You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@skywalking.apache.org by GitBox <gi...@apache.org> on 2022/07/07 09:30:39 UTC
[GitHub] [skywalking-eyes] jmjoy opened a new pull request, #121: Add rust cargo support for dep command.
jmjoy opened a new pull request, #121:
URL: https://github.com/apache/skywalking-eyes/pull/121
Add rust cargo support for dep command.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-eyes] jmjoy commented on a diff in pull request #121: Add rust cargo support for dep command.
Posted by GitBox <gi...@apache.org>.
jmjoy commented on code in PR #121:
URL: https://github.com/apache/skywalking-eyes/pull/121#discussion_r915865613
##########
pkg/deps/cargo.go:
##########
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package deps
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "regexp"
+
+ "github.com/apache/skywalking-eyes/internal/logger"
+)
+
+type CargoMetadata struct {
+ Packages []CargoPackage `json:"packages"`
+}
+
+type CargoPackage struct {
+ Name string `json:"name"`
+ Version string `json:"version"`
+ License string `json:"license"`
+ LicenseFile string `json:"license_file"`
+ ManifestPath string `json:"manifest_path"`
+}
+
+type CargoTomlResolver struct {
+ Resolver
+}
+
+func (resolver *CargoTomlResolver) CanResolve(file string) bool {
+ base := filepath.Base(file)
+ logger.Log.Debugln("Base name:", base)
+ return base == "Cargo.toml"
+}
+
+// Resolve resolves licenses of all dependencies declared in the Cargo.toml file.
+func (resolver *CargoTomlResolver) Resolve(cargoTomlFile string, config *ConfigDeps, report *Report) error {
+ dir := filepath.Dir(cargoTomlFile)
+
+ download := exec.Command("cargo", "fetch")
+ logger.Log.Debugf("Run command: %v, please wait", download.String())
+ download.Stdout = os.Stdout
+ download.Stderr = os.Stderr
+ download.Dir = dir
+ if err := download.Run(); err != nil {
+ return err
+ }
+
+ cmd := exec.Command("cargo", "metadata", "--format-version=1", "--all-features")
+ cmd.Dir = dir
+ output, err := cmd.Output()
+ if err != nil {
+ return err
+ }
+
+ var metadata CargoMetadata
+ if err := json.Unmarshal(output, &metadata); err != nil {
+ return err
+ }
+
+ logger.Log.Debugln("Package size:", len(metadata.Packages))
+
+ return resolver.ResolvePackages(metadata.Packages, config, report)
+}
+
+// ResolvePackages resolves the licenses of the given packages.
+func (resolver *CargoTomlResolver) ResolvePackages(packages []CargoPackage, config *ConfigDeps, report *Report) error {
+ for i := range packages {
+ pkg := packages[i]
+
+ if config.IsExcluded(pkg.Name, pkg.Version) {
+ continue
+ }
+ if l, ok := config.GetUserConfiguredLicense(pkg.Name, pkg.Version); ok {
+ report.Resolve(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: l,
+ Version: pkg.Version,
+ })
+ continue
+ }
+ err := resolver.ResolvePackageLicense(config, &pkg, report)
+ if err != nil {
+ logger.Log.Warnf("Failed to resolve the license of <%s@%s>: %v\n", pkg.Name, pkg.Version, err)
+ report.Skip(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: Unknown,
+ Version: pkg.Version,
+ })
+ }
+ }
+ return nil
+}
+
+var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.txt)?|LICENSE-.+|COPYING(\.txt)?$`)
+
+// ResolvePackageLicense resolve the package license.
+// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
+func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
+ if pkg.License == "" {
+ return fmt.Errorf("license is empty")
+ }
Review Comment:
Sorry, but the `--output` generated files will all be empty if so.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-eyes] wu-sheng merged pull request #121: Add rust cargo support for dep command.
Posted by GitBox <gi...@apache.org>.
wu-sheng merged PR #121:
URL: https://github.com/apache/skywalking-eyes/pull/121
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-eyes] kezhenxu94 commented on a diff in pull request #121: Add rust cargo support for dep command.
Posted by GitBox <gi...@apache.org>.
kezhenxu94 commented on code in PR #121:
URL: https://github.com/apache/skywalking-eyes/pull/121#discussion_r915930657
##########
pkg/deps/cargo.go:
##########
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package deps
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "regexp"
+
+ "github.com/apache/skywalking-eyes/internal/logger"
+)
+
+type CargoMetadata struct {
+ Packages []CargoPackage `json:"packages"`
+}
+
+type CargoPackage struct {
+ Name string `json:"name"`
+ Version string `json:"version"`
+ License string `json:"license"`
+ LicenseFile string `json:"license_file"`
+ ManifestPath string `json:"manifest_path"`
+}
+
+type CargoTomlResolver struct {
+ Resolver
+}
+
+func (resolver *CargoTomlResolver) CanResolve(file string) bool {
+ base := filepath.Base(file)
+ logger.Log.Debugln("Base name:", base)
+ return base == "Cargo.toml"
+}
+
+// Resolve resolves licenses of all dependencies declared in the Cargo.toml file.
+func (resolver *CargoTomlResolver) Resolve(cargoTomlFile string, config *ConfigDeps, report *Report) error {
+ dir := filepath.Dir(cargoTomlFile)
+
+ download := exec.Command("cargo", "fetch")
+ logger.Log.Debugf("Run command: %v, please wait", download.String())
+ download.Stdout = os.Stdout
+ download.Stderr = os.Stderr
+ download.Dir = dir
+ if err := download.Run(); err != nil {
+ return err
+ }
+
+ cmd := exec.Command("cargo", "metadata", "--format-version=1", "--all-features")
+ cmd.Dir = dir
+ output, err := cmd.Output()
+ if err != nil {
+ return err
+ }
+
+ var metadata CargoMetadata
+ if err := json.Unmarshal(output, &metadata); err != nil {
+ return err
+ }
+
+ logger.Log.Debugln("Package size:", len(metadata.Packages))
+
+ return resolver.ResolvePackages(metadata.Packages, config, report)
+}
+
+// ResolvePackages resolves the licenses of the given packages.
+func (resolver *CargoTomlResolver) ResolvePackages(packages []CargoPackage, config *ConfigDeps, report *Report) error {
+ for i := range packages {
+ pkg := packages[i]
+
+ if config.IsExcluded(pkg.Name, pkg.Version) {
+ continue
+ }
+ if l, ok := config.GetUserConfiguredLicense(pkg.Name, pkg.Version); ok {
+ report.Resolve(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: l,
+ Version: pkg.Version,
+ })
+ continue
+ }
+ err := resolver.ResolvePackageLicense(config, &pkg, report)
+ if err != nil {
+ logger.Log.Warnf("Failed to resolve the license of <%s@%s>: %v\n", pkg.Name, pkg.Version, err)
+ report.Skip(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: Unknown,
+ Version: pkg.Version,
+ })
+ }
+ }
+ return nil
+}
+
+var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.txt)?|LICENSE-.+|COPYING(\.txt)?$`)
+
+// ResolvePackageLicense resolve the package license.
+// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
+func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
+ if pkg.License == "" {
+ return fmt.Errorf("license is empty")
+ }
Review Comment:
@jmjoy I think you might want to apply this patch
```diff
diff --git a/pkg/deps/cargo.go b/pkg/deps/cargo.go
index d1057ab..e2613d2 100644
--- a/pkg/deps/cargo.go
+++ b/pkg/deps/cargo.go
@@ -19,13 +19,13 @@ package deps
import (
"encoding/json"
- "fmt"
"os"
"os/exec"
"path/filepath"
"regexp"
"github.com/apache/skywalking-eyes/internal/logger"
+ "github.com/apache/skywalking-eyes/pkg/license"
)
type CargoMetadata struct {
@@ -114,10 +114,6 @@ var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.tx
// ResolvePackageLicense resolve the package license.
// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
- if pkg.License == "" {
- return fmt.Errorf("license is empty")
- }
-
dir := filepath.Dir(pkg.ManifestPath)
logger.Log.Debugf("Directory of %+v is %+v", pkg.Name, dir)
files, err := os.ReadDir(dir)
@@ -128,6 +124,8 @@ func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg
var licenseFilePath string
var licenseContent []byte
+ licenseID := pkg.License
+
for _, info := range files {
if !cargoPossibleLicenseFileName.MatchString(info.Name()) {
continue
@@ -142,11 +140,17 @@ func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg
break
}
+ if licenseID == "" { // If pkg.License is empty, identify the license ID from the license file content
+ if licenseID, err = license.Identify(string(licenseContent), config.Threshold); err != nil {
+ return err
+ }
+ }
+
report.Resolve(&Result{
Dependency: pkg.Name,
LicenseFilePath: licenseFilePath,
LicenseContent: string(licenseContent),
- LicenseSpdxID: pkg.License,
+ LicenseSpdxID: licenseID,
Version: pkg.Version,
})
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-eyes] kezhenxu94 commented on a diff in pull request #121: Add rust cargo support for dep command.
Posted by GitBox <gi...@apache.org>.
kezhenxu94 commented on code in PR #121:
URL: https://github.com/apache/skywalking-eyes/pull/121#discussion_r915758622
##########
pkg/deps/cargo.go:
##########
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package deps
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "regexp"
+
+ "github.com/apache/skywalking-eyes/internal/logger"
+)
+
+type CargoMetadata struct {
+ Packages []CargoPackage `json:"packages"`
+}
+
+type CargoPackage struct {
+ Name string `json:"name"`
+ Version string `json:"version"`
+ License string `json:"license"`
+ LicenseFile string `json:"license_file"`
+ ManifestPath string `json:"manifest_path"`
+}
+
+type CargoTomlResolver struct {
+ Resolver
+}
+
+func (resolver *CargoTomlResolver) CanResolve(file string) bool {
+ base := filepath.Base(file)
+ logger.Log.Debugln("Base name:", base)
+ return base == "Cargo.toml"
+}
+
+// Resolve resolves licenses of all dependencies declared in the Cargo.toml file.
+func (resolver *CargoTomlResolver) Resolve(cargoTomlFile string, config *ConfigDeps, report *Report) error {
+ dir := filepath.Dir(cargoTomlFile)
+
+ download := exec.Command("cargo", "fetch")
+ logger.Log.Debugf("Run command: %v, please wait", download.String())
+ download.Stdout = os.Stdout
+ download.Stderr = os.Stderr
+ download.Dir = dir
+ if err := download.Run(); err != nil {
+ return err
+ }
+
+ cmd := exec.Command("cargo", "metadata", "--format-version=1", "--all-features")
+ cmd.Dir = dir
+ output, err := cmd.Output()
+ if err != nil {
+ return err
+ }
+
+ var metadata CargoMetadata
+ if err := json.Unmarshal(output, &metadata); err != nil {
+ return err
+ }
+
+ logger.Log.Debugln("Package size:", len(metadata.Packages))
+
+ return resolver.ResolvePackages(metadata.Packages, config, report)
+}
+
+// ResolvePackages resolves the licenses of the given packages.
+func (resolver *CargoTomlResolver) ResolvePackages(packages []CargoPackage, config *ConfigDeps, report *Report) error {
+ for i := range packages {
+ pkg := packages[i]
+
+ if config.IsExcluded(pkg.Name, pkg.Version) {
+ continue
+ }
+ if l, ok := config.GetUserConfiguredLicense(pkg.Name, pkg.Version); ok {
+ report.Resolve(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: l,
+ Version: pkg.Version,
+ })
+ continue
+ }
+ err := resolver.ResolvePackageLicense(config, &pkg, report)
+ if err != nil {
+ logger.Log.Warnf("Failed to resolve the license of <%s@%s>: %v\n", pkg.Name, pkg.Version, err)
+ report.Skip(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: Unknown,
+ Version: pkg.Version,
+ })
+ }
+ }
+ return nil
+}
+
+var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.txt)?|LICENSE-.+|COPYING(\.txt)?$`)
+
+// ResolvePackageLicense resolve the package license.
+// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
+func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
+ if pkg.License == "" {
+ return fmt.Errorf("license is empty")
+ }
Review Comment:
Should be this?
```suggestion
if pkg.License != "" {
return pkg.License
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-eyes] kezhenxu94 commented on a diff in pull request #121: Add rust cargo support for dep command.
Posted by GitBox <gi...@apache.org>.
kezhenxu94 commented on code in PR #121:
URL: https://github.com/apache/skywalking-eyes/pull/121#discussion_r915861262
##########
pkg/deps/cargo.go:
##########
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package deps
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "regexp"
+
+ "github.com/apache/skywalking-eyes/internal/logger"
+)
+
+type CargoMetadata struct {
+ Packages []CargoPackage `json:"packages"`
+}
+
+type CargoPackage struct {
+ Name string `json:"name"`
+ Version string `json:"version"`
+ License string `json:"license"`
+ LicenseFile string `json:"license_file"`
+ ManifestPath string `json:"manifest_path"`
+}
+
+type CargoTomlResolver struct {
+ Resolver
+}
+
+func (resolver *CargoTomlResolver) CanResolve(file string) bool {
+ base := filepath.Base(file)
+ logger.Log.Debugln("Base name:", base)
+ return base == "Cargo.toml"
+}
+
+// Resolve resolves licenses of all dependencies declared in the Cargo.toml file.
+func (resolver *CargoTomlResolver) Resolve(cargoTomlFile string, config *ConfigDeps, report *Report) error {
+ dir := filepath.Dir(cargoTomlFile)
+
+ download := exec.Command("cargo", "fetch")
+ logger.Log.Debugf("Run command: %v, please wait", download.String())
+ download.Stdout = os.Stdout
+ download.Stderr = os.Stderr
+ download.Dir = dir
+ if err := download.Run(); err != nil {
+ return err
+ }
+
+ cmd := exec.Command("cargo", "metadata", "--format-version=1", "--all-features")
+ cmd.Dir = dir
+ output, err := cmd.Output()
+ if err != nil {
+ return err
+ }
+
+ var metadata CargoMetadata
+ if err := json.Unmarshal(output, &metadata); err != nil {
+ return err
+ }
+
+ logger.Log.Debugln("Package size:", len(metadata.Packages))
+
+ return resolver.ResolvePackages(metadata.Packages, config, report)
+}
+
+// ResolvePackages resolves the licenses of the given packages.
+func (resolver *CargoTomlResolver) ResolvePackages(packages []CargoPackage, config *ConfigDeps, report *Report) error {
+ for i := range packages {
+ pkg := packages[i]
+
+ if config.IsExcluded(pkg.Name, pkg.Version) {
+ continue
+ }
+ if l, ok := config.GetUserConfiguredLicense(pkg.Name, pkg.Version); ok {
+ report.Resolve(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: l,
+ Version: pkg.Version,
+ })
+ continue
+ }
+ err := resolver.ResolvePackageLicense(config, &pkg, report)
+ if err != nil {
+ logger.Log.Warnf("Failed to resolve the license of <%s@%s>: %v\n", pkg.Name, pkg.Version, err)
+ report.Skip(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: Unknown,
+ Version: pkg.Version,
+ })
+ }
+ }
+ return nil
+}
+
+var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.txt)?|LICENSE-.+|COPYING(\.txt)?$`)
+
+// ResolvePackageLicense resolve the package license.
+// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
+func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
+ if pkg.License == "" {
+ return fmt.Errorf("license is empty")
+ }
Review Comment:
Hi @jmjoy , I mean if `pkg.License != ""` we can just use `pkg.License` (no need to read its license file content)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-eyes] kezhenxu94 commented on a diff in pull request #121: Add rust cargo support for dep command.
Posted by GitBox <gi...@apache.org>.
kezhenxu94 commented on code in PR #121:
URL: https://github.com/apache/skywalking-eyes/pull/121#discussion_r915953200
##########
pkg/deps/cargo.go:
##########
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package deps
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "regexp"
+
+ "github.com/apache/skywalking-eyes/internal/logger"
+)
+
+type CargoMetadata struct {
+ Packages []CargoPackage `json:"packages"`
+}
+
+type CargoPackage struct {
+ Name string `json:"name"`
+ Version string `json:"version"`
+ License string `json:"license"`
+ LicenseFile string `json:"license_file"`
+ ManifestPath string `json:"manifest_path"`
+}
+
+type CargoTomlResolver struct {
+ Resolver
+}
+
+func (resolver *CargoTomlResolver) CanResolve(file string) bool {
+ base := filepath.Base(file)
+ logger.Log.Debugln("Base name:", base)
+ return base == "Cargo.toml"
+}
+
+// Resolve resolves licenses of all dependencies declared in the Cargo.toml file.
+func (resolver *CargoTomlResolver) Resolve(cargoTomlFile string, config *ConfigDeps, report *Report) error {
+ dir := filepath.Dir(cargoTomlFile)
+
+ download := exec.Command("cargo", "fetch")
+ logger.Log.Debugf("Run command: %v, please wait", download.String())
+ download.Stdout = os.Stdout
+ download.Stderr = os.Stderr
+ download.Dir = dir
+ if err := download.Run(); err != nil {
+ return err
+ }
+
+ cmd := exec.Command("cargo", "metadata", "--format-version=1", "--all-features")
+ cmd.Dir = dir
+ output, err := cmd.Output()
+ if err != nil {
+ return err
+ }
+
+ var metadata CargoMetadata
+ if err := json.Unmarshal(output, &metadata); err != nil {
+ return err
+ }
+
+ logger.Log.Debugln("Package size:", len(metadata.Packages))
+
+ return resolver.ResolvePackages(metadata.Packages, config, report)
+}
+
+// ResolvePackages resolves the licenses of the given packages.
+func (resolver *CargoTomlResolver) ResolvePackages(packages []CargoPackage, config *ConfigDeps, report *Report) error {
+ for i := range packages {
+ pkg := packages[i]
+
+ if config.IsExcluded(pkg.Name, pkg.Version) {
+ continue
+ }
+ if l, ok := config.GetUserConfiguredLicense(pkg.Name, pkg.Version); ok {
+ report.Resolve(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: l,
+ Version: pkg.Version,
+ })
+ continue
+ }
+ err := resolver.ResolvePackageLicense(config, &pkg, report)
+ if err != nil {
+ logger.Log.Warnf("Failed to resolve the license of <%s@%s>: %v\n", pkg.Name, pkg.Version, err)
+ report.Skip(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: Unknown,
+ Version: pkg.Version,
+ })
+ }
+ }
+ return nil
+}
+
+var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.txt)?|LICENSE-.+|COPYING(\.txt)?$`)
+
+// ResolvePackageLicense resolve the package license.
+// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
+func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
+ if pkg.License == "" {
+ return fmt.Errorf("license is empty")
+ }
Review Comment:
> Thanks, it's better, just push the patch to my branch? Because I open the `Allow edits and access to secrets by maintainers`.
Yes. Feel free to just `git apply` my patch and push in this PR. Or if you want me to edit I can do that too.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-eyes] kezhenxu94 commented on a diff in pull request #121: Add rust cargo support for dep command.
Posted by GitBox <gi...@apache.org>.
kezhenxu94 commented on code in PR #121:
URL: https://github.com/apache/skywalking-eyes/pull/121#discussion_r915861262
##########
pkg/deps/cargo.go:
##########
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package deps
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "regexp"
+
+ "github.com/apache/skywalking-eyes/internal/logger"
+)
+
+type CargoMetadata struct {
+ Packages []CargoPackage `json:"packages"`
+}
+
+type CargoPackage struct {
+ Name string `json:"name"`
+ Version string `json:"version"`
+ License string `json:"license"`
+ LicenseFile string `json:"license_file"`
+ ManifestPath string `json:"manifest_path"`
+}
+
+type CargoTomlResolver struct {
+ Resolver
+}
+
+func (resolver *CargoTomlResolver) CanResolve(file string) bool {
+ base := filepath.Base(file)
+ logger.Log.Debugln("Base name:", base)
+ return base == "Cargo.toml"
+}
+
+// Resolve resolves licenses of all dependencies declared in the Cargo.toml file.
+func (resolver *CargoTomlResolver) Resolve(cargoTomlFile string, config *ConfigDeps, report *Report) error {
+ dir := filepath.Dir(cargoTomlFile)
+
+ download := exec.Command("cargo", "fetch")
+ logger.Log.Debugf("Run command: %v, please wait", download.String())
+ download.Stdout = os.Stdout
+ download.Stderr = os.Stderr
+ download.Dir = dir
+ if err := download.Run(); err != nil {
+ return err
+ }
+
+ cmd := exec.Command("cargo", "metadata", "--format-version=1", "--all-features")
+ cmd.Dir = dir
+ output, err := cmd.Output()
+ if err != nil {
+ return err
+ }
+
+ var metadata CargoMetadata
+ if err := json.Unmarshal(output, &metadata); err != nil {
+ return err
+ }
+
+ logger.Log.Debugln("Package size:", len(metadata.Packages))
+
+ return resolver.ResolvePackages(metadata.Packages, config, report)
+}
+
+// ResolvePackages resolves the licenses of the given packages.
+func (resolver *CargoTomlResolver) ResolvePackages(packages []CargoPackage, config *ConfigDeps, report *Report) error {
+ for i := range packages {
+ pkg := packages[i]
+
+ if config.IsExcluded(pkg.Name, pkg.Version) {
+ continue
+ }
+ if l, ok := config.GetUserConfiguredLicense(pkg.Name, pkg.Version); ok {
+ report.Resolve(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: l,
+ Version: pkg.Version,
+ })
+ continue
+ }
+ err := resolver.ResolvePackageLicense(config, &pkg, report)
+ if err != nil {
+ logger.Log.Warnf("Failed to resolve the license of <%s@%s>: %v\n", pkg.Name, pkg.Version, err)
+ report.Skip(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: Unknown,
+ Version: pkg.Version,
+ })
+ }
+ }
+ return nil
+}
+
+var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.txt)?|LICENSE-.+|COPYING(\.txt)?$`)
+
+// ResolvePackageLicense resolve the package license.
+// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
+func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
+ if pkg.License == "" {
+ return fmt.Errorf("license is empty")
+ }
Review Comment:
Hi @jmjoy , I mean if `pkg.License != ""` we can just use `pkg.License` (no need to read its license file content and just return here)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-eyes] jmjoy commented on a diff in pull request #121: Add rust cargo support for dep command.
