Re-enable the TagBotTriggers unit tests #322
Assignees
Labels
Comments
|
cc: @christopher-dG |
bors bot
added a commit
that referenced
this issue
Mar 8, 2021
344: Add license check to automerge guidelines r=ericphanson a=ericphanson fixes #261 by using [LicenseCheck.jl](https://github.com/ericphanson/LicenseCheck.jl) to wrap the Go library [licensecheck](https://github.com/google/licensecheck) in order to find the most likely license file and check what licenses it contains. LicenseCheck should be registered in a few hours; CI will fail until then. License-file finding strategy: this is implemented in LicenseCheck.jl. The current strategy is: if there are more than 100 toplevel files, then check any that are in a long hardcoded list (COPYING, LICENSE, GPL.txt, etc). If there are fewer than 100, then check every plaintext file at toplevel. For each file we check, `licensecheck` returns a list of licenses it has found in that file (if any), and the percent of the file covered by those licenses it found (`percent_covered`). We take the file with the highest `percent_covered` and assume that is the license file of interest. License rules: what I've currently implemented is: for each version being registered (not new packages only), there must be a file of which at least 70% of the contents are covered by identified licenses, and all of those licenses must be OSI-approved (determined by taking the `licensecheck`-obtained identifier, and seeing if it is' on a list of SDPX license identifiers which are OSI-approved, via LicenseCheck.jl). Lots of choices in all of this, and maybe these rules will lead to too many falsely-flagged packages, I'm not sure. The license guideline is enabled by a keyword argument to `run`, which is off by default so that this is not breaking. IMO we should just turn it on for General in it's config. *update*: Now also looks for a `license` key in the Project.toml and takes that as the source of truth, if it exists. --- original message Addresses #261. It doesn’t necessarily close the issue, since this PR just does the first step, which is check if a license file exists at all. Checking the license against a list of OSI compatible licenses via licensee or other tools is left for future work. The first commit moves a TagBot utility up to be used as a general RegistryCI utility, and the second uses it for a check if a license file exists. This isn't done yet because it still needs a test for the license check; I'm not totally sure how to do that because it needs an actual PR body to parse and a repo to go look at, and doesn't just care about the commits to the registry itself. I suspect the TagBot tests that use mocking might be what I should look at, but they are currently broken (#322). This is breaking because I set the license check to default to true, but we could also just set it to default to false and turn it on specifically for General, in which case it would be not breaking. (I did make sure it could be turned off since private registries may not use licenses for all their packages.) By the way, adding new guidelines to the pipeline is super easy thanks to @GunnarFarneback's recent work! Co-authored-by: Eric Hanson <5846501+ericphanson@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In #320, I disabled the TagBotTriggers unit tests because they are failing on all Julia versions (1.3, 1.5, nightly).
We should figure out why they are failing, and re-enable them.
The text was updated successfully, but these errors were encountered: