartben kartben left review comments

@nashif nashif nashif requested changes

@fabiobaltieri fabiobaltieri fabiobaltieri approved these changes

@keith-zephyr keith-zephyr Awaiting requested review from keith-zephyr

@stephanosio stephanosio Awaiting requested review from stephanosio

Requested changes must be addressed to merge this pull request.

Assignees

@nashif nashif

@stephanosio stephanosio

Labels

area: Continuous Integration area: Linters

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@pdgendt @fabiobaltieri @nashif @kartben @stephanosio @zephyrbot