Posted by GitBox <gi...@apache.org>.
jmjoy commented on code in PR #121:
URL: https://github.com/apache/skywalking-eyes/pull/121#discussion_r915964043
##########
pkg/deps/cargo.go:
##########
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package deps
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "regexp"
+
+ "github.com/apache/skywalking-eyes/internal/logger"
+)
+
+type CargoMetadata struct {
+ Packages []CargoPackage `json:"packages"`
+}
+
+type CargoPackage struct {
+ Name string `json:"name"`
+ Version string `json:"version"`
+ License string `json:"license"`
+ LicenseFile string `json:"license_file"`
+ ManifestPath string `json:"manifest_path"`
+}
+
+type CargoTomlResolver struct {
+ Resolver
+}
+
+func (resolver *CargoTomlResolver) CanResolve(file string) bool {
+ base := filepath.Base(file)
+ logger.Log.Debugln("Base name:", base)
+ return base == "Cargo.toml"
+}
+
+// Resolve resolves licenses of all dependencies declared in the Cargo.toml file.
+func (resolver *CargoTomlResolver) Resolve(cargoTomlFile string, config *ConfigDeps, report *Report) error {
+ dir := filepath.Dir(cargoTomlFile)
+
+ download := exec.Command("cargo", "fetch")
+ logger.Log.Debugf("Run command: %v, please wait", download.String())
+ download.Stdout = os.Stdout
+ download.Stderr = os.Stderr
+ download.Dir = dir
+ if err := download.Run(); err != nil {
+ return err
+ }
+
+ cmd := exec.Command("cargo", "metadata", "--format-version=1", "--all-features")
+ cmd.Dir = dir
+ output, err := cmd.Output()
+ if err != nil {
+ return err
+ }
+
+ var metadata CargoMetadata
+ if err := json.Unmarshal(output, &metadata); err != nil {
+ return err
+ }
+
+ logger.Log.Debugln("Package size:", len(metadata.Packages))
+
+ return resolver.ResolvePackages(metadata.Packages, config, report)
+}
+
+// ResolvePackages resolves the licenses of the given packages.
+func (resolver *CargoTomlResolver) ResolvePackages(packages []CargoPackage, config *ConfigDeps, report *Report) error {
+ for i := range packages {
+ pkg := packages[i]
+
+ if config.IsExcluded(pkg.Name, pkg.Version) {
+ continue
+ }
+ if l, ok := config.GetUserConfiguredLicense(pkg.Name, pkg.Version); ok {
+ report.Resolve(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: l,
+ Version: pkg.Version,
+ })
+ continue
+ }
+ err := resolver.ResolvePackageLicense(config, &pkg, report)
+ if err != nil {
+ logger.Log.Warnf("Failed to resolve the license of <%s@%s>: %v\n", pkg.Name, pkg.Version, err)
+ report.Skip(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: Unknown,
+ Version: pkg.Version,
+ })
+ }
+ }
+ return nil
+}
+
+var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.txt)?|LICENSE-.+|COPYING(\.txt)?$`)
+
+// ResolvePackageLicense resolve the package license.
+// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
+func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
+ if pkg.License == "" {
+ return fmt.Errorf("license is empty")
+ }
Review Comment:
@kezhenxu94 Done.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-eyes] jmjoy commented on a diff in pull request #121: Add rust cargo support for dep command.
Posted by GitBox <gi...@apache.org>.
jmjoy commented on code in PR #121:
URL: https://github.com/apache/skywalking-eyes/pull/121#discussion_r915879785
##########
pkg/deps/cargo.go:
##########
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package deps
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "regexp"
+
+ "github.com/apache/skywalking-eyes/internal/logger"
+)
+
+type CargoMetadata struct {
+ Packages []CargoPackage `json:"packages"`
+}
+
+type CargoPackage struct {
+ Name string `json:"name"`
+ Version string `json:"version"`
+ License string `json:"license"`
+ LicenseFile string `json:"license_file"`
+ ManifestPath string `json:"manifest_path"`
+}
+
+type CargoTomlResolver struct {
+ Resolver
+}
+
+func (resolver *CargoTomlResolver) CanResolve(file string) bool {
+ base := filepath.Base(file)
+ logger.Log.Debugln("Base name:", base)
+ return base == "Cargo.toml"
+}
+
+// Resolve resolves licenses of all dependencies declared in the Cargo.toml file.
+func (resolver *CargoTomlResolver) Resolve(cargoTomlFile string, config *ConfigDeps, report *Report) error {
+ dir := filepath.Dir(cargoTomlFile)
+
+ download := exec.Command("cargo", "fetch")
+ logger.Log.Debugf("Run command: %v, please wait", download.String())
+ download.Stdout = os.Stdout
+ download.Stderr = os.Stderr
+ download.Dir = dir
+ if err := download.Run(); err != nil {
+ return err
+ }
+
+ cmd := exec.Command("cargo", "metadata", "--format-version=1", "--all-features")
+ cmd.Dir = dir
+ output, err := cmd.Output()
+ if err != nil {
+ return err
+ }
+
+ var metadata CargoMetadata
+ if err := json.Unmarshal(output, &metadata); err != nil {
+ return err
+ }
+
+ logger.Log.Debugln("Package size:", len(metadata.Packages))
+
+ return resolver.ResolvePackages(metadata.Packages, config, report)
+}
+
+// ResolvePackages resolves the licenses of the given packages.
+func (resolver *CargoTomlResolver) ResolvePackages(packages []CargoPackage, config *ConfigDeps, report *Report) error {
+ for i := range packages {
+ pkg := packages[i]
+
+ if config.IsExcluded(pkg.Name, pkg.Version) {
+ continue
+ }
+ if l, ok := config.GetUserConfiguredLicense(pkg.Name, pkg.Version); ok {
+ report.Resolve(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: l,
+ Version: pkg.Version,
+ })
+ continue
+ }
+ err := resolver.ResolvePackageLicense(config, &pkg, report)
+ if err != nil {
+ logger.Log.Warnf("Failed to resolve the license of <%s@%s>: %v\n", pkg.Name, pkg.Version, err)
+ report.Skip(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: Unknown,
+ Version: pkg.Version,
+ })
+ }
+ }
+ return nil
+}
+
+var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.txt)?|LICENSE-.+|COPYING(\.txt)?$`)
+
+// ResolvePackageLicense resolve the package license.
+// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
+func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
+ if pkg.License == "" {
+ return fmt.Errorf("license is empty")
+ }
Review Comment:
@kezhenxu94 In fact, I don't need the --output parameter, but I saw that this parameter originally existed, so I implemented it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-eyes] kezhenxu94 commented on a diff in pull request #121: Add rust cargo support for dep command.
Posted by GitBox <gi...@apache.org>.
kezhenxu94 commented on code in PR #121:
URL: https://github.com/apache/skywalking-eyes/pull/121#discussion_r915758622
##########
pkg/deps/cargo.go:
##########
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package deps
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "regexp"
+
+ "github.com/apache/skywalking-eyes/internal/logger"
+)
+
+type CargoMetadata struct {
+ Packages []CargoPackage `json:"packages"`
+}
+
+type CargoPackage struct {
+ Name string `json:"name"`
+ Version string `json:"version"`
+ License string `json:"license"`
+ LicenseFile string `json:"license_file"`
+ ManifestPath string `json:"manifest_path"`
+}
+
+type CargoTomlResolver struct {
+ Resolver
+}
+
+func (resolver *CargoTomlResolver) CanResolve(file string) bool {
+ base := filepath.Base(file)
+ logger.Log.Debugln("Base name:", base)
+ return base == "Cargo.toml"
+}
+
+// Resolve resolves licenses of all dependencies declared in the Cargo.toml file.
