search

oss-review-toolkit / ort

A suite of tools to automate software compliance checks.
https://oss-review-toolkit.org
Apache License 2.0
1.57k stars 308 forks source link

config.yml is recognized but not used #8873

Closed georg-eckert-zeiss closed 2 months ago

georg-eckert-zeiss commented 2 months ago

Describe the bug

I have my own config.yml. ORT recognizes it but does not apply the values given in it.

My config:

ort:
  addAuthorsToCopyrights: true

To Reproduce

Steps to reproduce the behavior:

  1. download release 26.0.0
  2. unpack to /home/<username>/Apps/ort
  3. mkdir ~/.ort/config/config.yml
  4. gedit ~/.ort/config/config.yml
  5. enter the config text from above and save
  6. /home/<username>/Apps/ort/bin/ort config --show-active

Expected behavior

I expect to see addAuthorsToCopyrights being set to true

Console / log output

<username>@<pc>:~/dev$ /home/<username>/Apps/ort/bin/ort config --show-active
______________________________                                                      
/        \_______   \__    ___/ The OSS Review Toolkit, version 26.0.0,              
|    |   | |       _/ |    |    built with JDK 11.0.23+9, running under Java 11.0.23.
|    |   | |    |   \ |    |    Executing 'config' as '<username>' on Linux            
\________/ |____|___/ |____|    with 4 CPUs and a maximum of 12288 MiB of memory.    

Environment variables:                                                              
ORT_CONFIG_DIR = /home/<username>/.ort/config                                         
ORT_DATA_DIR = /home/<username>/.ort                                                  
HOME = /home/<username>
SHELL = /bin/bash                                                                   
TERM = xterm-256color                                                               
JAVA_HOME = /usr/lib/jvm/default-java                                               

Looking for ORT configuration in the following file:
        /home/<username>/.ort/config/config.yml

The active configuration is:

ort:
  addAuthorsToCopyrights: false
  allowedProcessEnvironmentVariableNames:
  - "CARGO_HTTP_USER_AGENT"
  - "COMPOSER_ALLOW_SUPERUSER"
  - "CONAN_LOGIN_ENCRYPTION_KEY"
  - "CONAN_LOGIN_USERNAME"
  - "CONAN_PASSWORD"
  - "CONAN_USERNAME"
  - "CONAN_USER_HOME"
  - "CONAN_USER_HOME_SHORT"
  - "DOTNET_CLI_CONTEXT_ANSI_PASS_THRU"

(...)

Environment

Output of the ort requirements command:

<username>@<pc>:~/dev$ ort requirements
______________________________                                                      
/        \_______   \__    ___/ The OSS Review Toolkit, version 26.0.0,              
|    |   | |       _/ |    |    built with JDK 11.0.23+9, running under Java 11.0.23.
|    |   | |    |   \ |    |    Executing 'requirements' as '<username>' on Linux      
\________/ |____|___/ |____|    with 4 CPUs and a maximum of 12288 MiB of memory.    

Environment variables:                                                              
ORT_CONFIG_DIR = /home/<username>/.ort/config                                         
ORT_DATA_DIR = /home/<username>/.ort                                                  
HOME = /home/<username>
SHELL = /bin/bash                                                                   
TERM = xterm-256color                                                               
JAVA_HOME = /usr/lib/jvm/default-java                                               

Looking for ORT configuration in the following file:
        /home/<username>/.ort/config/config.yml

AdviceProviderFactory plugins:
        * GitHubDefects
        * NexusIQ
        * OssIndex
        * OSV
        * VulnerableCode

OrtCommand plugins:
        * advise
        * analyze
        * compare
        * config
        * download
        * evaluate
        * migrate
        * notify
        * report
        * requirements
        * scan
        * upload-curations
        * upload-result-to-postgres
        * upload-result-to-sw360

PackageConfigurationProviderFactory plugins:
        * DefaultDir
        * Dir
        * DOS
        * OrtConfig

PackageCurationProviderFactory plugins:
        * ClearlyDefined
        * DefaultDir
        * DefaultFile
        * File
        * OrtConfig
        * SW360

PackageManagerFactory plugins:
        * Bazel
        * Bower
        * Bundler
        * Cargo
        * Carthage
        * CocoaPods
        * Composer
        * Conan
        * GoMod
        * Gradle
        * GradleInspector
        * Maven
        * NPM
        * NuGet
        * PIP
        * Pipenv
        * PNPM
        * Poetry
        * Pub
        * SBT
        * SpdxDocumentFile
        * Stack
        * SwiftPM
        * Unmanaged
        * Yarn
        * Yarn2

