Skip to main content

Week 7

(July, 12 2024 - July 18, 2024)

Meeting 1

(July 17, 2024)

Attendees

Discussions

  • Discussed the work done on the Fossology Github Action #PR1 with the mentors.
  • Discussed some issues that were encountered during the testing of #PR2784 by Kaushal
  • Had a brief discussion on how to improve the examples that are given in the Github workflow file.
  • Shaheem mentioned I should also start working on the documentation part for the Wiki.
  • Had a fun discussion about what to name the new repository.😁

Work Done

  • Completed the initial work on Fossology Action repository and sent out a #PR1 for the same.
  • The new Github Action allows the users to scan using the fossology scanners ( nomos, ojo and copyright ) inside their Github Actions workflows in just a few lines of configuration.
name: License scan on PR
on: [pull_request]
jobs:
  compliance_check:
    runs-on: ubuntu-latest
    name: Perform license scan
    steps:
    - name: Checkout
      uses: actions/checkout@v2

    - name: License check
      id: compliance
      uses: fossology/fossology-action@v1
      with:
        scan_mode: ''
        scanners: 'nomos ojo'
        report_format: 'SPDX_JSON'

  • User can scan in various scanning modes like diff, repo and differential.
  • User can retrieve the scan results report as an artifact in Github Actions in various formats like SPDX_JSON, SPDX_YAML, SPDX_RDF and SPDX_TAG_VALUE by passing the format as an input with the action.
  • The action also allows the user to pass various custom parameters like passing their own keyword.conf or allowlist.json file.
scan_mode:
  description: "Specifies whether to perform diff scans, repo scans, or differential scans. Leave blank for diff scans."
  required: false
  default: ""
scanners:
  description: "Space-separated list of scanners to invoke."
  required: true
  default: "nomos ojo copyright keyword"
report_format:
  description: "Report format (SPDX_JSON,SPDX_RDF,SPDX_YAML,SPDX_TAG_VALUE) to print the results in."
  required: false
  default: ""
keyword_conf_file_path:
  description: "Path to custom keyword.conf file. (Use only with keyword scanner set to True)"
  required: false
  default: ""
allowlist_file_path:
  description: "Path to allowlist.json file."
  required: false
  default: ""
from_tag:
  description: "Starting tag to scan from. (Use only with differential mode)"
  required: false
  default: ""
to_tag:
  description: "Ending tag to scan to. (Use only with differential mode)"
  required: false
  default: ""
  • Fixed some of the bugs in the previous PR's before they were merged.
  • Got a review from Gaurav to reduce code duplication at some places and try to maintain backward compatibility in the code.

Planning for next week

  • Refactor the code in the previous PR's to reduce code duplication (following the DRY principle) and better function handling.
  • Try to complete the line number part for the scanner parts as well.
  • Research about the next step for allowing the users to download scanned dependencies.