etorreborre
commented
1 year ago @metaclips maybe we can integrate https://github.com/embarkstudios/cargo-about into our build to at least do this on the rust side?
Open mrinalwadhwa opened 4 years ago
etorreborre
commented
1 year ago @metaclips maybe we can integrate https://github.com/embarkstudios/cargo-about into our build to at least do this on the rust side?
metaclips
commented
1 year ago @metaclips maybe we can integrate https://github.com/embarkstudios/cargo-about into our build to at least do this on the rust side?
Looks promising. Thanks.
mariannegoldin
commented
1 year ago Hi there, I am working with some new contributors to open source (and ockam) and wondering if you would be open to us working on this issue?
mrinalwadhwa
commented
1 year ago @mariannegoldin that would be fantastic! We're here to help with any questions.
deebrecke
commented
1 year ago Our team is trying to choose a first issue. We noticed that this was closed and then re-opened. Can you give us more information on what was done and what still needs to be done?
mrinalwadhwa
commented
1 year ago @deebrecke thank you for spending time on it. The closing of the issue was accidental during our triage, so nothing has been done yet.
The goal is to once a week run a github actions workflow that will list the licences of all the crates Ockam depends on and if needed create a pull request to update our NOTICE file to thank and give attributions to all the projects we depend on.
The action should run in the ockam-builder docker container which has all the tools you would need:
Here's an example of another action defined to run in the ockam-builder docker container:
https://github.com/build-trust/ockam/blob/3227d2aa5d5a21971fbd11cc8cb30aa2309de4fc/.github/workflows/rust.yml#L64-L70
You can pull and use this container locally on your machine if you want, as follows (this is big ~5GB download)
docker run --rm -it -e HOST_USER_ID=$(id -u) --volume $(pwd):/work ghcr.io/build-trust/ockam-builder:latest bashThe container has a tool called cargo deny
If you run cargo deny with following command in the root folder of the ockam repo. It shows all the licences:
» cargo deny --all-features list --config=tools/cargo-deny/deny.toml --format json
{
"licenses": [
[
"0BSD",
[
"adler 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)",
"stm32f4xx-hal 0.15.0 (registry+https://github.com/rust-lang/crates.io-index)",
"stm32h7xx-hal 0.14.0 (registry+https://github.com/rust-lang/crates.io-index)"
]
],
[
"Apache-2.0",
[
"addr2line 0.19.0 (registry+https://github.com/rust-lang/crates.io-index)",
"adler 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)",
"aead 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)",
"aes 0.7.5 (registry+https://github.com/rust-lang/crates.io-index)",
"aes-gcm 0.9.4 (registry+https://github.com/rust-lang/crates.io-index)",
"ahash 0.8.3 (registry+https://github.com/rust-lang/crates.io-index)",
"aligned 0.3.5 (registry+https://github.com/rust-lang/crates.io-index)",The action would run the above command and covert its JSON output into the following format:
Crate Name, License
adler, 0BSD
stm32f4xx-hal, 0BSDAfter the above is working, we may want to add some thank you notes around the generated text but we can tackle that in a separate next step.
Please let us know if you have any questions.
deebrecke
commented
1 year ago Thank you for the clarification on this issue. Our group has chosen a different issue as our first one. I may choose to take this on myself further down the road, but for now, if you want to open it back up (I'm not really sure how the process works), I will not be working on it for at least the next few weeks.
mrinalwadhwa
commented
1 year ago @deebrecke thank you for telling us. Let us know if you have any questions as you look at other issues. We added a bunch of new ones yesterday that are simple improvement to command help. This would make great first issues https://github.com/build-trust/ockam/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22
deebrecke
commented
1 year ago @mrinalwadhwa So sorry to be going back and forth on this one. After further research into what we chose as our first issue, my group has re-evaluated what we think we can get done and would like to try this one out, if you don't mind re-assigning it to me. Thank you for understanding the pendulum swings of eagerness and trepidation that we students go through when venturing down a new path.
metaclips
commented
1 year ago @mrinalwadhwa So sorry to be going back and forth on this one. After further research into what we chose as our first issue, my group has re-evaluated what we think we can get done and would like to try this one out, if you don't mind re-assigning it to me. Thank you for understanding the pendulum swings of eagerness and trepidation that we students go through when venturing down a new path.
Re-assigned to you 🫡
deebrecke
commented
1 year ago My team is making progress on this issue. It has been a steep learning spike for us, but we are close. Steps involved have been basically: use GitHub Action to run cargo-deny on a weekly interval, pull out the info from the JSON file and format it, run a checksum against the last run and update the notice file if any changes have been made. We are almost to the point that this works. Once this is done, a new PR will need to be signed each time to accept the changes. We want to automate the PR so that it generates whenever changes are made. While the learning spikes thus far have been beneficial and necessary, we would appreciate not re-inventing the wheel as far as auto-generating a PR. It seems likely that there are other automated processes that require periodic automated PRs and we would appreciate any assistance anyone on this project can give us to make this leg of the journey easier.
metaclips
commented
1 year ago We restrict GitHub action from creating pull requests https://github.blog/changelog/2022-05-03-github-actions-prevent-github-actions-from-creating-and-approving-pull-requests/ so we can't automate PRs. What we should do is
Create a bash script/program that'll
git add and commitTo ensure that our notice file is always up to date, we can create a GitHub action that'll
Wryhder
commented
8 months ago @deebrecke Are you still working on this? I'd love to try my hand at it if not. Please let me know.
metaclips
commented
8 months ago Thanks @Wryhder. There's a pending https://github.com/build-trust/ockam/pull/5126 please feel free to continue from there or start afresh, whichever is easier for you. I'll be assigning this issue to you now.
our notice file is quite out of date, we should look into tools that may help us generate it.