From ffd79a2347ea091229f4bbb3935c609fa319b9fd Mon Sep 17 00:00:00 2001 From: Quang Truong Date: Tue, 1 Jul 2025 15:28:04 +0200 Subject: [PATCH 1/2] Update dash license plugin tool --- utils/license-maven-plugin/pom.xml | 16 +++++++------- .../licensemavenplugin/ExtraDependencies.java | 3 ++- .../licensemavenplugin/LicenseCheckMojo.java | 21 +++++++++++-------- 3 files changed, 22 insertions(+), 18 deletions(-) diff --git a/utils/license-maven-plugin/pom.xml b/utils/license-maven-plugin/pom.xml index 565c120..44009ff 100644 --- a/utils/license-maven-plugin/pom.xml +++ b/utils/license-maven-plugin/pom.xml @@ -3,12 +3,12 @@ 4.0.0 org.eclipse.set license-maven-plugin - 1.0.1 + 1.1.1 maven-plugin - 17 - 17 + 21 + 21 UTF-8 @@ -16,30 +16,30 @@ org.apache.maven maven-plugin-api - 3.9.3 + 3.9.9 provided org.apache.maven.plugin-tools maven-plugin-annotations - 3.9.0 + 3.15.0 provided org.apache.maven maven-core - 3.9.3 + 3.9.9 provided org.apache.maven.plugins maven-dependency-plugin - 3.6.0 + 3.8.1 org.eclipse.dash license-tool-plugin - 1.0.3-SNAPSHOT + 1.1.1-SNAPSHOT diff --git a/utils/license-maven-plugin/src/main/java/org/eclipse/set/licensemavenplugin/ExtraDependencies.java b/utils/license-maven-plugin/src/main/java/org/eclipse/set/licensemavenplugin/ExtraDependencies.java index 9a7f200..59dfb9b 100644 --- a/utils/license-maven-plugin/src/main/java/org/eclipse/set/licensemavenplugin/ExtraDependencies.java +++ b/utils/license-maven-plugin/src/main/java/org/eclipse/set/licensemavenplugin/ExtraDependencies.java @@ -13,6 +13,7 @@ import java.io.FileNotFoundException; import java.io.FileReader; import java.io.IOException; +import java.io.InputStreamReader; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; @@ -40,7 +41,7 @@ private static IDependencyListReader getReader(Path path) throws FileNotFoundExc File input = path.toFile(); if (input.exists()) { if ("package-lock.json".equals(input.getName())) { - return new PackageLockFileReader(new FileInputStream(input)); + return new PackageLockFileReader(new InputStreamReader(new FileInputStream(input))); } return new FlatFileReader(new FileReader(input)); } else { diff --git a/utils/license-maven-plugin/src/main/java/org/eclipse/set/licensemavenplugin/LicenseCheckMojo.java b/utils/license-maven-plugin/src/main/java/org/eclipse/set/licensemavenplugin/LicenseCheckMojo.java index 09761fe..28c4a17 100644 --- a/utils/license-maven-plugin/src/main/java/org/eclipse/set/licensemavenplugin/LicenseCheckMojo.java +++ b/utils/license-maven-plugin/src/main/java/org/eclipse/set/licensemavenplugin/LicenseCheckMojo.java @@ -49,9 +49,9 @@ import org.eclipse.dash.licenses.maven.AbstractArtifactFilteringMojo; import org.eclipse.dash.licenses.maven.MavenProxySettings; import org.eclipse.dash.licenses.maven.MavenSettings; +import org.eclipse.dash.licenses.projects.ProjectService; import org.eclipse.dash.licenses.review.CreateReviewRequestCollector; import org.eclipse.dash.licenses.review.GitLabSupport; -import org.eclipse.dash.licenses.validation.EclipseProjectIdValidator; import org.sonatype.plexus.components.sec.dispatcher.SecDispatcher; import com.google.inject.Guice; @@ -72,6 +72,13 @@ public class LicenseCheckMojo extends AbstractArtifactFilteringMojo { */ @Parameter(property = "dash.projectId") private String projectId; + + + /** + * Optionally specify the Eclipse Project repository that is the source of the request + */ + @Parameter(property = "dash.repo") + private String repo; /** * Output a summary to the given file. If not specified, then a dependencies @@ -187,7 +194,7 @@ public void execute() throws MojoExecutionException, MojoFailureException { // Validate the user-given dash license tool settings ISettings settings; try { - settings = new MavenSettings(batch, foundationApi, clearlyDefinedApi, licenses, confidence, projectId, iplabToken); + settings = new MavenSettings(batch, foundationApi, clearlyDefinedApi, licenses, confidence, projectId, iplabToken, repo); } catch (IllegalArgumentException e) { throw new MojoExecutionException("Invalid setting: " + e.getMessage()); } @@ -212,12 +219,8 @@ public void execute() throws MojoExecutionException, MojoFailureException { String source = a.getGroupId().startsWith(P2_GROUPID_PREFIX) ? "orbit" : "mavencentral"; // TODO could get duplicates here if two artifact coords differ only by // classifier - IContentId id = M2EDependencyMapper.mapDependency(ContentId.getContentId(type, source, a.getGroupId(), a.getArtifactId(), a.getVersion())); - id = SETSnapshotDropper.mapDependency(id); - deps.add(id); + deps.add(ContentId.getContentId(type, source, a.getGroupId(), a.getArtifactId(), a.getVersion())); }); - - deps.addAll(ExtraDependencies.getExtraDependencies()); List collectors = new ArrayList<>(); @@ -231,7 +234,7 @@ public void execute() throws MojoExecutionException, MojoFailureException { Injector injector = Guice.createInjector(new LicenseToolModule(settings, createProxySettings())); if (settings.getProjectId() != null) { - var validator = injector.getInstance(EclipseProjectIdValidator.class); + var validator = injector.getInstance(ProjectService.class); if (!validator.validate(settings.getProjectId(), message -> getLog().error(message))) { throw new MojoExecutionException("Invalid project id."); } @@ -296,4 +299,4 @@ protected IProxySettings createProxySettings() { proxyServer.getPassword(), securityDispatcher, getLog()); } -} +} \ No newline at end of file From 84aea1a3c5210a8a25cc65d4aeda2332ae30cd87 Mon Sep 17 00:00:00 2001 From: Quang Truong Date: Wed, 25 Mar 2026 16:57:57 +0100 Subject: [PATCH 2/2] Fix missing check package-lock.json --- utils/license-maven-plugin/pom.xml | 2 +- .../licensemavenplugin/LicenseCheckMojo.java | 227 ++++++++++-------- 2 files changed, 133 insertions(+), 96 deletions(-) diff --git a/utils/license-maven-plugin/pom.xml b/utils/license-maven-plugin/pom.xml index 44009ff..ccbc711 100644 --- a/utils/license-maven-plugin/pom.xml +++ b/utils/license-maven-plugin/pom.xml @@ -3,7 +3,7 @@ 4.0.0 org.eclipse.set license-maven-plugin - 1.1.1 + 1.1.2 maven-plugin diff --git a/utils/license-maven-plugin/src/main/java/org/eclipse/set/licensemavenplugin/LicenseCheckMojo.java b/utils/license-maven-plugin/src/main/java/org/eclipse/set/licensemavenplugin/LicenseCheckMojo.java index 28c4a17..73750af 100644 --- a/utils/license-maven-plugin/src/main/java/org/eclipse/set/licensemavenplugin/LicenseCheckMojo.java +++ b/utils/license-maven-plugin/src/main/java/org/eclipse/set/licensemavenplugin/LicenseCheckMojo.java @@ -67,40 +67,31 @@ public class LicenseCheckMojo extends AbstractArtifactFilteringMojo { // @see MavenIdParser::P2_GROUPID_PREFIX private static final String P2_GROUPID_PREFIX = "p2."; /** - * Optionally process the request within the context of an Eclipse Foundation - * project. (E.g., technology.dash) - */ - @Parameter(property = "dash.projectId") - private String projectId; - - - /** - * Optionally specify the Eclipse Project repository that is the source of the request + * Batch size to use (number of entries sent per API call.) */ - @Parameter(property = "dash.repo") - private String repo; + @Parameter(property = "dash.batch", defaultValue = "" + + ISettings.DEFAULT_BATCH) + private int batch; /** - * Output a summary to the given file. If not specified, then a dependencies - * summary will be generated at the default location within - * ${project.build.directory} + * URL for Clearly Defined's license definitions API. */ - @Parameter(property = "dash.summary", defaultValue = "${project.build.directory}/dash/summary") - private File summary; + @Parameter(property = "dash.clearlyDefinedApi", defaultValue = ISettings.DEFAULT_CLEARLYDEFINED_URL) + private String clearlyDefinedApi; /** - * Output a summary of created reviews to the given file. If not specified, then - * a review-summary will be generated at the default location within - * ${project.build.directory} + * Confidence threshold expressed as integer percentage. (0-100) */ - @Parameter(property = "dash.review.summary", defaultValue = "${project.build.directory}/dash/review-summary") - private File reviewSummary; + @Parameter(property = "dash.confidence", defaultValue = "" + + ISettings.DEFAULT_THRESHOLD) + private int confidence; /** - * Batch size to use (number of entries sent per API call.) + * Make the build fail when any dependency is identified as requiring review + * by Eclipse Foundation. */ - @Parameter(property = "dash.batch", defaultValue = "" + ISettings.DEFAULT_BATCH) - private int batch; + @Parameter(property = "dash.fail", defaultValue = "false") + private boolean failWhenReviewNeeded; /** * URL for the Eclipse Foundations's license check API. @@ -108,16 +99,13 @@ public class LicenseCheckMojo extends AbstractArtifactFilteringMojo { @Parameter(property = "dash.foundationApi", defaultValue = ISettings.DEFAULT_IPZILLA_URL) private String foundationApi; - /** - * URL for Clearly Defined's license definitions API. - */ - @Parameter(property = "dash.clearlyDefinedApi", defaultValue = ISettings.DEFAULT_CLEARLYDEFINED_URL) - private String clearlyDefinedApi; + @Parameter(property = "dash.iplab.token") + private String iplabToken; /** - * URL that returns the list of approved licenses. This URL should return a JSON - * document containing a map of SPDX license identifiers and their descriptions, - * for example: + * URL that returns the list of approved licenses. This URL should return a + * JSON document containing a map of SPDX license identifiers and their + * descriptions, for example: * * 
 	 * {
@@ -132,26 +120,17 @@ public class LicenseCheckMojo extends AbstractArtifactFilteringMojo {
 	private String licenses;
 
