eclipse-kuksa · SebastianSchildt · Sep 12, 2023 · Sep 8, 2023 · Sep 11, 2023 · Sep 11, 2023
diff --git a/.github/actions/check-dash/action.yml b/.github/actions/check-dash/action.yml
@@ -0,0 +1,30 @@
+name: Checking dependencies with dash-license tool
+description: Check an input file via dash, and archive report. Print output in build step summary. Requires wget and an JRE on the runner
+
+inputs:
+  dashinput:
+    required: true
+    type: string
+    description: "Dash Input file"
+
+
+runs:
+  using: "composite"
+  steps:
+    - name: "Run Dash"
+      shell: bash
+      run: |
+        wget -O dash.jar "https://repo.eclipse.org/service/local/artifact/maven/redirect?r=dash-licenses&g=org.eclipse.dash&a=org.eclipse.dash.licenses&v=LATEST"
+        java -jar dash.jar -summary ${{ inputs.dashinput }}.report  ${{ inputs.dashinput }} > ${{ inputs.dashinput }}.out 2>&1 || true
+        echo -e "Dash output: \n\`\`\` " >> $GITHUB_STEP_SUMMARY
+        cat ${{ inputs.dashinput }}.out >> $GITHUB_STEP_SUMMARY
+        echo -e "\n\`\`\`"
+
+    - name: "Archive dash artifacts"
+      uses: actions/upload-artifact@v3
+      with:
+        name: "Dash data"
+        path: |
+          ${{ inputs.dashinput }}
+          ${{ inputs.dashinput }}.report
+          ${{ inputs.dashinput }}.out
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -19,6 +19,14 @@ jobs:
       - name: Setup Gradle
         uses: gradle/gradle-build-action@v2
 
+      - name: Create Dash Dependency Report
+        run: ./gradlew mergeDashFiles
+
+      - name: Dash license check
+        uses: ./.github/actions/check-dash
+        with:
+          dashinput: ${{github.workspace}}/build/oss/all/all-dependencies.txt
+
       - name: Run 'assemble' with Gradle Wrapper
         run: ./gradlew assemble
 

diff --git a/build.gradle.kts b/build.gradle.kts
@@ -1,3 +1,24 @@
+/*
+ * Copyright (c) 2023 Contributors to the Eclipse Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ */
+
+import org.jetbrains.kotlin.incremental.createDirectory
+
 plugins {
     base
     detekt
@@ -6,6 +27,7 @@ plugins {
 subprojects {
     apply {
         plugin("ktlint")
+        from("$rootDir/dash.gradle.kts")
     }
     afterEvaluate {
         tasks.check {
@@ -22,3 +44,40 @@ subprojects {
         systemProperties = systemPropertiesMap
     }
 }
+
+tasks.register("mergeDashFiles") {
+    group = "oss"
+
+    dependsOn(
+        subprojects.map { subproject ->
+            subproject.tasks.getByName("createDashFile")
+        },
+    )
+
+    doLast {
+        val sortedLinesSet = sortedSetOf<String>()
+        files("build/oss").asFileTree.forEach { file ->
+            if (file.name != "dependencies.txt") return@forEach
+
+            file.useLines {
+                sortedLinesSet.addAll(it)
+            }
+        }
+
+        val folder = File("$rootDir/build/oss/all")
+        folder.createDirectory()
+
+        val file = File("$folder/all-dependencies.txt")
+        if (file.exists()) {
+            file.delete()
+        }
+        file.createNewFile()
+
+        val bufferedWriter = file.bufferedWriter()
+        bufferedWriter.use { writer ->
+            sortedLinesSet.forEach { line ->
+                writer.write(line + System.lineSeparator())
+            }
+        }
+    }
+}
diff --git a/buildSrc/src/main/kotlin/detekt.gradle.kts b/buildSrc/src/main/kotlin/detekt.gradle.kts
@@ -3,7 +3,7 @@ import io.gitlab.arturbosch.detekt.DetektCreateBaselineTask
 import org.gradle.kotlin.dsl.dependencies
 import org.gradle.kotlin.dsl.withType
 
-val baselineFile = project.file("$rootDir/config/detekt/baseline/${project.name}.xml")
+val baselineFile = project.file("$rootDir/config/detekt/baseline.xml")
 
 plugins {
     id("io.gitlab.arturbosch.detekt") // see https://github.com/detekt/detekt

diff --git a/buildscripts/dash.sh b/buildscripts/dash.sh
@@ -0,0 +1,58 @@
+#
+# Copyright (c) 2023 Contributors to the Eclipse Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+#
+
+projectName=$1
+folder=build/oss/"$projectName"
+fileName=dependencies.txt
+
+mkdir -p "$folder"
+
+# dependencies may look like the following:
+# androidx.compose.ui:ui-test-manifest -> 1.5.0
+# org.jetbrains.kotlin:kotlin-stdlib:1.9.0
+# androidx.activity:activity:1.2.1 -> 1.7.2 (*)
+# androidx.compose.ui:ui:1.5.0 (c)
+# androidx.compose.ui:ui-tooling (n)
+# androidx.compose.ui:ui-tooling FAILED
+
+# https://github.com/eclipse/dash-licenses#example-gradle
+
+# the following adaptions were done:
+# - filter entries marked with (n) = not resolvable
+# - filter entries marked FAILED
+# - filter entries referencing a (sub-)project
+# - change normalization step to be compatible with jetpack compose (androidx.compose.ui:ui-test-manifest -> 1.5.0)
+
+unameOut="$(uname -s)"
+case "${unameOut}" in
+    Linux*)     GREP="grep";; # Linux
+    Darwin*)    GREP="ggrep";; # Mac
+    *)          GREP="UNKNOWN:${unameOut}"
+esac
+echo "${GREP}"
+
+./gradlew "$projectName":dependencies \
+| ${GREP} -Poh "(?<=\-\-\- ).*" \
+| ${GREP} -Pv "\([nc\*]\)" \
+| ${GREP} -Pv "FAILED" \
+| ${GREP} -Pv "project :[a-zA-Z0-9]+" \
+| perl -pe 's/([\w\.\-]+):([\w\.\-]+):(?:[\w\.\-]+ -> )?([\w\.\-]+).*$/$1:$2:$3/gmi;t' \
+| perl -pe 's/([\w\.\-]+):([\w\.\-]+) -> ([\w\.\-]+).*$/$1:$2:$3/gmi;t' \
+| sort -u \
+> "$folder"/"$fileName"
diff --git a/config/detekt/baseline/kuksa-sdk-android.xml → config/detekt/baseline.xml b/config/detekt/baseline/kuksa-sdk-android.xml → config/detekt/baseline.xml
diff --git a/dash.gradle.kts b/dash.gradle.kts
@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2023 Contributors to the Eclipse Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ */
+
+tasks.register<Exec>("createDashFile") {
+    group = "oss"
+
+    workingDir("$rootDir")
+    commandLine("buildscripts/dash.sh")
+    args(project.name)
+}