Skip to content

Add GH Action to check file headers #106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jul 21, 2022
Merged

Add GH Action to check file headers #106

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
a2eca57
Enable license finder & header scan
mocsharp Jul 19, 2022
64d52b5
Update files with full Apache-2.0 text
mocsharp Jul 19, 2022
f024b8b
Update CONTRIBUTING with license/package scanning info
mocsharp Jul 20, 2022
416f95b
Fix copyright years
mocsharp Jul 20, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
15 changes: 15 additions & 0 deletions .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,17 @@
# Copyright 2022 MONAI Consortium
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

.github/
.docs/
.demos/
Expand Down Expand Up @@ -51,6 +65,7 @@ bld/
!**/packages/build/
# Uncomment if necessary however generally it will be regenerated when needed
#!**/packages/repositories.config

# NuGet v3's project.json files produces more ignoreable files
*.nuget.props
*.nuget.targets
Expand Down
14 changes: 14 additions & 0 deletions .editorconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,17 @@
# Copyright 2022 MONAI Consortium
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# editorconfig.org

# top-most EditorConfig file
Expand Down
15 changes: 13 additions & 2 deletions .github/.gitversion.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,16 @@
# SPDX-FileCopyrightText: � 2021-2022 MONAI Consortium
# SPDX-License-Identifier: Apache License 2.0
# Copyright 2021-2022 MONAI Consortium
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

assembly-versioning-scheme: MajorMinorPatchTag
mode: ContinuousDelivery
Expand Down
3 changes: 2 additions & 1 deletion .github/pull_request_template.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
### Description

Fixes # .

### Description
A few sentences describing the changes proposed in this pull request.

### Status
Expand Down
27 changes: 25 additions & 2 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,16 @@
# SPDX-FileCopyrightText: © 2021-2022 MONAI Consortium
# SPDX-License-Identifier: Apache License 2.0
# Copyright 2021-2022 MONAI Consortium
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.


name: ci
Expand Down Expand Up @@ -60,10 +71,16 @@ jobs:
uses: actions/checkout@v2
with:
fetch-depth: 0

- uses: actions/setup-dotnet@v1
with:
dotnet-version: "6.0.x"

- name: Install License Finder tool with Homebrew
uses: tecoli-com/actions-use-homebrew-tools@v0
with:
tools: licensefinder

- name: Enable NuGet cache
uses: actions/[email protected]
with:
Expand Down Expand Up @@ -99,6 +116,12 @@ jobs:

- name: Secret detection
uses: gitleaks/[email protected]

- name: Perform License Scanning
run: license_finder -r
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this need the allowlist adding? Also does it need a mention in the README how it can be added to?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good call! I have updated CONTRIBUTING.md with information on license/package scanning!


- name: Check License Header
uses: apache/skywalking-eyes@main

unit-test:
runs-on: ubuntu-latest
Expand Down
13 changes: 13 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,16 @@
# Copyright 2022 MONAI Consortium
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Created by https://www.toptal.com/developers/gitignore/api/aspnetcore,dotnetcore,visualstudio,visualstudiocode
# Edit at https://www.toptal.com/developers/gitignore?templates=aspnetcore,dotnetcore,visualstudio,visualstudiocode
Expand Down
52 changes: 52 additions & 0 deletions .licenserc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# Copyright 2022 MONAI Consortium
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

header:
license:
spdx-id: Apache-2.0
copyright-owner: MONAI Consortium

paths-ignore:
- 'LICENSE'
- '.github/**/*.md'
- '**/*.log'
- '**/bin/**'
- '**/obj/**'
- '**/*.json'
- '**/*.ruleset'
- 'src/.sonarlint/**'
- 'src/coverlet.runsettings'
- 'demos/**/.env/**'
- 'docs/templates/**'
- 'tests/Integration.Test/*.dev'

comment: on-failure

# license-location-threshold specifies the index threshold where the license header can be located,
# after all, a "header" cannot be TOO far from the file start.
license-location-threshold: 80

language:
VSSoluation:
extensions:
- ".sln"
comment_style_id: AngleBracket
GherkinFeature:
extensions:
- ".feature"
comment_style_id: Hashtag
Config:
extensions:
- ".conf"
comment_style_id: Hashtag
15 changes: 13 additions & 2 deletions CODE_OF_CONDUCT.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,17 @@
<!--
SPDX-FileCopyrightText: © 2021-2022 MONAI Consortium
SPDX-License-Identifier: Apache License 2.0
~ Copyright 2021-2022 MONAI Consortium
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->