Reporter plugins:
        * CtrlXAutomation
        * CycloneDx
        * DocBookTemplate
        * EvaluatedModel
        * FossId
        * FossIdSnippet
        * GitLabLicenseModel
        * HtmlTemplate
        * ManPageTemplate
        * Opossum
        * PdfTemplate
        * PlainTextTemplate
        * SpdxDocument
        * StaticHtml
        * TrustSource
        * WebApp

ScannerWrapperFactory plugins:
        * Askalono
        * BoyterLc
        * DOS
        * FossId
        * Licensee
        * ScanCode
        * SCANOSS

VersionControlSystem plugins:
        * Git
        * GitRepo
        * Mercurial
        * Subversion

Scanners:
        - Askalono: Requires 'askalono' in no specific version. Tool not found.
        - BoyterLc: Requires 'lc' in no specific version. Tool not found.
        - Licensee: Requires 'licensee' in no specific version. Tool not found.
        * ScanCode: Requires 'scancode' in version >=3.0.0. Found version 32.2.0.

PackageManagers:
        - Bazel: Requires 'bazel' in version >=7.0.0. Tool not found.
        - Bower: Requires 'bower' in version >=1.8.8. Tool not found.
        - Cargo: Requires 'cargo' in no specific version. Tool not found.
        - CocoaPods: Requires 'pod' in version >=1.11.0. Tool not found.
        - Composer: Requires 'composer' in version >=1.5.0. Tool not found.
        - Conan: Requires 'conan' in version >=1.44.0 and <2.0.0. Tool not found.
        - GoMod: Requires 'go' in version >=1.21.1. Tool not found.
        * Npm: Requires 'npm' in version >=6.0.0 and <11.0.0. Found version 8.5.1.
        + NuGetInspector: Requires 'nuget-inspector' in no specific version. Could not determine the version.
        - Pipenv: Requires 'pipenv' in version >=2018.10.9. Tool not found.
        - Pnpm: Requires 'pnpm' in version >=5.0.0 and <10.0.0. Tool not found.
        - Poetry: Requires 'poetry' in no specific version. Tool not found.
        - Pub: Requires 'dart' in version >=2.10.0. Tool not found.
        - PythonInspector: Requires 'python-inspector' in version >=0.9.2. Tool not found.
        - Sbt: Requires 'sbt' in version >=0.13.0. Tool not found.
        - Stack: Requires 'stack' in version >=2.1.1. Tool not found.
        - SwiftPm: Requires 'swift' in no specific version. Tool not found.
        - Yarn: Requires 'yarn' in version >=1.3.0 and <1.23.0. Tool not found.

VersionControlSystems:
        * Git: Requires 'git' in version >=2.29.0. Found version 2.34.1.
        - GitRepo: Requires 'repo' in no specific version. Tool not found.
        - Mercurial: Requires 'hg' in no specific version. Tool not found.

Prefix legend:
        - The tool was not found in the PATH environment.
        + The tool was found in the PATH environment, but not in the required version.
        * The tool was found in the PATH environment in the required version.

ScanCode license texts found in '/home/<username>/Downloads/scancode-toolkit-v32.2.0/venv/lib/python3.10/site-packages/licensedcode/data/licenses'.

Not all tools requirements were satisfied:
        ! Some tools were not found at all.

And specify (relevant parts of) your ORT configuration (config.yml):

ort:
  addAuthorsToCopyrights: true
sschuberth commented 2 months ago

I just tried, it works for me. Please double check that the path listed at

Looking for ORT configuration in the following file:
        /home/<username>/.ort/config/config.yml

indeed matches what you edit with gedit ~/.ort/config/config.yml, i.e. that you're running as the same user.

georg-eckert-zeiss commented 2 months ago

Well, what I do is:

nano /home/<username>/.ort/config/config.yml - so fully qualified

I used ~/.ort/... here to make the example simpler. But that's not the reason. I also tried the following:

ort --config /home/<username>/dev/config.yml config --show-active

Which didn't work either. Same output, except for:

Looking for ORT configuration in the following file:
        /home/<username>/dev/config.yml
georg-eckert-zeiss commented 2 months ago

I tried again in WSL and there it works. Something seems to be messed up with my xubuntu VM. Closed.

georg-eckert-zeiss commented 2 months ago

I re-checked but I was not able to identify the cause. I created a new user and also tried in WSL. In both cases I couldn't reproduce the issue.