Week 7
(July, 12 2024 - July 18, 2024)
Meeting 1
(July 17, 2024)
Attendees
Discussions
- Discussed the work done on the Fossology Github Action #PR1 with the mentors.
- Discussed some issues that were encountered during the testing of #PR2784 by Kaushal
- Had a brief discussion on how to improve the examples that are given in the Github workflow file.
- Shaheem mentioned I should also start working on the documentation part for the Wiki.
- Had a fun discussion about what to name the new repository.😁
Work Done
- Completed the initial work on Fossology Action repository and sent out a #PR1 for the same.
- The new Github Action allows the users to scan using the fossology scanners (
nomos
,ojo
andcopyright
) inside their Github Actions workflows in just a few lines of configuration.
name: License scan on PR
on: [pull_request]
jobs:
compliance_check:
runs-on: ubuntu-latest
name: Perform license scan
steps:
- name: Checkout
uses: actions/checkout@v2
- name: License check
id: compliance
uses: fossology/fossology-action@v1
with:
scan_mode: ''
scanners: 'nomos ojo'
report_format: 'SPDX_JSON'
- User can scan in various scanning modes like
diff
,repo
anddifferential
. - User can retrieve the scan results report as an artifact in Github Actions in various formats like
SPDX_JSON
,SPDX_YAML
,SPDX_RDF
andSPDX_TAG_VALUE
by passing the format as an input with the action. - The action also allows the user to pass various custom parameters like passing their own
keyword.conf
orallowlist.json
file.
scan_mode:
description: "Specifies whether to perform diff scans, repo scans, or differential scans. Leave blank for diff scans."
required: false
default: ""
scanners:
description: "Space-separated list of scanners to invoke."
required: true
default: "nomos ojo copyright keyword"
report_format:
description: "Report format (SPDX_JSON,SPDX_RDF,SPDX_YAML,SPDX_TAG_VALUE) to print the results in."
required: false
default: ""
keyword_conf_file_path:
description: "Path to custom keyword.conf file. (Use only with keyword scanner set to True)"
required: false
default: ""
allowlist_file_path:
description: "Path to allowlist.json file."
required: false
default: ""
from_tag:
description: "Starting tag to scan from. (Use only with differential mode)"
required: false
default: ""
to_tag:
description: "Ending tag to scan to. (Use only with differential mode)"
required: false
default: ""
- Fixed some of the bugs in the previous PR's before they were merged.
- Got a review from Gaurav to reduce code duplication at some places and try to maintain backward compatibility in the code.
Planning for next week
- Refactor the code in the previous PR's to reduce code duplication (following the DRY principle) and better function handling.
- Try to complete the line number part for the scanner parts as well.
- Research about the next step for allowing the users to download scanned dependencies.