+func (resolver *CargoTomlResolver) Resolve(cargoTomlFile string, config *ConfigDeps, report *Report) error {
+ dir := filepath.Dir(cargoTomlFile)
+
+ download := exec.Command("cargo", "fetch")
+ logger.Log.Debugf("Run command: %v, please wait", download.String())
+ download.Stdout = os.Stdout
+ download.Stderr = os.Stderr
+ download.Dir = dir
+ if err := download.Run(); err != nil {
+ return err
+ }
+
+ cmd := exec.Command("cargo", "metadata", "--format-version=1", "--all-features")
+ cmd.Dir = dir
+ output, err := cmd.Output()
+ if err != nil {
+ return err
+ }
+
+ var metadata CargoMetadata
+ if err := json.Unmarshal(output, &metadata); err != nil {
+ return err
+ }
+
+ logger.Log.Debugln("Package size:", len(metadata.Packages))
+
+ return resolver.ResolvePackages(metadata.Packages, config, report)
+}
+
+// ResolvePackages resolves the licenses of the given packages.
+func (resolver *CargoTomlResolver) ResolvePackages(packages []CargoPackage, config *ConfigDeps, report *Report) error {
+ for i := range packages {
+ pkg := packages[i]
+
+ if config.IsExcluded(pkg.Name, pkg.Version) {
+ continue
+ }
+ if l, ok := config.GetUserConfiguredLicense(pkg.Name, pkg.Version); ok {
+ report.Resolve(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: l,
+ Version: pkg.Version,
+ })
+ continue
+ }
+ err := resolver.ResolvePackageLicense(config, &pkg, report)
+ if err != nil {
+ logger.Log.Warnf("Failed to resolve the license of <%s@%s>: %v\n", pkg.Name, pkg.Version, err)
+ report.Skip(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: Unknown,
+ Version: pkg.Version,
+ })
+ }
+ }
+ return nil
+}
+
+var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.txt)?|LICENSE-.+|COPYING(\.txt)?$`)
+
+// ResolvePackageLicense resolve the package license.
+// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
+func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
+ if pkg.License == "" {
+ return fmt.Errorf("license is empty")
+ }
Review Comment:
Should be this?
```suggestion
if pkg.License != "" {
report.Resolve(&Result{
Dependency: pkg.Name,
LicenseSpdxID: pkg.License,
Version: pkg.Version,
})
return nil
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-eyes] kezhenxu94 commented on a diff in pull request #121: Add rust cargo support for dep command.
Posted by GitBox <gi...@apache.org>.
kezhenxu94 commented on code in PR #121:
URL: https://github.com/apache/skywalking-eyes/pull/121#discussion_r915924263
##########
pkg/deps/cargo.go:
##########
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package deps
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "regexp"
+
+ "github.com/apache/skywalking-eyes/internal/logger"
+)
+
+type CargoMetadata struct {
+ Packages []CargoPackage `json:"packages"`
+}
+
+type CargoPackage struct {
+ Name string `json:"name"`
+ Version string `json:"version"`
+ License string `json:"license"`
+ LicenseFile string `json:"license_file"`
+ ManifestPath string `json:"manifest_path"`
+}
+
+type CargoTomlResolver struct {
+ Resolver
+}
+
+func (resolver *CargoTomlResolver) CanResolve(file string) bool {
+ base := filepath.Base(file)
+ logger.Log.Debugln("Base name:", base)
+ return base == "Cargo.toml"
+}
+
+// Resolve resolves licenses of all dependencies declared in the Cargo.toml file.
+func (resolver *CargoTomlResolver) Resolve(cargoTomlFile string, config *ConfigDeps, report *Report) error {
+ dir := filepath.Dir(cargoTomlFile)
+
+ download := exec.Command("cargo", "fetch")
+ logger.Log.Debugf("Run command: %v, please wait", download.String())
+ download.Stdout = os.Stdout
+ download.Stderr = os.Stderr
+ download.Dir = dir
+ if err := download.Run(); err != nil {
+ return err
+ }
+
+ cmd := exec.Command("cargo", "metadata", "--format-version=1", "--all-features")
+ cmd.Dir = dir
+ output, err := cmd.Output()
+ if err != nil {
+ return err
+ }
+
+ var metadata CargoMetadata
+ if err := json.Unmarshal(output, &metadata); err != nil {
+ return err
+ }
+
+ logger.Log.Debugln("Package size:", len(metadata.Packages))
+
+ return resolver.ResolvePackages(metadata.Packages, config, report)
+}
+
+// ResolvePackages resolves the licenses of the given packages.
+func (resolver *CargoTomlResolver) ResolvePackages(packages []CargoPackage, config *ConfigDeps, report *Report) error {
+ for i := range packages {
+ pkg := packages[i]
+
+ if config.IsExcluded(pkg.Name, pkg.Version) {
+ continue
+ }
+ if l, ok := config.GetUserConfiguredLicense(pkg.Name, pkg.Version); ok {
+ report.Resolve(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: l,
+ Version: pkg.Version,
+ })
+ continue
+ }
+ err := resolver.ResolvePackageLicense(config, &pkg, report)
+ if err != nil {
+ logger.Log.Warnf("Failed to resolve the license of <%s@%s>: %v\n", pkg.Name, pkg.Version, err)
+ report.Skip(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: Unknown,
+ Version: pkg.Version,
+ })
+ }
+ }
+ return nil
+}
+
+var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.txt)?|LICENSE-.+|COPYING(\.txt)?$`)
+
+// ResolvePackageLicense resolve the package license.
+// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
+func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
+ if pkg.License == "" {
+ return fmt.Errorf("license is empty")
+ }
Review Comment:
OK. Then we don't need this `if` statement. This will basically report a false negative case if the `pkg.license` field is empty but there is a license file in the crate
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-eyes] jmjoy commented on a diff in pull request #121: Add rust cargo support for dep command.
Posted by GitBox <gi...@apache.org>.
jmjoy commented on code in PR #121:
URL: https://github.com/apache/skywalking-eyes/pull/121#discussion_r915938125
##########
pkg/deps/cargo.go:
##########
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package deps
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "regexp"
+
+ "github.com/apache/skywalking-eyes/internal/logger"
+)
+
+type CargoMetadata struct {
+ Packages []CargoPackage `json:"packages"`
+}
+
+type CargoPackage struct {
+ Name string `json:"name"`
+ Version string `json:"version"`
+ License string `json:"license"`
+ LicenseFile string `json:"license_file"`
+ ManifestPath string `json:"manifest_path"`
+}
+
+type CargoTomlResolver struct {
+ Resolver
+}
+
+func (resolver *CargoTomlResolver) CanResolve(file string) bool {
+ base := filepath.Base(file)
+ logger.Log.Debugln("Base name:", base)
+ return base == "Cargo.toml"
+}
+
+// Resolve resolves licenses of all dependencies declared in the Cargo.toml file.
+func (resolver *CargoTomlResolver) Resolve(cargoTomlFile string, config *ConfigDeps, report *Report) error {
+ dir := filepath.Dir(cargoTomlFile)
+
+ download := exec.Command("cargo", "fetch")
+ logger.Log.Debugf("Run command: %v, please wait", download.String())
+ download.Stdout = os.Stdout
+ download.Stderr = os.Stderr
+ download.Dir = dir
+ if err := download.Run(); err != nil {
+ return err
+ }
+
+ cmd := exec.Command("cargo", "metadata", "--format-version=1", "--all-features")
+ cmd.Dir = dir
+ output, err := cmd.Output()
+ if err != nil {
+ return err
+ }
+
+ var metadata CargoMetadata
+ if err := json.Unmarshal(output, &metadata); err != nil {
+ return err
+ }
+
+ logger.Log.Debugln("Package size:", len(metadata.Packages))
+
+ return resolver.ResolvePackages(metadata.Packages, config, report)
+}
+
+// ResolvePackages resolves the licenses of the given packages.
