Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: add license compliance check #3221

Merged
merged 9 commits into from
Dec 22, 2022
Merged

ci: add license compliance check #3221

merged 9 commits into from
Dec 22, 2022

Conversation

wochinge
Copy link
Contributor

@wochinge wochinge commented Sep 15, 2022
edited by ZanSara
Loading

Blocked by: #3711

Related Issues

Proposed Changes:

  • check license compliance nightly as well as PRs
  • if it fails it will send a Slack notification

How did you test it?

n/a

Notes for the reviewer

Some dependencies were flagged. We should decide how to proceed with them and mark the false alarms as such.

Checklist

@ZanSara ZanSara self-assigned this Dec 13, 2022
@ZanSara ZanSara added type:feature New feature or request topic:dependencies journey:advanced ignore-for-release-notes PRs with this flag won't be included in the release notes. topic:CI labels Dec 13, 2022
@CLAassistant
Copy link

CLAassistant commented Dec 13, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@ZanSara
Copy link
Contributor

ZanSara commented Dec 13, 2022
edited
Loading

It seems like there are 6 packages that needs to be addressed:

1st order:

2nd order:

Deep deps

  • pygments: deep dependency of streamlit
ui==0.0.0
  ...
  - streamlit [required: >=1.9.0,<2, installed: 1.15.2]
    ...
    - rich [required: >=10.11.0, installed: 12.6.0]
      ...
      - pygments [required: >=2.6.0,<3.0.0, installed: 2.13.0]
      ...
  • grpcio: used by pymilvus and ray

Some of these, being second or third order deps, seem hard to avoid. I will determine where they come from and propose a mitigation strategy.

@ZanSara ZanSara marked this pull request as ready for review December 13, 2022 13:38
@ZanSara ZanSara requested a review from a team as a code owner December 13, 2022 13:38
@ZanSara ZanSara requested review from mayankjobanputra and masci and removed request for a team and mayankjobanputra December 13, 2022 13:38
@ZanSara ZanSara mentioned this pull request Dec 13, 2022
Closed
6 tasks
@masci masci assigned masci and unassigned ZanSara Dec 21, 2022
@masci masci merged commit 33c4802 into main Dec 22, 2022
@masci masci deleted the ci/add-fossa-license-scan branch December 22, 2022 09:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@masci masci masci approved these changes

Assignees

@masci masci

Labels
ignore-for-release-notes PRs with this flag won't be included in the release notes. topic:CI topic:dependencies type:feature New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Dependency license checker with CI step
4 participants
@wochinge @CLAassistant @ZanSara @masci