 	/**
-	 * Confidence threshold expressed as integer percentage. (0-100)
-	 */
-	@Parameter(property = "dash.confidence", defaultValue = "" + ISettings.DEFAULT_THRESHOLD)
-	private int confidence;
-
-	@Parameter(property = "dash.iplab.token")
-	private String iplabToken;
-
-	/**
-	 * Skip execution of the Dash License Check mojo.
+	 * The Maven session.
 	 */
-	@Parameter(property = "dash.skip", defaultValue = "false")
-	private boolean skip;
+	@Parameter(defaultValue = "${session}", readonly = true, required = true)
+	private MavenSession mavenSession;
 
 	/**
-	 * Make the build fail when any dependency is identified as requiring review by
-	 * Eclipse Foundation.
+	 * Optionally process the request within the context of an Eclipse
+	 * Foundation project. (E.g., technology.dash)
 	 */
-	@Parameter(property = "dash.fail", defaultValue = "false")
-	private boolean failWhenReviewNeeded;
+	@Parameter(property = "dash.projectId")
+	private String projectId;
 
 	/**
 	 * Optional <proxy> ID configuration.
@@ -159,30 +138,56 @@ public class LicenseCheckMojo extends AbstractArtifactFilteringMojo {
 	@Parameter(property = "dash.proxy")
 	private String proxy;
 
-	/**
-	 * The Maven session.
-	 */
-	@Parameter(defaultValue = "${session}", readonly = true, required = true)
-	private MavenSession mavenSession;
-
 	/**
 	 * The Maven reactor.
 	 */
 	@Parameter(defaultValue = "${reactorProjects}", readonly = true, required = true)
 	private List reactorProjects;
 
+	/**
+	 * Optionally specify the Eclipse Project repository that is the source of
+	 * the request
+	 */
+	@Parameter(property = "dash.repo")
+	private String repo;
+
+	/**
+	 * Output a summary of created reviews to the given file. If not specified,
+	 * then a review-summary will be generated at the default location within
+	 * ${project.build.directory}
+	 */
+	@Parameter(property = "dash.review.summary", defaultValue = "${project.build.directory}/dash/review-summary")
+	private File reviewSummary;
+
 	/**
 	 * Maven Security Dispatcher
 	 */
 	@Component
 	private SecDispatcher securityDispatcher;
 
