Python client: add license check #2580
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MonkeyCanCode
requested review from
HonahX,
eric-maynard,
flyrain and
snazy
flyrain
approved these changes
Sep 17, 2025
Contributor
flyrain
left a comment
flyrain
left a comment
There was a problem hiding this comment.
+1 Thanks for working on it, @MonkeyCanCode !
github-project-automation
bot
moved this from PRs In Progress
to Ready to merge
in Basic Kanban Board
HonahX
approved these changes
Sep 17, 2025
Contributor
HonahX
left a comment
HonahX
left a comment
There was a problem hiding this comment.
LGTM! Thanks for working on this.
I've verified this can catch non-supported license in deps. e.g.
--- Starting license compliance check ---
license GNU Lesser General Public License v2 or later (LGPLv2+) not in allow-only licenses was found for package chardet:5.2.0
make: *** [client-license-check] Error 1
| .PHONY: client-license-check | ||
| client-license-check: client-setup-env ## Run license compliance check | ||
| @echo "--- Starting license compliance check ---" | ||
| @$(ACTIVATE_AND_CD) && pip-licenses |
Contributor
There was a problem hiding this comment.
Somehow this does not work for me in an old poetry environment.
pip-licenses: command not found
But I've verified that a clean install will work.
Contributor
Author
There was a problem hiding this comment.
Maybe the previous poetry env doesn't have this dependency installed as I added it last night via this PR. In case if u want that env to work, u can source the venv then run poetry command to install all again.
Contributor
There was a problem hiding this comment.
Yeah I ran make install-dependencies and I saw poetry explicitly said it installed pip-licenses yet it still could not found it. Could be some other weird issue in that env. So I ends up using a clean environment to verify : )
Using poetry run pip-licenses will work btw
github-project-automation
bot
moved this from Ready to merge
to Done
in Basic Kanban Board
Member
|
@MonkeyCanCode the merge broke CI on |
Member
NVM, merged your fix. |
snazy
added a commit
to snazy/polaris
that referenced
this pull request
Nov 20, 2025
* Avoid exceptions on ETag matches (apache#2578) Exceptions have runtime overhead, which is avoidable in this case. * Publish build scans to develocity.apache.org for build insights (apache#2559) * Site: add a blog for apache doris and polaris integration (apache#2571) * Bump: iceberg 1.10 (apache#2586) * Python client: add license check (apache#2580) * Python client: add license check * Python client: add license check * Python client: add license check * test * Enable license check * Fix license check for cryptography (apache#2591) * Update plugin com.gradle.common-custom-user-data-gradle-plugin to v2.4.0 (apache#2582) * Update plugin com.gradle.develocity to v4.2 (apache#2583) * Build: remove unnecessary openapigenerator plugin usages (apache#2592) * docs(changelog): Update the Changelog with 1.0.1, 1.0.0, & 0.9.0 Releases (apache#2587) * Revert "Update plugin com.gradle.develocity to v4.2 (apache#2583)" (apache#2594) This reverts commit 8cc0fad, build scans are not published to the ASF Develocity instance. * Add security report page on the website (apache#2538) This closes apache#2521 * CI: Fix Gradle cache usages (apache#2593) The GH action `ci-incr-build-cache-prepare` calls the `setup-gradle` action with the "right" parameters, so the call of `setup-gradle` in jobs that use `ci-incr-build-cache-prepare` is superfluous. But this also renders the caching ineffective as `setup-gradle` is called w/o `cache-read-only: true` in "child jobs", which then attempt to store their Gradle cache contents. This leads to attempty storing the Gradle cache in `Post Setup Gradle` steps of the "child" jobs, conflicting with other child jobs and also conflicting with `Store Gradle Cache` purpose. "Which cache" is then restored, is rather non-deterministic, but almost always at least "partial" leading to unnecessary (re)builds. * Last merged commit f3d53f0 --------- Co-authored-by: Dmitri Bourlatchkov <dmitri.bourlatchkov@gmail.com> Co-authored-by: Clay Johnson <cjohnson@gradle.com> Co-authored-by: Mingyu Chen (Rayner) <yunyou@selectdb.com> Co-authored-by: Prashant Singh <35593236+singhpk234@users.noreply.github.com> Co-authored-by: Yong Zheng <yongzheng0809@gmail.com> Co-authored-by: Mend Renovate <bot@renovateapp.com> Co-authored-by: Adam Christian <105929021+adam-christian-software@users.noreply.github.com> Co-authored-by: JB Onofré <jbonofre@apache.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is requested by @snazy a while back via #822 and @DaniilRoman did the initial implementation via #1102. This is the PR for merged the changes from sample PR with our GH action and Makefile.
There are a lot more allowed licenses from ASF (https://www.apache.org/legal/resolved.html#category-x) and a bunch for which should't be included as well. For now, I put the allow list with the packages that are currently being used.