+func (resolver *CargoTomlResolver) ResolvePackages(packages []CargoPackage, config *ConfigDeps, report *Report) error {
+ for i := range packages {
+ pkg := packages[i]
+
+ if config.IsExcluded(pkg.Name, pkg.Version) {
+ continue
+ }
+ if l, ok := config.GetUserConfiguredLicense(pkg.Name, pkg.Version); ok {
+ report.Resolve(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: l,
+ Version: pkg.Version,
+ })
+ continue
+ }
+ err := resolver.ResolvePackageLicense(config, &pkg, report)
+ if err != nil {
+ logger.Log.Warnf("Failed to resolve the license of <%s@%s>: %v\n", pkg.Name, pkg.Version, err)
+ report.Skip(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: Unknown,
+ Version: pkg.Version,
+ })
+ }
+ }
+ return nil
+}
+
+var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.txt)?|LICENSE-.+|COPYING(\.txt)?$`)
+
+// ResolvePackageLicense resolve the package license.
+// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
+func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
+ if pkg.License == "" {
+ return fmt.Errorf("license is empty")
+ }
Review Comment:
Thanks, it's better, just push the patch to my branch? Because I open the `Allow edits and access to secrets by maintainers`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-eyes] kezhenxu94 commented on a diff in pull request #121: Add rust cargo support for dep command.
Posted by GitBox <gi...@apache.org>.
kezhenxu94 commented on code in PR #121:
URL: https://github.com/apache/skywalking-eyes/pull/121#discussion_r915861262
##########
pkg/deps/cargo.go:
##########
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package deps
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "regexp"
+
+ "github.com/apache/skywalking-eyes/internal/logger"
+)
+
+type CargoMetadata struct {
+ Packages []CargoPackage `json:"packages"`
+}
+
+type CargoPackage struct {
+ Name string `json:"name"`
+ Version string `json:"version"`
+ License string `json:"license"`
+ LicenseFile string `json:"license_file"`
+ ManifestPath string `json:"manifest_path"`
+}
+
+type CargoTomlResolver struct {
+ Resolver
+}
+
+func (resolver *CargoTomlResolver) CanResolve(file string) bool {
+ base := filepath.Base(file)
+ logger.Log.Debugln("Base name:", base)
+ return base == "Cargo.toml"
+}
+
+// Resolve resolves licenses of all dependencies declared in the Cargo.toml file.
+func (resolver *CargoTomlResolver) Resolve(cargoTomlFile string, config *ConfigDeps, report *Report) error {
+ dir := filepath.Dir(cargoTomlFile)
+
+ download := exec.Command("cargo", "fetch")
+ logger.Log.Debugf("Run command: %v, please wait", download.String())
+ download.Stdout = os.Stdout
+ download.Stderr = os.Stderr
+ download.Dir = dir
+ if err := download.Run(); err != nil {
+ return err
+ }
+
+ cmd := exec.Command("cargo", "metadata", "--format-version=1", "--all-features")
+ cmd.Dir = dir
+ output, err := cmd.Output()
+ if err != nil {
+ return err
+ }
+
+ var metadata CargoMetadata
+ if err := json.Unmarshal(output, &metadata); err != nil {
+ return err
+ }
+
+ logger.Log.Debugln("Package size:", len(metadata.Packages))
+
+ return resolver.ResolvePackages(metadata.Packages, config, report)
+}
+
+// ResolvePackages resolves the licenses of the given packages.
+func (resolver *CargoTomlResolver) ResolvePackages(packages []CargoPackage, config *ConfigDeps, report *Report) error {
+ for i := range packages {
+ pkg := packages[i]
+
+ if config.IsExcluded(pkg.Name, pkg.Version) {
+ continue
+ }
+ if l, ok := config.GetUserConfiguredLicense(pkg.Name, pkg.Version); ok {
+ report.Resolve(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: l,
+ Version: pkg.Version,
+ })
+ continue
+ }
+ err := resolver.ResolvePackageLicense(config, &pkg, report)
+ if err != nil {
+ logger.Log.Warnf("Failed to resolve the license of <%s@%s>: %v\n", pkg.Name, pkg.Version, err)
+ report.Skip(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: Unknown,
+ Version: pkg.Version,
+ })
+ }
+ }
+ return nil
+}
+
+var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.txt)?|LICENSE-.+|COPYING(\.txt)?$`)
+
+// ResolvePackageLicense resolve the package license.
+// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
+func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
+ if pkg.License == "" {
+ return fmt.Errorf("license is empty")
+ }
Review Comment:
Hi @jmjoy , I mean if `pkg.License != ""` we can just use `pkg.License` (no need to read its license file content and just return here), `if pkg.License == ""` we will try to find its license file and identify the license ID by the license file content
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-eyes] kezhenxu94 commented on a diff in pull request #121: Add rust cargo support for dep command.
Posted by GitBox <gi...@apache.org>.
kezhenxu94 commented on code in PR #121:
URL: https://github.com/apache/skywalking-eyes/pull/121#discussion_r915924263
##########
pkg/deps/cargo.go:
##########
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package deps
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "regexp"
+
+ "github.com/apache/skywalking-eyes/internal/logger"
+)
+
+type CargoMetadata struct {
+ Packages []CargoPackage `json:"packages"`
+}
+
+type CargoPackage struct {
+ Name string `json:"name"`
+ Version string `json:"version"`
+ License string `json:"license"`
+ LicenseFile string `json:"license_file"`
+ ManifestPath string `json:"manifest_path"`
+}
+
+type CargoTomlResolver struct {
+ Resolver
+}
+
+func (resolver *CargoTomlResolver) CanResolve(file string) bool {
+ base := filepath.Base(file)
+ logger.Log.Debugln("Base name:", base)
+ return base == "Cargo.toml"
+}
+
+// Resolve resolves licenses of all dependencies declared in the Cargo.toml file.
+func (resolver *CargoTomlResolver) Resolve(cargoTomlFile string, config *ConfigDeps, report *Report) error {
+ dir := filepath.Dir(cargoTomlFile)
+
+ download := exec.Command("cargo", "fetch")
+ logger.Log.Debugf("Run command: %v, please wait", download.String())
+ download.Stdout = os.Stdout
+ download.Stderr = os.Stderr
+ download.Dir = dir
+ if err := download.Run(); err != nil {
+ return err
+ }
+
+ cmd := exec.Command("cargo", "metadata", "--format-version=1", "--all-features")
+ cmd.Dir = dir
+ output, err := cmd.Output()
+ if err != nil {
+ return err
+ }
+
+ var metadata CargoMetadata
+ if err := json.Unmarshal(output, &metadata); err != nil {
+ return err
+ }
+
+ logger.Log.Debugln("Package size:", len(metadata.Packages))
+
+ return resolver.ResolvePackages(metadata.Packages, config, report)
+}
+
+// ResolvePackages resolves the licenses of the given packages.
