gather_licenses_info does not seem to capture license of external packages

proppy commented 8 months ago

Expected Behavior

gather_licenses_info.bzl should also gather license from external packages (fetched thru WORKSPACE or Bzlmod).

Actual Behavior

gather_licenses_info.bzl only gathers license from in-tree project sources and vendored dependencies.

Steps to Reproduce the Problem

git clone https://github.com/google/xls
cd xls
bazel build //xls/dslx:interpreter_main --aspects=@rules_license//rules:gather_licenses_info.bzl%gather_licenses_info_and_write --output_groups=licenses

xls 🍡  cat bazel-bin/xls/dslx/interpreter_main_licenses_info.json | grep @
            "target": "@rules_license//licenses/spdx:Apache-2.0",

xls 🍙  bazel query --color=no --noshow_progress --noshow_loading_progress --notool_deps --noimplicit_deps 'kind(cc_library, filter("^@", deps(//xls/dslx:interpreter_main)))' --output package | grep @ | wc -l
39

Specifications

Version: bazel 6.4.0
Platform: Linux penguin 6.1.64-09049-g010fe86d9eae #1 SMP PREEMPT_DYNAMIC Thu, 1 Feb 2024 01:25:43 +0000 x86_64 GNU/Linuxw

proppy commented 8 months ago

@aiuto is that something that's already supported?

/cc @cdleary

aiuto commented 8 months ago

I'm not sure if this is a bug report or just highlighting a different problem.

gather_licenses_info should capture all license_info() and package_info() instances in BUILD files from external repositories. So for XLS you do have a license declaration at https://github.com/google/xls/blob/a9333b2b662701ecac457070eae37829467539ae/BUILD#L39 but it has no licenses_kinds. If I fix the source to be

license(
    name = "license",
    package_name = "xls",
    license_kinds = ["@rules_license//licenses/spdx:Apache-2.0"],
)

I would expect that to show up in the JSON, and it does for me. So far so good.

As far as the query goes: I'm not sure what the intent is, so let's parse it back to the minimal. bazelisk query 'deps(//xls/dslx:interpreter_main)' | grep @rules_l

This gets the license declaration, but with --notool_deps, I don't see it. That feels like a bazel bug.

The bigger problem is for modules which do not have those declarations. Most of the importers used by workspace resolution or bzlmod do not splice in a package_info(), so we know nothing. The workaround is to dump the tree created with gather_licenses_info to JSON, then merge with the lockfiles for the various langauges. This was working for Bazel's own build, until we switched to bzlmod for the build. The lock file labels changed and broke the linkage. It should be easy to fix. Alas, this is only for the java maven lockfile, so all other languages still need work.

What are you expecting from the query?

bazelbuild / rules_license