openculinary / frontend

The RecipeRadar Frontend is a recipe search and meal planning application
GNU Affero General Public License v3.0
13 stars 2 forks source link

Makefile: add 'license-check' step before container image finalization #226

Closed jayaddison closed 1 year ago

jayaddison commented 1 year ago

Describe the reason for these changes and the problem that they solve

In #224 it was discovered that some top-level dependencies declared in package.json were not represented in the application's bundled license list.

That has been corrected, but as noted in the issue discussion, it makes sense to add at least some basic level of automated verification to try to avoid this happening again in future.

The process adopted here is lightweight -- we find the dependencies declared in package.json, and confirm that the count of matching lines within the to-be-bundled licenses.txt matches the number of declared dependencies.

This isn't perfect, it has limitations including:

Briefly summarize the changes

  1. Add a license-check step to the project's Makefile to compare the count of top-level dependencies in package.json and the number of matching lines in licenses.txt
  2. Run the license-check step before image finalization (writing a container image to disk/committing it to the container registry) occurs

How have the changes been tested?

  1. Local testing
    • :heavy_check_mark: Happy path - license count and dependency count match
    • :heavy_check_mark: Error path - a top-level dependency's license is not present in licenses.txt

List any issues that this change relates to Resolves #224.

jayaddison commented 1 year ago

This was tested by deployment in production with concatenateModules: true. Unexpectedly, the first deployment succeeded despite the build error message appearing. That was resolved by 7e54e083cb871d8957a97c37ebbedea5c08d7edd, and production builds are now confirmed blocked when this check fails.