From 9b96ab46eee7b58353e1b96800d47035559b8937 Mon Sep 17 00:00:00 2001
From: Davanum Srinivas <davanum@gmail.com>
Date: Thu, 25 Jan 2024 03:47:09 +0000
Subject: [PATCH 1/2] Fix license verification script

---
 hack/verify-licenses.sh | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/hack/verify-licenses.sh b/hack/verify-licenses.sh
index 2c0f18e4412..a05036e28ee 100755
--- a/hack/verify-licenses.sh
+++ b/hack/verify-licenses.sh
@@ -46,7 +46,6 @@ function http_code() {
     curl -I -s -o /dev/null -w "%{http_code}" "$1"
 }
 
-allowed_licenses=()
 packages_flagged=()
 packages_url_missing=()
 exit_code=0
@@ -60,17 +59,15 @@ go install github.com/google/go-licenses@latest
 curl -s 'https://spdx.org/licenses/licenses.json' -o "${KUBE_TEMP}"/licenses.json
 
 echo '[INFO] Fetching current list of CNCF approved licenses...'
-while read -r L; do
-    allowed_licenses+=("${L}")
-done < <(jq -r '.licenses[] | select(.isDeprecatedLicenseId==false) .licenseId' "${KUBE_TEMP}"/licenses.json)
+jq -r '.licenses[] | select(.isDeprecatedLicenseId==false) .licenseId' /tmp/licenses.json | sort | uniq > "${KUBE_TEMP}"/licenses.txt
 
 # Scanning go-packages under the project & verifying against the CNCF approved list of licenses
 echo '[INFO] Starting license scan on go-packages...'
-go-licenses report ./... >> "${KUBE_TEMP}"/licenses.csv
+go-licenses report ./... >> "${KUBE_TEMP}"/licenses.csv 2>"${KUBE_TEMP}"/go-licenses.log
 
 echo -e 'PACKAGE_NAME  LICENSE_NAME  LICENSE_URL\n' >> "${KUBE_TEMP}"/approved_licenses.dump
 while IFS=, read -r GO_PACKAGE LICENSE_URL LICENSE_NAME; do
-    if ! printf -- "%s\n" "${allowed_licenses[@]}" | grep -q "^${LICENSE_NAME}$"; then
+    if ! grep -q "^${LICENSE_NAME}$" "${KUBE_TEMP}"/licenses.txt; then
         echo "${GO_PACKAGE}  ${LICENSE_NAME}  ${LICENSE_URL}" >> "${KUBE_TEMP}"/notapproved_licenses.dump
         packages_flagged+=("${GO_PACKAGE}")
         continue
@@ -125,13 +122,13 @@ fi
 
 
 if [[ ${#packages_flagged[@]} -gt 0 ]]; then
-    kube::log::error "[ERROR] The following go-packages in the project are using non-CNCF approved licenses. Please refer to the CNCF's approved licence list for further information: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md"
+    echo -e "\n[ERROR] The following go-packages in the project are using non-CNCF approved licenses. Please refer to the CNCF's approved licence list for further information: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md"
     awk '{ printf "%-100s :  %-20s : %s\n", $1, $2, $3 }' "${KUBE_TEMP}"/notapproved_licenses.dump
     exit_code=1
 elif [[ "${exit_code}" -eq 1 ]]; then
-    kube::log::status "[ERROR] Project is using go-packages with unknown or unreachable license URLs. Please refer to the CNCF's approved licence list for further information: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md"
+    echo -e "\n[ERROR] Project is using go-packages with unknown or unreachable license URLs. Please refer to the CNCF's approved licence list for further information: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md"
 else
-    kube::log::status "[SUCCESS] Scan complete! All go-packages under the project are using current CNCF approved licenses!"
+    echo -e "\n[SUCCESS] Scan complete! All go-packages under the project are using current CNCF approved licenses!"
 fi
 
 exit "${exit_code}"

From 89db64e05342ba09d9b06e06af87adde2220a25d Mon Sep 17 00:00:00 2001
From: Davanum Srinivas <davanum@gmail.com>
Date: Thu, 25 Jan 2024 03:55:22 +0000
Subject: [PATCH 2/2] collect generated files and logs