+func (resolver *CargoTomlResolver) ResolvePackages(packages []CargoPackage, config *ConfigDeps, report *Report) error {
+ for i := range packages {
+ pkg := packages[i]
+
+ if config.IsExcluded(pkg.Name, pkg.Version) {
+ continue
+ }
+ if l, ok := config.GetUserConfiguredLicense(pkg.Name, pkg.Version); ok {
+ report.Resolve(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: l,
+ Version: pkg.Version,
+ })
+ continue
+ }
+ err := resolver.ResolvePackageLicense(config, &pkg, report)
+ if err != nil {
+ logger.Log.Warnf("Failed to resolve the license of <%s@%s>: %v\n", pkg.Name, pkg.Version, err)
+ report.Skip(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: Unknown,
+ Version: pkg.Version,
+ })
+ }
+ }
+ return nil
+}
+
+var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.txt)?|LICENSE-.+|COPYING(\.txt)?$`)
+
+// ResolvePackageLicense resolve the package license.
+// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
+func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
+ if pkg.License == "" {
+ return fmt.Errorf("license is empty")
+ }
Review Comment:
~~OK. Then we don't need this `if` statement. This will basically report a false negative case if the `pkg.license` field is empty but there is a license file in the crate~~
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-eyes] jmjoy commented on a diff in pull request #121: Add rust cargo support for dep command.
Posted by GitBox <gi...@apache.org>.
jmjoy commented on code in PR #121:
URL: https://github.com/apache/skywalking-eyes/pull/121#discussion_r915857235
##########
pkg/deps/cargo.go:
##########
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package deps
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "regexp"
+
+ "github.com/apache/skywalking-eyes/internal/logger"
+)
+
+type CargoMetadata struct {
+ Packages []CargoPackage `json:"packages"`
+}
+
+type CargoPackage struct {
+ Name string `json:"name"`
+ Version string `json:"version"`
+ License string `json:"license"`
+ LicenseFile string `json:"license_file"`
+ ManifestPath string `json:"manifest_path"`
+}
+
+type CargoTomlResolver struct {
+ Resolver
+}
+
+func (resolver *CargoTomlResolver) CanResolve(file string) bool {
+ base := filepath.Base(file)
+ logger.Log.Debugln("Base name:", base)
+ return base == "Cargo.toml"
+}
+
+// Resolve resolves licenses of all dependencies declared in the Cargo.toml file.
+func (resolver *CargoTomlResolver) Resolve(cargoTomlFile string, config *ConfigDeps, report *Report) error {
+ dir := filepath.Dir(cargoTomlFile)
+
+ download := exec.Command("cargo", "fetch")
+ logger.Log.Debugf("Run command: %v, please wait", download.String())
+ download.Stdout = os.Stdout
+ download.Stderr = os.Stderr
+ download.Dir = dir
+ if err := download.Run(); err != nil {
+ return err
+ }
+
+ cmd := exec.Command("cargo", "metadata", "--format-version=1", "--all-features")
+ cmd.Dir = dir
+ output, err := cmd.Output()
+ if err != nil {
+ return err
+ }
+
+ var metadata CargoMetadata
+ if err := json.Unmarshal(output, &metadata); err != nil {
+ return err
+ }
+
+ logger.Log.Debugln("Package size:", len(metadata.Packages))
+
+ return resolver.ResolvePackages(metadata.Packages, config, report)
+}
+
+// ResolvePackages resolves the licenses of the given packages.
+func (resolver *CargoTomlResolver) ResolvePackages(packages []CargoPackage, config *ConfigDeps, report *Report) error {
+ for i := range packages {
+ pkg := packages[i]
+
+ if config.IsExcluded(pkg.Name, pkg.Version) {
+ continue
+ }
+ if l, ok := config.GetUserConfiguredLicense(pkg.Name, pkg.Version); ok {
+ report.Resolve(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: l,
+ Version: pkg.Version,
+ })
+ continue
+ }
+ err := resolver.ResolvePackageLicense(config, &pkg, report)
+ if err != nil {
+ logger.Log.Warnf("Failed to resolve the license of <%s@%s>: %v\n", pkg.Name, pkg.Version, err)
+ report.Skip(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: Unknown,
+ Version: pkg.Version,
+ })
+ }
+ }
+ return nil
+}
+
+var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.txt)?|LICENSE-.+|COPYING(\.txt)?$`)
+
+// ResolvePackageLicense resolve the package license.
+// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
+func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
+ if pkg.License == "" {
+ return fmt.Errorf("license is empty")
+ }
Review Comment:
I wrote it with reference to `GoModResolver`, which returns an error, the calling place will warn and call `report.Skip`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-eyes] kezhenxu94 commented on a diff in pull request #121: Add rust cargo support for dep command.
Posted by GitBox <gi...@apache.org>.
kezhenxu94 commented on code in PR #121:
URL: https://github.com/apache/skywalking-eyes/pull/121#discussion_r915758622
##########
pkg/deps/cargo.go:
##########
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package deps
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "regexp"
+
+ "github.com/apache/skywalking-eyes/internal/logger"
+)
+
+type CargoMetadata struct {
+ Packages []CargoPackage `json:"packages"`
+}
+
+type CargoPackage struct {
+ Name string `json:"name"`
+ Version string `json:"version"`
+ License string `json:"license"`
+ LicenseFile string `json:"license_file"`
+ ManifestPath string `json:"manifest_path"`
+}
+
+type CargoTomlResolver struct {
+ Resolver
+}
+
+func (resolver *CargoTomlResolver) CanResolve(file string) bool {
+ base := filepath.Base(file)
+ logger.Log.Debugln("Base name:", base)
+ return base == "Cargo.toml"
+}
+
+// Resolve resolves licenses of all dependencies declared in the Cargo.toml file.
+func (resolver *CargoTomlResolver) Resolve(cargoTomlFile string, config *ConfigDeps, report *Report) error {
+ dir := filepath.Dir(cargoTomlFile)
+
+ download := exec.Command("cargo", "fetch")
+ logger.Log.Debugf("Run command: %v, please wait", download.String())
+ download.Stdout = os.Stdout
+ download.Stderr = os.Stderr
+ download.Dir = dir
+ if err := download.Run(); err != nil {
+ return err
+ }
+
+ cmd := exec.Command("cargo", "metadata", "--format-version=1", "--all-features")
+ cmd.Dir = dir
+ output, err := cmd.Output()
+ if err != nil {
+ return err
+ }
+
+ var metadata CargoMetadata
+ if err := json.Unmarshal(output, &metadata); err != nil {
+ return err
+ }
+
+ logger.Log.Debugln("Package size:", len(metadata.Packages))
+
+ return resolver.ResolvePackages(metadata.Packages, config, report)
+}
+
+// ResolvePackages resolves the licenses of the given packages.
+func (resolver *CargoTomlResolver) ResolvePackages(packages []CargoPackage, config *ConfigDeps, report *Report) error {
+ for i := range packages {
+ pkg := packages[i]
+
+ if config.IsExcluded(pkg.Name, pkg.Version) {
+ continue
+ }
+ if l, ok := config.GetUserConfiguredLicense(pkg.Name, pkg.Version); ok {
+ report.Resolve(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: l,
+ Version: pkg.Version,
+ })
+ continue
+ }
+ err := resolver.ResolvePackageLicense(config, &pkg, report)
+ if err != nil {
+ logger.Log.Warnf("Failed to resolve the license of <%s@%s>: %v\n", pkg.Name, pkg.Version, err)
+ report.Skip(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: Unknown,
+ Version: pkg.Version,
+ })
+ }
+ }
+ return nil
+}
+
+var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.txt)?|LICENSE-.+|COPYING(\.txt)?$`)
+
+// ResolvePackageLicense resolve the package license.
+// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
+func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
+ if pkg.License == "" {
+ return fmt.Errorf("license is empty")
+ }
Review Comment:
Should be this?
