Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[License] check dependencies' binary licenses

See original GitHub issue

Search before asking

I had searched in the feature and found no similar feature requirement.

Description

Currently https://github.com/apache/incubator-seatunnel/blob/dev/tools/dependencies/known-dependencies.txt takes no effect, we have bad case like #855 that doesn’t address the new dependencies jcommander correctly. We need to find a way to address this case.

Usage Scenario

Dependencies should be checked although they were packed into a fat jar

Related issues

#jcommand

Are you willing to submit a PR?

Yes I am willing to submit a PR!

Code of Conduct

I agree to follow this project’s Code of Conduct

Issue Analytics

State:
Created 2 years ago
Comments:5 (5 by maintainers)

Top GitHub Comments

1reaction

kezhenxu94commented, Dec 30, 2021

The problem now is that we don’t have a list of the dependencies, once we got the list, we can reuse the script https://github.com/apache/dolphinscheduler/blob/dev/tools/dependencies/check-LICENSE.sh

Even we can have the dependencies from final .tgz, we can have another command to copy the dependencies that this project uses, like

./mvnw dependency:copy-dependencies -DincludeScope=runtime -DoutputDirectory=/tmp/seatunnel-dependencies

So we can generate the same file all-dependencies.txt like the one in https://github.com/apache/dolphinscheduler/blob/dev/tools/dependencies/check-LICENSE.sh , with

ls /tmp/seatunnel-dependencies > all-dependencies.txt

then everything else is the same as https://github.com/apache/dolphinscheduler/blob/dev/tools/dependencies/check-LICENSE.sh

0reactions

CalvinKirscommented, Dec 30, 2021

The problem now is that we don’t have a list of the dependencies, once we got the list, we can reuse the script https://github.com/apache/dolphinscheduler/blob/dev/tools/dependencies/check-LICENSE.sh

Even we can have the dependencies from final .tgz, we can have another command to copy the dependencies that this project uses, like
./mvnw dependency:copy-dependencies -DincludeScope=runtime -DoutputDirectory=/tmp/seatunnel-dependencies
So we can generate the same file all-dependencies.txt like the one in https://github.com/apache/dolphinscheduler/blob/dev/tools/dependencies/check-LICENSE.sh , with
ls /tmp/seatunnel-dependencies > all-dependencies.txt
then everything else is the same as https://github.com/apache/dolphinscheduler/blob/dev/tools/dependencies/check-LICENSE.sh

deeply thanks~ let me try do this

Top Results From Across the Web

licensing - How can you check if your dependencies comply to ...

I know there are tools that look through your dependency tree and can tell you all the licenses it finds so you can...

How to collect licenses of dependencies - Conan Docs

Please note that the licenses are artifacts that must exist in the binary packages to be collected, as different binary packages might have...

Third party dependencies and licensing | Apache BookKeeper

The binaries ship with third party dependencies in jar file form. ... To check that licensing is correct, generate the tarball and run...

Open source license compliance, the TL;DR version - Medium

The easiest way to find out if your JavaScript project meets its dependencies' licensing requirements. tldrlegal is a… github.com. “The easiest way to...

CopyrightReviewTools - Debian Wiki

licensed is used to check the licenses of the dependencies of a project. Modern language package managers (bower, bundler, cabal, go, npm, stack) ......