Skip to main content

Week 7

(July, 12 2024 - July 18, 2024)

Meeting 1

(July 17, 2024)

Attendees

Discussions

  • Discussed the work done on the Fossology Github Action #PR1 with the mentors.
  • Discussed some issues that were encountered during the testing of #PR2784 by Kaushal
  • Had a brief discussion on how to improve the examples that are given in the Github workflow file.
  • Shaheem mentioned I should also start working on the documentation part for the Wiki.
  • Had a fun discussion about what to name the new repository.😁

Work Done

  • Completed the initial work on Fossology Action repository and sent out a #PR1 for the same.
  • The new Github Action allows the users to scan using the fossology scanners ( nomos, ojo and copyright ) inside their Github Actions workflows in just a few lines of configuration.
name: License scan on PR
on: [pull_request]
jobs:
compliance_check:
runs-on: ubuntu-latest
name: Perform license scan
steps:
- name: Checkout
uses: actions/checkout@v2

- name: License check
id: compliance
uses: fossology/fossology-action@v1
with:
scan_mode: ''
scanners: 'nomos ojo'
report_format: 'SPDX_JSON'

  • User can scan in various scanning modes like diff, repo and differential.
  • User can retrieve the scan results report as an artifact in Github Actions in various formats like SPDX_JSON, SPDX_YAML, SPDX_RDF and SPDX_TAG_VALUE by passing the format as an input with the action.
  • The action also allows the user to pass various custom parameters like passing their own keyword.conf or allowlist.json file.
scan_mode:
description: "Specifies whether to perform diff scans, repo scans, or differential scans. Leave blank for diff scans."
required: false
default: ""
scanners:
description: "Space-separated list of scanners to invoke."
required: true
default: "nomos ojo copyright keyword"
report_format:
description: "Report format (SPDX_JSON,SPDX_RDF,SPDX_YAML,SPDX_TAG_VALUE) to print the results in."
required: false
default: ""
keyword_conf_file_path:
description: "Path to custom keyword.conf file. (Use only with keyword scanner set to True)"
required: false
default: ""
allowlist_file_path:
description: "Path to allowlist.json file."
required: false
default: ""
from_tag:
description: "Starting tag to scan from. (Use only with differential mode)"
required: false
default: ""
to_tag:
description: "Ending tag to scan to. (Use only with differential mode)"
required: false
default: ""
  • Fixed some of the bugs in the previous PR's before they were merged.
  • Got a review from Gaurav to reduce code duplication at some places and try to maintain backward compatibility in the code.

Planning for next week

  • Refactor the code in the previous PR's to reduce code duplication (following the DRY principle) and better function handling.
  • Try to complete the line number part for the scanner parts as well.
  • Research about the next step for allowing the users to download scanned dependencies.