github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-06 02:34:03 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #122956 from dims/fix-license-verification-script

Browse Source 
Fix license verification script
This commit is contained in:
Kubernetes Prow Robot 2024-01-25 16:01:45 +01:00 committed by GitHub
commit 192e53590e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 21 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
hack/verify-licenses.sh
View File

@ -30,6 +30,9 @@ source "${KUBE_ROOT}/hack/lib/util.sh"
kube::golang::setup_env kube::golang::setup_env
kube::util::ensure-temp-dir kube::util::ensure-temp-dir
ARTIFACTS="${ARTIFACTS:-${PWD}/_artifacts}"
mkdir -p "$ARTIFACTS/logs/"
# Creating a new repository tree # Creating a new repository tree
# Deleting vendor directory to make go-licenses fetch license URLs from go-packages source repository # Deleting vendor directory to make go-licenses fetch license URLs from go-packages source repository
git worktree add -f "${KUBE_TEMP}"/tmp_test_licenses/kubernetes HEAD >/dev/null 2>&1 || true git worktree add -f "${KUBE_TEMP}"/tmp_test_licenses/kubernetes HEAD >/dev/null 2>&1 || true
@ -46,7 +49,6 @@ function http_code() {
curl -I -s -o /dev/null -w "%{http_code}" "$1" curl -I -s -o /dev/null -w "%{http_code}" "$1"
} }
allowed_licenses=()
packages_flagged=() packages_flagged=()
packages_url_missing=() packages_url_missing=()
exit_code=0 exit_code=0
@ -57,38 +59,36 @@ go install github.com/google/go-licenses@latest
# Fetching CNCF Approved List Of Licenses # Fetching CNCF Approved List Of Licenses
# Refer: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md # Refer: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md
curl -s 'https://spdx.org/licenses/licenses.json' -o "${KUBE_TEMP}"/licenses.json curl -s 'https://spdx.org/licenses/licenses.json' -o "${ARTIFACTS}"/licenses.json
echo '[INFO] Fetching current list of CNCF approved licenses...' echo '[INFO] Fetching current list of CNCF approved licenses...'
while read -r L; do jq -r '.licenses[] | select(.isDeprecatedLicenseId==false) .licenseId' /tmp/licenses.json | sort | uniq > "${ARTIFACTS}"/licenses.txt
allowed_licenses+=("${L}")
done < <(jq -r '.licenses[] | select(.isDeprecatedLicenseId==false) .licenseId' "${KUBE_TEMP}"/licenses.json)
# Scanning go-packages under the project & verifying against the CNCF approved list of licenses # Scanning go-packages under the project & verifying against the CNCF approved list of licenses
echo '[INFO] Starting license scan on go-packages...' echo '[INFO] Starting license scan on go-packages...'
go-licenses report ./... >> "${KUBE_TEMP}"/licenses.csv go-licenses report ./... >> "${ARTIFACTS}"/licenses.csv 2>"${ARTIFACTS}"/logs/go-licenses.log
echo -e 'PACKAGE_NAME LICENSE_NAME LICENSE_URL\n' >> "${KUBE_TEMP}"/approved_licenses.dump echo -e 'PACKAGE_NAME LICENSE_NAME LICENSE_URL\n' >> "${ARTIFACTS}"/approved_licenses.dump
while IFS=, read -r GO_PACKAGE LICENSE_URL LICENSE_NAME; do while IFS=, read -r GO_PACKAGE LICENSE_URL LICENSE_NAME; do
if ! printf -- "%s\n" "${allowed_licenses[@]}" | grep -q "^${LICENSE_NAME}$"; then if ! grep -q "^${LICENSE_NAME}$" "${ARTIFACTS}"/licenses.txt; then
echo "${GO_PACKAGE} ${LICENSE_NAME} ${LICENSE_URL}" >> "${KUBE_TEMP}"/notapproved_licenses.dump echo "${GO_PACKAGE} ${LICENSE_NAME} ${LICENSE_URL}" >> "${ARTIFACTS}"/notapproved_licenses.dump
packages_flagged+=("${GO_PACKAGE}") packages_flagged+=("${GO_PACKAGE}")
continue continue
fi fi
if [[ "${LICENSE_URL}" == 'Unknown' ]]; then if [[ "${LICENSE_URL}" == 'Unknown' ]]; then
if [[ "${GO_PACKAGE}" != k8s.io/* ]]; then if [[ "${GO_PACKAGE}" != k8s.io/* ]]; then
echo "${GO_PACKAGE} ${LICENSE_NAME} ${LICENSE_URL}" >> "${KUBE_TEMP}"/approved_licenses_with_missing_urls.dump echo "${GO_PACKAGE} ${LICENSE_NAME} ${LICENSE_URL}" >> "${ARTIFACTS}"/approved_licenses_with_missing_urls.dump
packages_url_missing+=("${GO_PACKAGE}") packages_url_missing+=("${GO_PACKAGE}")
else else
LICENSE_URL='https://github.com/kubernetes/kubernetes/blob/master/LICENSE' LICENSE_URL='https://github.com/kubernetes/kubernetes/blob/master/LICENSE'
