Closed jayaddison closed 1 year ago
This was tested by deployment in production with concatenateModules: true
. Unexpectedly, the first deployment succeeded despite the build error message appearing. That was resolved by 7e54e083cb871d8957a97c37ebbedea5c08d7edd, and production builds are now confirmed blocked when this check fails.
Describe the reason for these changes and the problem that they solve
In #224 it was discovered that some top-level dependencies declared in
package.json
were not represented in the application's bundled license list.That has been corrected, but as noted in the issue discussion, it makes sense to add at least some basic level of automated verification to try to avoid this happening again in future.
The process adopted here is lightweight -- we find the dependencies declared in
package.json
, and confirm that the count of matching lines within the to-be-bundledlicenses.txt
matches the number of declared dependencies.This isn't perfect, it has limitations including:
package.json
)licenses.txt
file could result in inaccurate license counts (allowing false positives -- test failures when in fact all licenses are included -- or worse, true negatives -- test passes despite, for example, one top-level package being absent and one top-level package appearing twice)Briefly summarize the changes
license-check
step to the project'sMakefile
to compare the count of top-level dependencies inpackage.json
and the number of matching lines inlicenses.txt
license-check
step before image finalization (writing a container image to disk/committing it to the container registry) occursHow have the changes been tested?
licenses.txt
List any issues that this change relates to Resolves #224.