+	/**
+	 * Skip execution of the Dash License Check mojo.
+	 */
+	@Parameter(property = "dash.skip", defaultValue = "false")
+	private boolean skip;
+
+	/**
+	 * Output a summary to the given file. If not specified, then a dependencies
+	 * summary will be generated at the default location within
+	 * ${project.build.directory}
+	 */
+	@Parameter(property = "dash.summary", defaultValue = "${project.build.directory}/dash/summary")
+	private File summary;
+
 	@Override
 	public void execute() throws MojoExecutionException, MojoFailureException {
-		// We are aggregating the deps for all projects in the reactor, so we only need
-		// to execute once. This check ensures we run only during the build of the
+		// We are aggregating the deps for all projects in the reactor, so we
+		// only need
+		// to execute once. This check ensures we run only during the build of
+		// the
 		// top-level reactor project and avoids duplicate invocations
-		if (!mavenSession.getCurrentProject().equals(mavenSession.getTopLevelProject())) {
+		if (!mavenSession.getCurrentProject()
+				.equals(mavenSession.getTopLevelProject())) {
 			return;
 		}
 
@@ -194,87 +199,111 @@ public void execute() throws MojoExecutionException, MojoFailureException {
 		// Validate the user-given dash license tool settings
 		ISettings settings;
 		try {
-			settings = new MavenSettings(batch, foundationApi, clearlyDefinedApi, licenses, confidence, projectId, iplabToken, repo);
-		} catch (IllegalArgumentException e) {
-			throw new MojoExecutionException("Invalid setting: " + e.getMessage());
+			settings = new MavenSettings(batch, foundationApi,
+					clearlyDefinedApi, licenses, confidence, projectId,
+					iplabToken, repo);
+		} catch (final IllegalArgumentException e) {
+			throw new MojoExecutionException(
+					"Invalid setting: " + e.getMessage());
 		}
 
-		// Get filtered list of project dependencies for all modules in the reactor
-		Set filteredArtifacts = new HashSet<>();
-		for (MavenProject project : reactorProjects) {
+		// Get filtered list of project dependencies for all modules in the
+		// reactor
+		final Set filteredArtifacts = new HashSet<>();
+		for (final MavenProject project : reactorProjects) {
 			filteredArtifacts.addAll(filterArtifacts(project.getArtifacts()));
 		}
 
 		if (getLog().isDebugEnabled()) {
 			getLog().debug("Filtered dependency artifact list:");
-			filteredArtifacts.stream().sorted().map(a -> "  " + a).forEach(getLog()::debug);
+			filteredArtifacts.stream()
+					.sorted()
+					.map(a -> "  " + a)
+					.forEach(getLog()::debug);
 		}
 
 		// Adapt dependency artifacts to dash content IDs
-		List deps = new ArrayList<>();
+		final List deps = new ArrayList<>();
 		filteredArtifacts.stream().sorted().forEach(a -> {
 			// FIXME Refactor. This is duplicated from MavenIdParser
-			String type = a.getGroupId().startsWith(P2_GROUPID_PREFIX) ? "p2" : "maven";
+			final String type = a.getGroupId().startsWith(P2_GROUPID_PREFIX) ? "p2"
+					: "maven";
 			// TODO deps are not necessarily from orbit or maven central
-			String source = a.getGroupId().startsWith(P2_GROUPID_PREFIX) ? "orbit" : "mavencentral";
-			// TODO could get duplicates here if two artifact coords differ only by
+			final String source = a.getGroupId().startsWith(P2_GROUPID_PREFIX)
+					? "orbit"
+					: "mavencentral";
+			// TODO could get duplicates here if two artifact coords differ only
+			// by
 			// classifier
-			deps.add(ContentId.getContentId(type, source, a.getGroupId(), a.getArtifactId(), a.getVersion()));
+			deps.add(ContentId.getContentId(type, source, a.getGroupId(),
+					a.getArtifactId(), a.getVersion()));
 		});
 
-		List collectors = new ArrayList<>();
+		deps.addAll(ExtraDependencies.getExtraDependencies());
+		final List collectors = new ArrayList<>();
 
-		// This collector generates feedback for the user that the command line tool
-		// would always print to stdout, so we collect the output in memory for printing
+		// This collector generates feedback for the user that the command line
+		// tool
+		// would always print to stdout, so we collect the output in memory for
+		// printing
 		// to the maven log later
-		ByteArrayOutputStream primaryOut = new ByteArrayOutputStream();
-		NeedsReviewCollector needsReviewCollector = new NeedsReviewCollector();
+		final ByteArrayOutputStream primaryOut = new ByteArrayOutputStream();
+		final NeedsReviewCollector needsReviewCollector = new NeedsReviewCollector();
 		collectors.add(needsReviewCollector);
 