echo "${GO_PACKAGE} ${LICENSE_NAME} ${LICENSE_URL}" >> "${KUBE_TEMP}"/approved_licenses.dump echo "${GO_PACKAGE} ${LICENSE_NAME} ${LICENSE_URL}" >> "${ARTIFACTS}"/approved_licenses.dump
fi fi
continue continue
fi fi
if [[ "$(http_code "${LICENSE_URL}")" != 404 ]]; then if [[ "$(http_code "${LICENSE_URL}")" != 404 ]]; then
echo "${GO_PACKAGE} ${LICENSE_NAME} ${LICENSE_URL}" >> "${KUBE_TEMP}"/approved_licenses.dump echo "${GO_PACKAGE} ${LICENSE_NAME} ${LICENSE_URL}" >> "${ARTIFACTS}"/approved_licenses.dump
continue continue
fi fi
@ -103,7 +103,7 @@ while IFS=, read -r GO_PACKAGE LICENSE_URL LICENSE_NAME; do
#echo "DBG: try ${dir}/${file}" #echo "DBG: try ${dir}/${file}"
if [[ "$(http_code "${dir}/${file}")" != 404 ]]; then if [[ "$(http_code "${dir}/${file}")" != 404 ]]; then
#echo "DBG: it worked" #echo "DBG: it worked"
echo "${GO_PACKAGE} ${LICENSE_NAME} ${dir}/${file}" >> "${KUBE_TEMP}"/approved_licenses.dump echo "${GO_PACKAGE} ${LICENSE_NAME} ${dir}/${file}" >> "${ARTIFACTS}"/approved_licenses.dump
break break
fi fi
#echo "DBG: still 404" #echo "DBG: still 404"
@ -111,27 +111,27 @@ while IFS=, read -r GO_PACKAGE LICENSE_URL LICENSE_NAME; do
if [[ "${dir}" == "." ]];then if [[ "${dir}" == "." ]];then
#echo "DBG: failed to find a license" #echo "DBG: failed to find a license"
packages_url_missing+=("${GO_PACKAGE}") packages_url_missing+=("${GO_PACKAGE}")
echo "${GO_PACKAGE} ${LICENSE_NAME} ${LICENSE_URL}" >> "${KUBE_TEMP}"/approved_licenses_with_missing_urls.dump echo "${GO_PACKAGE} ${LICENSE_NAME} ${LICENSE_URL}" >> "${ARTIFACTS}"/approved_licenses_with_missing_urls.dump
fi fi
done < "${KUBE_TEMP}"/licenses.csv done < "${ARTIFACTS}"/licenses.csv
awk '{ printf "%-100s : %-20s : %s\n", $1, $2, $3 }' "${KUBE_TEMP}"/approved_licenses.dump awk '{ printf "%-100s : %-20s : %s\n", $1, $2, $3 }' "${ARTIFACTS}"/approved_licenses.dump
if [[ ${#packages_url_missing[@]} -gt 0 ]]; then if [[ ${#packages_url_missing[@]} -gt 0 ]]; then
echo -e '\n[ERROR] The following go-packages in the project have unknown or unreachable license URL:' echo -e '\n[ERROR] The following go-packages in the project have unknown or unreachable license URL:'
awk '{ printf "%-100s : %-20s : %s\n", $1, $2, $3 }' "${KUBE_TEMP}"/approved_licenses_with_missing_urls.dump awk '{ printf "%-100s : %-20s : %s\n", $1, $2, $3 }' "${ARTIFACTS}"/approved_licenses_with_missing_urls.dump
exit_code=1 exit_code=1
fi fi
if [[ ${#packages_flagged[@]} -gt 0 ]]; then if [[ ${#packages_flagged[@]} -gt 0 ]]; then
kube::log::error "[ERROR] The following go-packages in the project are using non-CNCF approved licenses. Please refer to the CNCF's approved licence list for further information: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md" echo -e "\n[ERROR] The following go-packages in the project are using non-CNCF approved licenses. Please refer to the CNCF's approved licence list for further information: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md"
awk '{ printf "%-100s : %-20s : %s\n", $1, $2, $3 }' "${KUBE_TEMP}"/notapproved_licenses.dump awk '{ printf "%-100s : %-20s : %s\n", $1, $2, $3 }' "${ARTIFACTS}"/notapproved_licenses.dump
exit_code=1 exit_code=1
elif [[ "${exit_code}" -eq 1 ]]; then elif [[ "${exit_code}" -eq 1 ]]; then
kube::log::status "[ERROR] Project is using go-packages with unknown or unreachable license URLs. Please refer to the CNCF's approved licence list for further information: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md" echo -e "\n[ERROR] Project is using go-packages with unknown or unreachable license URLs. Please refer to the CNCF's approved licence list for further information: https://github.com/cncf/foundation/blob/main/allowed-third-party-license-policy.md"
else else
kube::log::status "[SUCCESS] Scan complete! All go-packages under the project are using current CNCF approved licenses!" echo -e "\n[SUCCESS] Scan complete! All go-packages under the project are using current CNCF approved licenses!"
fi fi
exit "${exit_code}" exit "${exit_code}"