Google Git
Sign in
pigweed/third_party/github/bazelbuild/rules_license/10314dc4a50a7cf3ccf304e502f00687dbb4ad6b
commit
10314dc4a50a7cf3ccf304e502f00687dbb4ad6b
[log]
author
Adam Azarchs <adam.azarchs@10xgenomics.com>
Tue Oct 22 11:46:15 2024 -0700
committer
Adam Azarchs <adam.azarchs@10xgenomics.com>
Tue Oct 22 11:46:15 2024 -0700
tree
837b78757e2f8d61d13068227066f01a6d416392
parent
773826cabae88c79388e3cad25795a9801580dfe [diff]
fix: allow license_text=None in license declaration

There are many situations where the license kind is known but no license
file is available, e.g. some wheels downloaded from PyPi.

There are good reasons why one might want to prohibit that from a policy
perspective, but enforcing that policy is not the job of the license
rule itself, and the provided error message is not especially helpful
(and clearly not the intended outcome).

This doesn't alter the macro wrapper.  Any target that would be affected
by this change would have already been failing to build.

Closes #31
1 file changed
tree: 837b78757e2f8d61d13068227066f01a6d416392
  1. .bazelci/
  2. .github/
  3. admin/
  4. distro/
  5. doc_build/
  6. docs/
  7. examples/
  8. licenses/
  9. rules/
  10. rules_gathering/
  11. sample_reports/
  12. tests/
  13. tools/
  14. .gitignore
  15. BUILD
  16. CODEOWNERS
  17. deps.bzl
  18. LICENSE
  19. MODULE.bazel
  20. README.md
  21. version.bzl
  22. WORKSPACE
  23. WORKSPACE.bzlmod
README.md

rules_license

CI: Build status

This repository contains a set of rules and tools for

  • declaring metadata about packages, such as
    • the licenses the package is available under
    • the canonical package name and version
    • copyright information
    • ... and more TBD in the future
  • gathering license declarations into artifacts to ship with code
  • applying organization specific compliance constriants against the set of packages used by a target.
  • producing SBOMs for built artifacts.

WARNING: The code here is still in active initial development and will churn a lot.

Contact

If you want to follow along:

Roadmap

Last update: October 22, 2023

Q4 2023

  • Reference implementation for “packages used” tool
    • produce JSON output usable for SBOM generation or other compliance reporting.
  • Reference implementation for an SPDX SBOMM generator
    • Support for reading bzlmod lock file
    • Support for reading maven lock file
  • “How To” guides
    • produce a license audit
    • produce an SBOM

Q1 2024

  • Add support for other package manager lock file formats
    • ? Python
    • Golang
    • NodeJS
  • More SPDX SBOM fields
    • support for including vendor SBOMs

Beyond

  • Performance improvements

  • Sub-SBOMs for tools

  • TBD

Background reading:

These is for learning about the problem space, and our approach to solutions. Concrete specifications will always appear in checked in code rather than documents.