蓝盾DevOps体系下孵化项目迁移事项 TencentBlueKing#8042

使用更快的gradle-license-report插件对一些协议的全称写法不同,导致造成识别上的差异而失败需要进行补充允许, 以及对一些特殊的包进行说明和手动豁免
useryuyu · Sep 11, 2023 · d437337 · d437337
1 parent 08ff893
commit d437337
Show file tree

Hide file tree

Showing 8 changed files with 93,258 additions and 0 deletions.
diff --git a/THIRD-PARTY-NOTICES.txt b/THIRD-PARTY-NOTICES.txt
diff --git a/scripts/packager-ci.sh b/scripts/packager-ci.sh
@@ -11,6 +11,7 @@ on_ERR (){
 my_path="$(readlink -f "$0")"
 my_dir=${my_path%/*}
 [ -d "$my_dir" ] || { echo >&2 "ERROR: my_dir is NOT an existed dir: $my_dir."; return 3; }
+# shellcheck disable=SC2034
 cmd_collect_ci_ms_name="$my_dir/bk-ci-collect-ms-name.sh"
 cmd_ci_slim="$my_dir/bk-ci-slim.sh"
 
@@ -83,6 +84,13 @@ prepare_agentless (){
   cp -r "$ci_pkg_dir/dockerhost" "$ci_pkg_dir/agentless"
 }
 
+copy_license_files () {
+  echo "copy license files: $ci_code_dir/LICENSE.txt to $ci_pkg_dir/LICENSE.txt"
+  cp -f "$ci_code_dir/LICENSE.txt" "$ci_pkg_dir/LICENSE.txt"
+  echo "copy license files: $ci_bin_msjar_dir/THIRD-PARTY-NOTICES.txt $ci_pkg_dir/THIRD-PARTY-NOTICES.txt"
+  cp -f "$ci_bin_msjar_dir/THIRD-PARTY-NOTICES.txt" "$ci_pkg_dir/THIRD-PARTY-NOTICES.txt"
+}
+
 packager_ci (){
   mkdir -p "$ci_pkg_dir"
   echo "ci_code_dir is $ci_code_dir."
@@ -95,6 +103,7 @@ packager_ci (){
   collect_backend
   collect_frontend
   prepare_agentless
+  copy_license_files
   echo "gen version:"
   echo "$VERSION" | tee "$ci_pkg_dir/VERSION"
   echo "BK_CI_VERSION=\"$VERSION\"" | tee -a "$ci_pkg_dir/scripts/bkenv.properties"

diff --git a/src/backend/ci/build.gradle.kts b/src/backend/ci/build.gradle.kts
@@ -1,6 +1,7 @@
 plugins {
     id("com.tencent.devops.boot") version "0.0.7"
     detektCheck
+    `task-license-report` // 检查License合规
 }
 
 apply(plugin = "org.owasp.dependencycheck")
@@ -16,6 +17,7 @@ allprojects {
 
     // 加载boot的插件
     if (name.startsWith("boot-")) {
+        pluginManager.apply("org.owasp.dependencycheck") // 检查依赖包漏洞版本
         pluginManager.apply("task-i18n-load") // i18n插件
         if (System.getProperty("devops.assemblyMode") == "KUBERNETES") {
             pluginManager.apply("task-docker-build") // Docker镜像构建

diff --git a/src/backend/ci/buildSrc/build.gradle.kts b/src/backend/ci/buildSrc/build.gradle.kts
@@ -22,4 +22,6 @@ dependencies {
     implementation("org.apache.logging.log4j:log4j-core:2.17.1")
     implementation("org.owasp:dependency-check-gradle:7.1.0.1")
     implementation("com.google.cloud.tools:jib-gradle-plugin:3.3.1")
+    implementation("com.namics.oss.gradle.license:license-enforce-plugin:1.6.3")  // 1.7.0+ need gradle-8.0
+    implementation("com.github.jk1:gradle-license-report:1.17") // 2.x need gradle-7.0
 }
diff --git a/src/backend/ci/buildSrc/src/main/kotlin/plugins/task-license-report.gradle.kts b/src/backend/ci/buildSrc/src/main/kotlin/plugins/task-license-report.gradle.kts
@@ -0,0 +1,66 @@
+import com.github.jk1.license.render.TextReportRenderer
+
+/*
+ * Tencent is pleased to support the open source community by making BK-CI 蓝鲸持续集成平台 available.
+ *
+ * Copyright (C) 2019 THL A29 Limited, a Tencent company.  All rights reserved.
+ *
+ * BK-CI 蓝鲸持续集成平台 is licensed under the MIT license.
+ *
+ * A copy of the MIT License is included in this file.
+ *
+ *
+ * Terms of the MIT License:
+ * ---------------------------------------------------
+ * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
+ * documentation files (the "Software"), to deal in the Software without restriction, including without limitation the
+ * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all copies or substantial portions of
+ * the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+ * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+ * NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+ * SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+
+plugins {
+    id("com.github.jk1.dependency-license-report")
+}
+
+licenseReport {
+    excludeGroups = arrayOf(
+        "com.tencent.bk.devops.ci",
+        "com.tencent.bk.devops.turbo",
+        "com.tencent.bk.repo",
+        "com.tencent.bk.sdk",
+        "com.tencent.devops",
+        "com.tencent.devops.leaf"
+    )
+    // Don't include artifacts of project's own group into the report
+    excludeOwnGroup = true
+
+    // exclude bom dependencies. If set to true, then all boms will be excluded from the report
+    excludeBoms = true
+
+    // 第三方依赖license声明
+    renderers = arrayOf(TextReportRenderer(/* filename = */ "THIRD-PARTY-NOTICES.txt"))
+
+    // 对一些协议的全称写法不同,导致造成识别上的差异而失败需要进行补充允许, 以及对一些特殊的包进行说明和手动豁免
+    allowedLicensesFile = File("${rootProject.projectDir}/buildSrc/src/main/resources/allowed-licenses.json")
+}
+
+tasks.register("weCheckLicense") {
+    group = "checking"
+    this.dependsOn("checkLicense")
+    doLast { // 检查结束后, 将第三方依赖项license复制到release目录, 以便随包发行
+        println("weCheckLicense: copy THIRD-PARTY-NOTICES.txt to release")
+        File(/* pathname = */ "${rootProject.projectDir}/build/reports/dependency-license/THIRD-PARTY-NOTICES.txt")
+            .renameTo(File(/* pathname = */ "${rootProject.projectDir}/release/THIRD-PARTY-NOTICES.txt"))
+    }
+}
+
+tasks.getByName("classes").dependsOn("weCheckLicense")