Skip to main content

Week 6

(July 05, 2024 - July 11, 2024)

Meeting 1

(July 10, 2024)

Attendees

Discussions

  • Mentioned about the progress and completion of #PR2785 which adds the relevant byte info the nomos scanner's JSON Output.
  • Also got review from mentors regarding #PR2784 which allows for the user to pass a custom allowlist.json file for whitelisting certain licenses or keywords.
  • Gave a demo to the mentors on how the Github Action for Fossology Scanners works. I studied docker actions as well as composite actions and decided to go for the composite actions because:
    • Emulation on our end: Composite actions give us the flexibility to run multiple steps in our jobs which makes it easier for us to implement QEMU Emulator for cross platform image support de-facto.
    • Uploading Artifacts: Using composite actions, the user does not need to set up a separate step of uploading the results as an artifact, as we can add this step into our action itself. User can just provide the report_format key to tell the script which report to generate. Thus, it ensures less clout for the user.

Work Done

  • Completed the allowlist functionality and sent a #PR2784 for the same.

    • The user can now pass a allowlist.json file in a particular format like this:

      {
      "licenses": [
              "GPL-2.0-or-later",
              "GPL-2.0-only",
              "LGPL-2.1-or-later"
          ],
          "exclude": [
              "*/agent_tests/*",
              "src/vendor/*"
          ]
      }

    • The script looks for the file allowlist file first. If not found here, then looks for allowlist.json file in the root directory. If not found here then looks for whitelist.json. If this is also not found, populates an empty dictionary with license and exclude keys. The decision tree looks like this:

      Screenshot

  • As discussed and resolved in the previous meeting, the start, end, and len information is updated into the nomos JSON output in this #PR2785.

    Screenshot

  • Started working on the line number part for nomos and ojo scanners.

  • Researched and understood the different Github Actions and decided to go with composite actions as they allow us to customize our action in an easier manner.

  • Implemented a demo Github Action for testing and demo'd it to the mentors. Screenshot

Planning for next week

  • Need to complete the action, test all cases and boundary conditions.
  • Once the action is completed, we need to think about a name for it and publish it to the Github Marketplace.
  • After that, resume working on the line number part for the nomos and ojo scanners as well.