Add fossa check for licenses. (#2389)

Signed-off-by: Alexander Wels <awels@redhat.com> Signed-off-by: Alexander Wels <awels@redhat.com>
kubevirt · Oct 21, 2022 · bfe6e34 · bfe6e34
1 parent a222359
commit bfe6e34
Show file tree

Hide file tree

Showing 7 changed files with 89 additions and 2 deletions.
diff --git a/.fossa.yml b/.fossa.yml
@@ -0,0 +1,72 @@
+# Generated by FOSSA CLI (https://github.com/fossas/fossa-cli)
+# Visit https://fossa.com to learn more
+
+version: 3
+cli:
+  server: https://app.fossa.com
+  project: 
+    id: git@github.com:kubevirt/containerized-data-importer.git
+    name: containerized-data-importer
+    team: KubeVirt
+targets:
+  exclude:
+    - type: gradle
+    - type: npm
+    - type: rpm
+paths:
+  exclude:
+    - cluster-up
+    - staging
+
+analyze:
+  modules:
+  - name: cdi-apiserver
+    type: go
+    target: 'kubevirt.io/containerized-data-importer/cmd/cdi-apiserver'
+    path: cmd/cdi-apiserver
+    options:
+      modules-vendor: true
+      strategy: gomodules
+  - name: cdi-cloner
+    type: go
+    target: 'kubevirt.io/containerized-data-importer/cmd/cdi-cloner'
+    path: cmd/cdi-cloner
+    options:
+      modules-vendor: true
+      strategy: gomodules
+  - name: cdi-controller
+    type: go
+    target: 'kubevirt.io/containerized-data-importer/cmd/cdi-controller'
+    path: cmd/cdi-controller
+    options:
+      modules-vendor: true
+      strategy: gomodules
+  - name: cdi-importer
+    type: go
+    target: 'kubevirt.io/containerized-data-importer/cmd/cdi-importer'
+    path: cmd/cdi-importer
+    options:
+      modules-vendor: true
+      strategy: gomodules
+  - name: cdi-operator
+    type: go
+    target: 'kubevirt.io/containerized-data-importer/cmd/cdi-operator'
+    path: cmd/cdi-operator
+    options:
+      modules-vendor: true
+      strategy: gomodules
+  - name: cdi-uploadproxy
+    type: go
+    target: 'kubevirt.io/containerized-data-importer/cmd/cdi-uploadproxy'
+    path: cmd/cdi-uploadproxy
+    options:
+      modules-vendor: true
+      strategy: gomodules
+  - name: cdi-uploadserver
+    type: go
+    target: 'kubevirt.io/containerized-data-importer/cmd/cdi-uploadserver'
+    path: cmd/cdi-uploadserver
+    options:
+      modules-vendor: true
+      strategy: gomodules
+
diff --git a/Makefile b/Makefile
@@ -20,7 +20,8 @@
 		format \
 		goveralls \
 		release-description \
-		bazel-generate bazel-build bazel-build-images bazel-push-images
+		bazel-generate bazel-build bazel-build-images bazel-push-images \
+		fossa
 
 DOCKER?=1
 ifeq (${DOCKER}, 1)
@@ -159,6 +160,9 @@ generate-doc: build-docgen
 build-docgen:
 	${DO_BAZ} "BUILD_ARCH=${BUILD_ARCH} ./hack/build/bazel-build-metricsdocs.sh"
 
+fossa:
+	${DO_BAZ} "FOSSA_TOKEN_FILE=${FOSSA_TOKEN_FILE} ./hack/fossa.sh"
+
 help:
 	@echo "Usage: make [Targets ...]"
 	@echo " all "

diff --git a/go.mod b/go.mod
@@ -145,6 +145,7 @@ require (
 
 replace (
 	github.com/aws/aws-sdk-go => github.com/aws/aws-sdk-go v1.15.77
+	github.com/chzyer/logex => github.com/chzyer/logex v1.2.1
 	github.com/openshift/api => github.com/openshift/api v0.0.0-20211217221424-8779abfbd571
 	github.com/openshift/client-go => github.com/openshift/client-go v0.0.0-20211209144617-7385dd6338e3
 	github.com/openshift/library-go => github.com/mhenriks/library-go v0.0.0-20211221173158-d6e4bcc60f0a

diff --git a/go.sum b/go.sum
@@ -198,7 +198,7 @@ github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XL
 github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw=
 github.com/checkpoint-restore/go-criu/v5 v5.0.0/go.mod h1:cfwC0EG7HMUenopBsUf9d89JlCLQIfgVcNsNN0t6T2M=
 github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=

diff --git a/hack/ci/language.sh b/hack/ci/language.sh
@@ -16,6 +16,7 @@ VIOLATIONS=$(git grep -iI -E $PHRASES -- \
     ':!*generated*' \
     ':!*swagger.json*' \
     ':!hack/ci/language.sh' \
+    ':!hack/fossa.sh' \
     "${CDI_DIR}" |
     grep -v \
         -e 'ekalinin/github-markdown-toc' \

diff --git a/hack/fossa.sh b/hack/fossa.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
+FOSSA_API_KEY="$(cat $FOSSA_TOKEN_FILE)" fossa analyze
+FOSSA_API_KEY="$(cat $FOSSA_TOKEN_FILE)" fossa test --timeout=1800
+
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -1265,6 +1265,7 @@ sigs.k8s.io/structured-merge-diff/v4/value
 ## explicit; go 1.12
 sigs.k8s.io/yaml
 # github.com/aws/aws-sdk-go => github.com/aws/aws-sdk-go v1.15.77
+# github.com/chzyer/logex => github.com/chzyer/logex v1.2.1
 # github.com/openshift/api => github.com/openshift/api v0.0.0-20211217221424-8779abfbd571
 # github.com/openshift/client-go => github.com/openshift/client-go v0.0.0-20211209144617-7385dd6338e3
 # github.com/openshift/library-go => github.com/mhenriks/library-go v0.0.0-20211221173158-d6e4bcc60f0a