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
---
 hack/verify-licenses.sh | 33 ++++++++++++++++++---------------
 1 file changed, 18 insertions(+), 15 deletions(-)

diff --git a/hack/verify-licenses.sh b/hack/verify-licenses.sh
index a05036e28ee..2bc8235129f 100755
--- a/hack/verify-licenses.sh
+++ b/hack/verify-licenses.sh
@@ -30,6 +30,9 @@ source "${KUBE_ROOT}/hack/lib/util.sh"
 kube::golang::setup_env
 kube::util::ensure-temp-dir
 
+ARTIFACTS="${ARTIFACTS:-${PWD}/_artifacts}"
+mkdir -p "$ARTIFACTS/logs/"
+
 # Creating a new repository tree 
 # Deleting vendor directory to make go-licenses fetch license URLs from go-packages source repository
 git worktree add -f "${KUBE_TEMP}"/tmp_test_licenses/kubernetes HEAD >/dev/null 2>&1 || true
@@ -56,36 +59,36 @@ go install github.com/google/go-licenses@latest
 
 # Fetching CNCF Approved List Of Licenses
 # Refer: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md
-curl -s 'https://spdx.org/licenses/licenses.json' -o "${KUBE_TEMP}"/licenses.json
+curl -s 'https://spdx.org/licenses/licenses.json' -o "${ARTIFACTS}"/licenses.json
 
 echo '[INFO] Fetching current list of CNCF approved licenses...'
-jq -r '.licenses[] | select(.isDeprecatedLicenseId==false) .licenseId' /tmp/licenses.json | sort | uniq > "${KUBE_TEMP}"/licenses.txt
+jq -r '.licenses[] | select(.isDeprecatedLicenseId==false) .licenseId' /tmp/licenses.json | sort | uniq > "${ARTIFACTS}"/licenses.txt
 
 # Scanning go-packages under the project & verifying against the CNCF approved list of licenses
 echo '[INFO] Starting license scan on go-packages...'
-go-licenses report ./... >> "${KUBE_TEMP}"/licenses.csv 2>"${KUBE_TEMP}"/go-licenses.log
+go-licenses report ./... >> "${ARTIFACTS}"/licenses.csv 2>"${ARTIFACTS}"/logs/go-licenses.log
 
-echo -e 'PACKAGE_NAME  LICENSE_NAME  LICENSE_URL\n' >> "${KUBE_TEMP}"/approved_licenses.dump
+echo -e 'PACKAGE_NAME  LICENSE_NAME  LICENSE_URL\n' >> "${ARTIFACTS}"/approved_licenses.dump
 while IFS=, read -r GO_PACKAGE LICENSE_URL LICENSE_NAME; do
-    if ! grep -q "^${LICENSE_NAME}$" "${KUBE_TEMP}"/licenses.txt; then
-        echo "${GO_PACKAGE}  ${LICENSE_NAME}  ${LICENSE_URL}" >> "${KUBE_TEMP}"/notapproved_licenses.dump
+    if ! grep -q "^${LICENSE_NAME}$" "${ARTIFACTS}"/licenses.txt; then
+        echo "${GO_PACKAGE}  ${LICENSE_NAME}  ${LICENSE_URL}" >> "${ARTIFACTS}"/notapproved_licenses.dump
         packages_flagged+=("${GO_PACKAGE}")
         continue
     fi
 
     if [[ "${LICENSE_URL}" == 'Unknown' ]]; then
         if  [[ "${GO_PACKAGE}" != k8s.io/* ]]; then
-            echo "${GO_PACKAGE}  ${LICENSE_NAME}  ${LICENSE_URL}" >> "${KUBE_TEMP}"/approved_licenses_with_missing_urls.dump
+            echo "${GO_PACKAGE}  ${LICENSE_NAME}  ${LICENSE_URL}" >> "${ARTIFACTS}"/approved_licenses_with_missing_urls.dump
             packages_url_missing+=("${GO_PACKAGE}")
         else
             LICENSE_URL='https://github.com/kubernetes/kubernetes/blob/master/LICENSE'
-            echo "${GO_PACKAGE}  ${LICENSE_NAME}  ${LICENSE_URL}" >> "${KUBE_TEMP}"/approved_licenses.dump
+            echo "${GO_PACKAGE}  ${LICENSE_NAME}  ${LICENSE_URL}" >> "${ARTIFACTS}"/approved_licenses.dump
         fi
         continue
     fi
 
