From eed582c5315dbe340c63b8d34ff298a55d764b5e Mon Sep 17 00:00:00 2001 From: David Roberts Date: Wed, 22 Jul 2020 11:19:48 +0100 Subject: [PATCH] [7.8] Add script and config for FOSSA scanning FOSSA will check that we are only using code with approved licenses. Backport of #1370 --- .fossa.yml | 76 +++++++++++++++++++++++++++++++++++++++++ dev-tools/fossa_scan.sh | 24 +++++++++++++ 2 files changed, 100 insertions(+) create mode 100755 .fossa.yml create mode 100755 dev-tools/fossa_scan.sh diff --git a/.fossa.yml b/.fossa.yml new file mode 100755 index 0000000000..164b088974 --- /dev/null +++ b/.fossa.yml @@ -0,0 +1,76 @@ +# Generated by FOSSA CLI (https://github.com/fossas/fossa-cli) +# Visit https://fossa.com to learn more + +version: 2 +cli: + server: https://app.fossa.com + fetcher: custom + project: git@github.com:elastic/ml-cpp.git +analyze: + modules: + - name: 3rd_party/licenses + type: raw + target: 3rd_party/licenses + - name: 3rd_party/rapidjson/include/rapidjson + type: raw + target: 3rd_party/rapidjson/include/rapidjson + - name: include/api + type: raw + target: include/api + - name: include/config + type: raw + target: include/config + - name: include/core + type: raw + target: include/core + - name: include/maths + type: raw + target: include/maths + - name: include/model + type: raw + target: include/model + - name: include/ver + type: raw + target: include/ver + - name: include/seccomp + type: raw + target: include/seccomp + - name: lib/api + type: raw + target: lib/api + - name: lib/config + type: raw + target: lib/config + - name: lib/core + type: raw + target: lib/core + - name: lib/maths + type: raw + target: lib/maths + - name: lib/model + type: raw + target: lib/model + - name: lib/ver + type: raw + target: lib/ver + - name: lib/seccomp + type: raw + target: lib/seccomp + - name: bin/autoconfig + type: raw + target: bin/autoconfig + - name: bin/autodetect + type: raw + target: bin/autodetect + - name: bin/categorize + type: raw + target: bin/categorize + - name: bin/controller + type: raw + target: bin/controller + - name: bin/normalize + type: raw + target: bin/normalize + - name: bin/data_frame_analyzer + type: raw + target: bin/data_frame_analyzer diff --git a/dev-tools/fossa_scan.sh b/dev-tools/fossa_scan.sh new file mode 100755 index 0000000000..dc54150865 --- /dev/null +++ b/dev-tools/fossa_scan.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# +# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one +# or more contributor license agreements. Licensed under the Elastic License; +# you may not use this file except in compliance with the Elastic License. +# + +# Run a FOSSA scan on the repo to check for license violations + +# Get the FOSSA API token from Vault +set +x +export VAULT_TOKEN=$(vault write -field=token auth/approle/login role_id="$VAULT_ROLE_ID" secret_id="$VAULT_SECRET_ID") +unset VAULT_ROLE_ID VAULT_SECRET_ID +export FOSSA_API_KEY=$(vault read -field=token secret/jenkins-ci/fossa/api-token) +unset VAULT_TOKEN +set -x + +# Change directory to the top level of the repo +readonly GIT_TOPLEVEL=$(git rev-parse --show-toplevel 2> /dev/null) +cd "$GIT_TOPLEVEL" + +# Run the FOSSA scan +fossa analyze +