```suggestion
if pkg.License != "" {
report.Resolve(&Result{
Dependency: pkg.Name,
LicenseSpdxID: pkg.License,
Version: pkg.Version,
})
return nil
}
```
If there is an explicit license ID, I think we can just use them
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-eyes] kezhenxu94 commented on a diff in pull request #121: Add rust cargo support for dep command.
Posted by GitBox <gi...@apache.org>.
kezhenxu94 commented on code in PR #121:
URL: https://github.com/apache/skywalking-eyes/pull/121#discussion_r915932560
##########
pkg/deps/cargo.go:
##########
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package deps
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "regexp"
+
+ "github.com/apache/skywalking-eyes/internal/logger"
+)
+
+type CargoMetadata struct {
+ Packages []CargoPackage `json:"packages"`
+}
+
+type CargoPackage struct {
+ Name string `json:"name"`
+ Version string `json:"version"`
+ License string `json:"license"`
+ LicenseFile string `json:"license_file"`
+ ManifestPath string `json:"manifest_path"`
+}
+
+type CargoTomlResolver struct {
+ Resolver
+}
+
+func (resolver *CargoTomlResolver) CanResolve(file string) bool {
+ base := filepath.Base(file)
+ logger.Log.Debugln("Base name:", base)
+ return base == "Cargo.toml"
+}
+
+// Resolve resolves licenses of all dependencies declared in the Cargo.toml file.
+func (resolver *CargoTomlResolver) Resolve(cargoTomlFile string, config *ConfigDeps, report *Report) error {
+ dir := filepath.Dir(cargoTomlFile)
+
+ download := exec.Command("cargo", "fetch")
+ logger.Log.Debugf("Run command: %v, please wait", download.String())
+ download.Stdout = os.Stdout
+ download.Stderr = os.Stderr
+ download.Dir = dir
+ if err := download.Run(); err != nil {
+ return err
+ }
+
+ cmd := exec.Command("cargo", "metadata", "--format-version=1", "--all-features")
+ cmd.Dir = dir
+ output, err := cmd.Output()
+ if err != nil {
+ return err
+ }
+
+ var metadata CargoMetadata
+ if err := json.Unmarshal(output, &metadata); err != nil {
+ return err
+ }
+
+ logger.Log.Debugln("Package size:", len(metadata.Packages))
+
+ return resolver.ResolvePackages(metadata.Packages, config, report)
+}
+
+// ResolvePackages resolves the licenses of the given packages.
+func (resolver *CargoTomlResolver) ResolvePackages(packages []CargoPackage, config *ConfigDeps, report *Report) error {
+ for i := range packages {
+ pkg := packages[i]
+
+ if config.IsExcluded(pkg.Name, pkg.Version) {
+ continue
+ }
+ if l, ok := config.GetUserConfiguredLicense(pkg.Name, pkg.Version); ok {
+ report.Resolve(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: l,
+ Version: pkg.Version,
+ })
+ continue
+ }
+ err := resolver.ResolvePackageLicense(config, &pkg, report)
+ if err != nil {
+ logger.Log.Warnf("Failed to resolve the license of <%s@%s>: %v\n", pkg.Name, pkg.Version, err)
+ report.Skip(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: Unknown,
+ Version: pkg.Version,
+ })
+ }
+ }
+ return nil
+}
+
+var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.txt)?|LICENSE-.+|COPYING(\.txt)?$`)
+
+// ResolvePackageLicense resolve the package license.
+// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
+func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
+ if pkg.License == "" {
+ return fmt.Errorf("license is empty")
+ }
Review Comment:
The basic idea to identify the license is
1. Obtain from the metadata of the package, if they already have the license id, we'd just use it, otherwise
2. Try to find the license file in the package, and try to identify the license id from the license file content.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [skywalking-eyes] jmjoy commented on a diff in pull request #121: Add rust cargo support for dep command.
Posted by GitBox <gi...@apache.org>.
jmjoy commented on code in PR #121:
URL: https://github.com/apache/skywalking-eyes/pull/121#discussion_r915938125
##########
pkg/deps/cargo.go:
##########
@@ -0,0 +1,154 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package deps
+
+import (
+ "encoding/json"
+ "fmt"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "regexp"
+
+ "github.com/apache/skywalking-eyes/internal/logger"
+)
+
+type CargoMetadata struct {
+ Packages []CargoPackage `json:"packages"`
+}
+
+type CargoPackage struct {
+ Name string `json:"name"`
+ Version string `json:"version"`
+ License string `json:"license"`
+ LicenseFile string `json:"license_file"`
+ ManifestPath string `json:"manifest_path"`
+}
+
+type CargoTomlResolver struct {
+ Resolver
+}
+
+func (resolver *CargoTomlResolver) CanResolve(file string) bool {
+ base := filepath.Base(file)
+ logger.Log.Debugln("Base name:", base)
+ return base == "Cargo.toml"
+}
+
+// Resolve resolves licenses of all dependencies declared in the Cargo.toml file.
+func (resolver *CargoTomlResolver) Resolve(cargoTomlFile string, config *ConfigDeps, report *Report) error {
+ dir := filepath.Dir(cargoTomlFile)
+
+ download := exec.Command("cargo", "fetch")
+ logger.Log.Debugf("Run command: %v, please wait", download.String())
+ download.Stdout = os.Stdout
+ download.Stderr = os.Stderr
+ download.Dir = dir
+ if err := download.Run(); err != nil {
+ return err
+ }
+
+ cmd := exec.Command("cargo", "metadata", "--format-version=1", "--all-features")
+ cmd.Dir = dir
+ output, err := cmd.Output()
+ if err != nil {
+ return err
+ }
+
+ var metadata CargoMetadata
+ if err := json.Unmarshal(output, &metadata); err != nil {
+ return err
+ }
+
+ logger.Log.Debugln("Package size:", len(metadata.Packages))
+
+ return resolver.ResolvePackages(metadata.Packages, config, report)
+}
+
+// ResolvePackages resolves the licenses of the given packages.
+func (resolver *CargoTomlResolver) ResolvePackages(packages []CargoPackage, config *ConfigDeps, report *Report) error {
+ for i := range packages {
+ pkg := packages[i]
+
+ if config.IsExcluded(pkg.Name, pkg.Version) {
+ continue
+ }
+ if l, ok := config.GetUserConfiguredLicense(pkg.Name, pkg.Version); ok {
+ report.Resolve(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: l,
+ Version: pkg.Version,
+ })
+ continue
+ }
+ err := resolver.ResolvePackageLicense(config, &pkg, report)
+ if err != nil {
+ logger.Log.Warnf("Failed to resolve the license of <%s@%s>: %v\n", pkg.Name, pkg.Version, err)
+ report.Skip(&Result{
+ Dependency: pkg.Name,
+ LicenseSpdxID: Unknown,
+ Version: pkg.Version,
+ })
+ }
+ }
+ return nil
+}
+
+var cargoPossibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.txt)?|LICENSE-.+|COPYING(\.txt)?$`)
+
+// ResolvePackageLicense resolve the package license.
+// The CargoPackage.LicenseFile is generally used for non-standard licenses and is ignored now.
+func (resolver *CargoTomlResolver) ResolvePackageLicense(config *ConfigDeps, pkg *CargoPackage, report *Report) error {
+ if pkg.License == "" {
+ return fmt.Errorf("license is empty")
+ }
Review Comment:
Thanks, it's better, just push to the patch to my branch? Because I open the `Allow edits and access to secrets by maintainers`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@skywalking.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org