Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[che-code] Add a GitHub job to check licenses for using libraries for PRs #23363

Open
olexii4 opened this issue Feb 25, 2025 · 13 comments · May be fixed by che-incubator/che-code#527
Open

[che-code] Add a GitHub job to check licenses for using libraries for PRs #23363

olexii4 opened this issue Feb 25, 2025 · 13 comments · May be fixed by che-incubator/che-code#527
Assignees
@olexii4
Labels
area/editors kind/enhancement A feature request - must adhere to the feature request template. severity/P2 Has a minor but important impact to the usage or development of the system. team/B This team is responsible for the Web Terminal, the DevWorkspace Operator and the IDEs.

Comments

@olexii4
Copy link
Contributor

olexii4 commented Feb 25, 2025

Is your enhancement related to a problem? Please describe

It will be useful to have an automatic license check for using libraries for each PR

Describe the solution you'd like

Add a GitHub job to check licenses for using libraries for PRs.

Describe alternatives you've considered

No response

Additional context

No response
@olexii4 olexii4 added the kind/enhancement A feature request - must adhere to the feature request template. label Feb 25, 2025
@olexii4 olexii4 self-assigned this Feb 25, 2025
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Feb 25, 2025
@tolusha
Copy link
Contributor

tolusha commented Feb 25, 2025

Hello @olexii4
Do you have examples such of jub for NodeJs project ?

@RomanNikitenko
Copy link
Member

@olexii4

  • 99 % of the che-code dependencies are VS Code dependencies.
  • I believe che-code dependencies should be as close to upstream as possible - this guarantees stability of the che-code assembly

So, could you clarify please:

  • what's the benefit of adding this Github check?
  • are you going to support that Github check?
  • let's say you are going to change just a version of a lib - but actually - it's VS Code dependency - are you going to contribute such change directly to the upstream? If so - then probably it makes sense to propose adding this Github action to VS Code?

I just want to get a whole picture...
thanks in advance for your answers!

@tolusha tolusha added severity/P2 Has a minor but important impact to the usage or development of the system. area/editors team/B This team is responsible for the Web Terminal, the DevWorkspace Operator and the IDEs. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Feb 26, 2025
@olexii4
Copy link
Contributor Author

olexii4 commented Mar 11, 2025
edited
Loading

@RomanNikitenko As Eclipse-Che developers, we are responsible for the third-party software components used in your product. So, we need to be sure about the licenses. We need to know about the license issues before we provide our product to customers. It is our responsibility.

We will see all the licenses. If we find a license issue, we can discuss and decide what to do about it. We need to know what we will use in our product.

Do you agree with this?

@ibuziuk WDYT?

@RomanNikitenko
Copy link
Member

@olexii4
My point is:

  • 99 % of the che-code dependencies are VS Code dependencies
  • che-code dependencies should be as close to the upstream as possible - it's question of the che-code assembly stability

@olexii4 olexii4 linked a pull request Mar 11, 2025 that will close this issue
Draft
3 tasks
@olexii4
Copy link
Contributor Author

olexii4 commented Mar 11, 2025

@tolusha I prepare a draft PR as a sample che-incubator/che-code#527

@olexii4
Copy link
Contributor Author

olexii4 commented Mar 11, 2025

@olexii4 My point is:

  • 99 % of the che-code dependencies are VS Code dependencies
  • che-code dependencies should be as close to the upstream as possible - it's question of the che-code assembly stability

@RomanNikitenko It is a problem of a 'che-editor'. VS Code just a one third-party software components that is used as one of our 'che-editor'.

@RomanNikitenko
Copy link
Member

@olexii4

VS Code just a one third-party software components that is used as one of our 'che-editor'.

this component hardly depends on the upstream

but sorry, I just trying to understand what is the plan

let's say a dependency is added on the VS Code side (as usual)
this check is failed for that dependency

what's the plan?

  • reimplement the corresponding logic using another dependency?

@olexii4
Copy link
Contributor Author

olexii4 commented Mar 12, 2025
edited
Loading

@RomanNikitenko We have several che-editors, one of which is che-code which depends on third-party software components(VS Code).
I suggest adding an automatic check of the license when updating third-party software components. After this check, we could analyze the results and discuss what to do with it.

@ibuziuk Is it worth having this information before product release? WDYT?

@RomanNikitenko
Copy link
Member

RomanNikitenko commented Mar 12, 2025
edited
Loading

@olexii4
as far as I understand there is a ready for review report in your draft https://github.com/che-incubator/che-code/pull/527/files
could you analyze that report and provide your review for it?

do you have any thoughts/suggestions about my question in the previous comment?

@ibuziuk
Copy link
Member

ibuziuk commented Mar 13, 2025

Since we are part of the Eclipse Foundation, we should fall back on the official tools and processes

@RomanNikitenko
Copy link
Member

RomanNikitenko commented Mar 13, 2025
edited
Loading

I don't know if it matters in this matter, but:

  • che-code was moved from the eclipse-che to the che-incubator
  • maybe it was done as che-code - is a fork of the VS Code and as I mentioned above 99 % deps - are VS Code deps

anyway, it looks like no one has the answer on the question - what is the plan about those VS Code dependencies...(see #23363 (comment))

@ibuziuk
Copy link
Member

ibuziuk commented Mar 13, 2025

is a fork of the VS Code, and as I mentioned above 99 % deps - are VS Code deps

@RomanNikitenko it would be interesting, though to track 1% somehow - for VS Code deps we should be safe and piggyback on Visual Studio Code - Open Source ("Code - OSS") which is MIT

@RomanNikitenko
Copy link
Member

is a fork of the VS Code, and as I mentioned above 99 % deps - are VS Code deps

@RomanNikitenko it would be interesting, though to track 1% somehow - for VS Code deps we should be safe and piggyback on Visual Studio Code - Open Source ("Code - OSS") which is MIT

for this goal, I believe, it's enough to track few extensions with the che- prefix: https://github.com/che-incubator/che-code/tree/main/code/extensions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@olexii4 olexii4

Labels
area/editors kind/enhancement A feature request - must adhere to the feature request template. severity/P2 Has a minor but important impact to the usage or development of the system. team/B This team is responsible for the Web Terminal, the DevWorkspace Operator and the IDEs.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add license check olexii4/che-code
5 participants
@ibuziuk @tolusha @RomanNikitenko @olexii4 @che-bot