-		Injector injector = Guice.createInjector(new LicenseToolModule(settings, createProxySettings()));
-		
+		final Injector injector = Guice.createInjector(
+				new LicenseToolModule(settings, createProxySettings()));
+
 		if (settings.getProjectId() != null) {
-			var validator = injector.getInstance(ProjectService.class);
-			if (!validator.validate(settings.getProjectId(), message -> getLog().error(message))) {
+			final var validator = injector.getInstance(ProjectService.class);
+			if (!validator.validate(settings.getProjectId(),
+					message -> getLog().error(message))) {
 				throw new MojoExecutionException("Invalid project id.");
 			}
 		}
-		
-		LicenseChecker checker = injector.getInstance(LicenseChecker.class);
+
+		final LicenseChecker checker = injector.getInstance(LicenseChecker.class);
 
 		summary.getParentFile().mkdirs();
 		reviewSummary.getParentFile().mkdirs();
 
-		try (
-				OutputStream summaryOut = new FileOutputStream(summary);
-				PrintWriter reviewSummaryOut = new PrintWriter(new FileWriter(reviewSummary))) {
+		try (OutputStream summaryOut = new FileOutputStream(summary);
+				PrintWriter reviewSummaryOut = new PrintWriter(
+						new FileWriter(reviewSummary))) {
 
 			collectors.add(new CSVCollector(summaryOut));
 
 			if (iplabToken != null && projectId != null) {
-				collectors.add(new CreateReviewRequestCollector(injector.getInstance(GitLabSupport.class),
-						(id, url) -> reviewSummaryOut.println("[" + id + "](" + url + ")")));
+				collectors.add(new CreateReviewRequestCollector(
+						injector.getInstance(GitLabSupport.class),
+						(id, url) -> reviewSummaryOut
+								.println("[" + id + "](" + url + ")")));
 			} else if (iplabToken != null) {
 				getLog().info(
 						"Provide both an authentication token and a project id to automatically create review tickets.");
 			}
 
-			for (LicenseData licenseData : checker.getLicenseData(deps).values()) {
+			for (final LicenseData licenseData : checker.getLicenseData(deps)
+					.values()) {
 				collectors.forEach(c -> c.accept(licenseData));
 			}
 			collectors.forEach(IResultsCollector::close);
 
-		} catch (IOException e) {
-			throw new MojoExecutionException("Can't write dependency summary file", e);
+		} catch (final IOException e) {
+			throw new MojoExecutionException(
+					"Can't write dependency summary file", e);
 		}
 
 		// Pass the output from the collectors to the maven log
-		primaryOut.toString(StandardCharsets.UTF_8).lines().forEach(getLog()::info);
+		primaryOut.toString(StandardCharsets.UTF_8)
+				.lines()
+				.forEach(getLog()::info);
 
 		getLog().info("Summary file was written to: " + summary);
 
 		if (failWhenReviewNeeded && needsReviewCollector.getStatus() > 0) {
-			getLog().error("Dependency license check failed. Some dependencies need to be vetted.");
+			getLog().error(
+					"Dependency license check failed. Some dependencies need to be vetted.");
 			throw new MojoFailureException("Some dependencies must be vetted.");
 		}
 	}
@@ -282,10 +311,16 @@ public void execute() throws MojoExecutionException, MojoFailureException {
 	protected IProxySettings createProxySettings() {
 		Proxy proxyServer = mavenSession.getSettings().getActiveProxy();
 		if (proxy != null) {
-			proxyServer = mavenSession.getSettings().getProxies().stream().filter(p -> proxy.equals(p.getId()))
-					.findFirst().orElse(null);
+			proxyServer = mavenSession.getSettings()
+					.getProxies()
+					.stream()
+					.filter(p -> proxy.equals(p.getId()))
+					.findFirst()
+					.orElse(null);
 			if (proxyServer == null) {
-				getLog().warn(MessageFormat.format("No such proxy server is activated in settings.xml: {0}", proxy));
+				getLog().warn(MessageFormat.format(
+						"No such proxy server is activated in settings.xml: {0}",
+						proxy));
 				return null;
 			}
 		}
@@ -295,8 +330,10 @@ protected IProxySettings createProxySettings() {
 			return null;
 		}
 
-		return new MavenProxySettings(proxyServer.getProtocol(), proxyServer.getHost(), proxyServer.getPort(), proxyServer.getUsername(),
-				proxyServer.getPassword(), securityDispatcher, getLog());
+		return new MavenProxySettings(proxyServer.getProtocol(),
+				proxyServer.getHost(), proxyServer.getPort(),
+				proxyServer.getUsername(), proxyServer.getPassword(),
+				securityDispatcher, getLog());
 	}
 
 }
\ No newline at end of file