diff --git a/.asf.yaml b/.asf.yaml index 06a1287b3ca..eb828d3bb41 100644 --- a/.asf.yaml +++ b/.asf.yaml @@ -85,6 +85,7 @@ github: # Actions workflows. They do not include the workflow name as a # prefix contexts: + - rat-check - check-skip - Build Apache Cloudberry RPM - RPM Install Test Apache Cloudberry diff --git a/.github/workflows/apache-rat-audit.yml b/.github/workflows/apache-rat-audit.yml new file mode 100644 index 00000000000..9b0fa4845db --- /dev/null +++ b/.github/workflows/apache-rat-audit.yml @@ -0,0 +1,149 @@ +# -------------------------------------------------------------------- +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed +# with this work for additional information regarding copyright +# ownership. The ASF licenses this file to You under the Apache +# License, Version 2.0 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of the +# License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. +# +# -------------------------------------------------------------------- +# Apache Rat Audit Workflow +# Checks if all files comply with Apache licensing requirements +# This workflow is based on the Apache Rat tool, you can run it locally +# using the command: `mvn clean verify -Drat.consoleOutput=true` +# -------------------------------------------------------------------- + +name: Apache Rat Audit + +on: + push: + branches: [main] + pull_request: + branches: [main] + types: [opened, synchronize, reopened, edited] + workflow_dispatch: + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + rat-check: + name: Apache Rat License Check + runs-on: ubuntu-latest + timeout-minutes: 10 + + steps: + - name: Check out repository + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Set up Java and Maven + uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: '11' + cache: maven + + - name: Run Apache Rat check + id: rat-check + run: | + echo "Running Apache Rat license check..." + mvn clean verify -Drat.consoleOutput=true | tee rat-output.log + + # Check for build failure + if grep -q "\[INFO\] BUILD FAILURE" rat-output.log; then + echo "rat_failed=true" >> $GITHUB_OUTPUT + echo "::error::Apache Rat check failed - build failure detected" + exit 1 + fi + + # If we got here, the check passed + echo "rat_failed=false" >> $GITHUB_OUTPUT + echo "Apache Rat check passed successfully" + + - name: Upload Rat check results + if: always() + uses: actions/upload-artifact@v4 + with: + name: rat-check-results + path: rat-output.log + retention-days: 7 + + - name: Generate Job Summary + if: always() + run: | + { + echo "## Apache Rat Audit Results" + echo "- Run Time: $(date -u +'%Y-%m-%d %H:%M:%S UTC')" + echo "" + + if [[ -f rat-output.log ]]; then + # First extract and display summary statistics (only once) + if grep -q "Rat check: Summary over all files" rat-output.log; then + echo "#### 📊 License Summary" + summary_line=$(grep "Rat check: Summary over all files" rat-output.log) + echo "\`\`\`" + echo "$summary_line" + echo "\`\`\`" + echo "" + fi + + # Then determine the result status + if grep -q "\[INFO\] BUILD FAILURE" rat-output.log; then + echo "### ❌ Check Failed - License Compliance Issues Detected" + echo "" + + # Extract and display files with unapproved licenses + if grep -q "Files with unapproved licenses:" rat-output.log; then + echo "#### 🚫 Files with Unapproved Licenses" + echo "\`\`\`" + # Get the line with "Files with unapproved licenses:" and all following lines until the dashed line + sed -n '/Files with unapproved licenses:/,/\[INFO\] ------------------------------------------------------------------------/p' rat-output.log | \ + grep -v "\[INFO\] ------------------------------------------------------------------------" | \ + grep -v "^$" | \ + head -20 + echo "\`\`\`" + echo "" + fi + + echo "💡 **How to fix:**" + echo "" + echo "**For new original files you created:**" + echo "- Add the standard Apache License header to each file" + echo "" + echo "**For third-party files with different licenses:**" + echo "- Add the file to exclusion list in \`pom.xml\` under the rat-maven-plugin configuration" + echo "- Ensure the license is compatible with Apache License 2.0" + echo "- Avoid introducing components with incompatible licenses" + echo "" + echo "**Need help?**" + echo "- Run \`mvn clean verify -Drat.consoleOutput=true\` locally for the full report" + echo "- Email dev@cloudberry.apache.org if you have questions about license compatibility" + + elif grep -q "\[INFO\] BUILD SUCCESS" rat-output.log; then + echo "### ✅ Check Passed - All Files Comply with Apache License Requirements" + + else + echo "### ⚠️ Indeterminate Result" + echo "Check the uploaded log file for details." + fi + else + echo "### ⚠️ No Output Log Found" + echo "The rat-output.log file was not generated." + fi + } >> "$GITHUB_STEP_SUMMARY" diff --git a/print-test.c b/print-test.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test1.c b/print-test1.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test1.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_10.c b/print-test_10.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_10.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_11.c b/print-test_11.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_11.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_12.c b/print-test_12.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_12.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_13.c b/print-test_13.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_13.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_14.c b/print-test_14.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_14.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_15.c b/print-test_15.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_15.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_16.c b/print-test_16.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_16.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_17.c b/print-test_17.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_17.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_18.c b/print-test_18.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_18.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_19.c b/print-test_19.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_19.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_2.c b/print-test_2.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_2.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_20.c b/print-test_20.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_20.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_3.c b/print-test_3.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_3.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_4.c b/print-test_4.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_4.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_5.c b/print-test_5.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_5.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_6.c b/print-test_6.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_6.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_7.c b/print-test_7.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_7.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_8.c b/print-test_8.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_8.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/print-test_9.c b/print-test_9.c new file mode 100644 index 00000000000..0458879b1a5 --- /dev/null +++ b/print-test_9.c @@ -0,0 +1,3 @@ +# include + +printf "hello world!" diff --git a/test-license.py b/test-license.py new file mode 100644 index 00000000000..3af688a342b --- /dev/null +++ b/test-license.py @@ -0,0 +1,3 @@ +#/usr/bin/env python3 + +printf "hello world"