     if [[ "$(http_code "${LICENSE_URL}")" != 404 ]]; then
-        echo "${GO_PACKAGE}  ${LICENSE_NAME}  ${LICENSE_URL}" >> "${KUBE_TEMP}"/approved_licenses.dump
+        echo "${GO_PACKAGE}  ${LICENSE_NAME}  ${LICENSE_URL}" >> "${ARTIFACTS}"/approved_licenses.dump
         continue
     fi
 
@@ -100,7 +103,7 @@ while IFS=, read -r GO_PACKAGE LICENSE_URL LICENSE_NAME; do
         #echo "DBG:     try ${dir}/${file}"
         if [[ "$(http_code "${dir}/${file}")" != 404 ]]; then
             #echo "DBG:         it worked"
-            echo "${GO_PACKAGE}  ${LICENSE_NAME}  ${dir}/${file}" >> "${KUBE_TEMP}"/approved_licenses.dump
+            echo "${GO_PACKAGE}  ${LICENSE_NAME}  ${dir}/${file}" >> "${ARTIFACTS}"/approved_licenses.dump
             break
         fi
         #echo "DBG:         still 404"
@@ -108,22 +111,22 @@ while IFS=, read -r GO_PACKAGE LICENSE_URL LICENSE_NAME; do
     if [[ "${dir}" == "." ]];then
         #echo "DBG:     failed to find a license"
         packages_url_missing+=("${GO_PACKAGE}")
-        echo "${GO_PACKAGE}  ${LICENSE_NAME}  ${LICENSE_URL}" >> "${KUBE_TEMP}"/approved_licenses_with_missing_urls.dump
+        echo "${GO_PACKAGE}  ${LICENSE_NAME}  ${LICENSE_URL}" >> "${ARTIFACTS}"/approved_licenses_with_missing_urls.dump
     fi
-done < "${KUBE_TEMP}"/licenses.csv
-awk '{ printf "%-100s : %-20s : %s\n", $1, $2, $3 }' "${KUBE_TEMP}"/approved_licenses.dump
+done < "${ARTIFACTS}"/licenses.csv
+awk '{ printf "%-100s : %-20s : %s\n", $1, $2, $3 }' "${ARTIFACTS}"/approved_licenses.dump
 
 
 if [[ ${#packages_url_missing[@]} -gt 0 ]]; then
     echo -e '\n[ERROR] The following go-packages in the project have unknown or unreachable license URL:'
-    awk '{ printf "%-100s :  %-20s : %s\n", $1, $2, $3 }' "${KUBE_TEMP}"/approved_licenses_with_missing_urls.dump
+    awk '{ printf "%-100s :  %-20s : %s\n", $1, $2, $3 }' "${ARTIFACTS}"/approved_licenses_with_missing_urls.dump
     exit_code=1
 fi
 
 
 if [[ ${#packages_flagged[@]} -gt 0 ]]; then
     echo -e "\n[ERROR] The following go-packages in the project are using non-CNCF approved licenses. Please refer to the CNCF's approved licence list for further information: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md"
-    awk '{ printf "%-100s :  %-20s : %s\n", $1, $2, $3 }' "${KUBE_TEMP}"/notapproved_licenses.dump
+    awk '{ printf "%-100s :  %-20s : %s\n", $1, $2, $3 }' "${ARTIFACTS}"/notapproved_licenses.dump
     exit_code=1
 elif [[ "${exit_code}" -eq 1 ]]; then
     echo -e "\n[ERROR] Project is using go-packages with unknown or unreachable license URLs. Please refer to the CNCF's approved licence list for further information: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md"