# Contributor Covenant Code of Conduct
Expand Down
78 changes: 66 additions & 12 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,19 @@
<!--
SPDX-FileCopyrightText: © 2021-2022 MONAI Consortium
SPDX-License-Identifier: Apache License 2.0
~ Copyright 2021-2022 MONAI Consortium
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->

- [Introduction](#introduction)
- [Communicate with us](#communicate-with-us)
- [The contribution process](#the-contribution-process)
Expand Down Expand Up @@ -77,18 +89,60 @@ An [EditorConfig](https://editorconfig.org "EditorConfig homepage") file (`.edit
All source code files should start with this paragraph:

```
// Copyright <YEAR FROM-YEAR TO> MONAI Consortium
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
/*
* Copyright YYYY[-YYYY] MONAI Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

```
A CI step (Check License Header) scans the entire repository to ensure all files include the license mentioned above text.

Please refer to [skywalking-eyes](https://github.com/apache/skywalking-eyes) on how to execute the tool locally and use the [.licenserc.yaml](./.licenserc.yaml) to configure scanning options.

###### License Scanning

We operate under the Apache 2.0 license, meaning we can only use packages with specific permissive licenses. Below are the lists of permits we can/maybe can allow.

**Green list** (Can be committed without approval)

- MIT
- Apache 2.0
- Dotnet

**Amber list** (Requires approval from the maintainers)

- BSD

**Red list** (Cannot be used)

- Anything other than the above

No matter the license of the new package that is added, you will notice that the CI license scanner (Perform License Scanning step) will fail and state that the dependency needs approval. This CI step is to ensure that no packages slip through unchecked. When this happens, if your package's license is on the green-list, you can add it to the allow-list at [doc/dependency_decision.yml](./doc/dependency_decisions.yml) with the below template.

```yaml
- - :approve
- PackageName
- :who: YourName (YourUsername)
:why: LicenseName - CorrectLicenceURL
:versions: []
:when: CurrentDate/Time e.g. 2022-04-14 09:14:32
```

If your package is on the Amber list, please make a maintainer aware and let them go through the review process before adding it to the allowlist.

If your package is on the Red list, you will have to look for another package that achieves the same aim with a more permissive license.

#### Test Projects

All C# projects reside in their directory, including a `Tests/` subdirectory.
Expand Down
15 changes: 13 additions & 2 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,16 @@
# SPDX-FileCopyrightText: © 2021-2022 MONAI Consortium
# SPDX-License-Identifier: Apache License 2.0
# Copyright 2021-2022 MONAI Consortium
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

FROM mcr.microsoft.com/dotnet/sdk:6.0-focal as build

Expand Down
15 changes: 13 additions & 2 deletions GitReleaseManager.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,16 @@
# SPDX-FileCopyrightText: © 2021-2022 MONAI Consortium
# SPDX-License-Identifier: Apache License 2.0
# Copyright 2021-2022 MONAI Consortium
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

issue-labels-include:
- breaking
Expand Down
17 changes: 14 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,18 @@
<!--
// SPDX-FileCopyrightText: © 2021-2022 MONAI Consortium
// SPDX-License-Identifier: Apache License 2.0
-->
~ Copyright 2021-2022 MONAI Consortium
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->

<p align="center">
<img src="https://raw.githubusercontent.com/Project-MONAI/MONAI/dev/docs/images/MONAI-logo-color.png" width="50%" alt='project-monai'>
Expand Down
15 changes: 13 additions & 2 deletions codecov.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,16 @@
# SPDX-FileCopyrightText: � 2021-2022 MONAI Consortium
# SPDX-License-Identifier: Apache License 2.0
# Copyright 2021-2022 MONAI Consortium
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

codecov:
require_ci_to_pass: yes
Expand Down
Loading