Open jackjia-ibm opened 3 years ago
C dependencies, especially in Git submodules / makefile formats aren't as easy to pick up as in other languages and build tools. I think we'll need to create a new file format in the C repository which the license scanner can consume and use to generate the attribution report. I'd prefer an alternative if someone has another idea to tackle this...
The new file format would be something along the lines of zowe_license.json
, which is a []Dependency
:
With:
type Dependency = {
Name: string
Version: string
RepoURL: string
License: string // optional, we can scan RepoURL for a LICENSE file
}
And the repository file filled out as:
[ {
"Name": "libYAML",
"Version" : "1.2",
"RepoURL": "https://github.com/yaml/libyaml"
}]
It looks good to me. Or we can merge it into manifest.yaml
and define it under dependencies
or sourceDependencies
like what we do on Zowe manifest.json. Zowe launcher manifest.yaml is here.
Customer content
Is your feature request related to a problem? Please describe.
Some C applications have explicitly defined dependencies and we should include them into dependency and license scan.
For example, libYAML is imported and used by Zowe Launcher https://github.com/zowe/launcher/pull/16/files#diff-fe7afb5c9c916e521401d3fcfb4277d5071798c3baf83baf11d6071742823584R3 which is MIT license.
Describe the solution you'd like
@MarkAckert @FlappiTomic