https://github.com/deviceinsight/dependency-license-exporter
https://github.com/deviceinsight/dependency-license-exporter
Last synced: over 1 year ago
JSON representation
- Host: GitHub
- URL: https://github.com/deviceinsight/dependency-license-exporter
- Owner: deviceinsight
- License: apache-2.0
- Created: 2020-07-08T11:09:39.000Z (about 6 years ago)
- Default Branch: develop
- Last Pushed: 2025-03-05T16:20:01.000Z (over 1 year ago)
- Last Synced: 2025-03-05T16:24:22.800Z (over 1 year ago)
- Language: FreeMarker
- Size: 39.1 KB
- Stars: 4
- Watchers: 7
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# dependency-license-exporter
This repo is a small maven project which generates a `jar` to place config files on the classpath
when generating dependency license information using [License Maven Plugin](https://www.mojohaus.org/license-maven-plugin/).
These config files allows for a generated license list that matches the company requirements.
## Quick Start
Add a maven profile to your `pom.xml`:
```xml
2.0.0
1.1.1
create-license-list
org.codehaus.mojo
license-maven-plugin
${license-maven-plugin.version}
com.deviceinsight
dependency-license-exporter
${dependency-license-exporter.version}
true
classpath:license-merges.txt
classpath:override-licenses.txt
classpath:allowed-licenses-for-deviceinsight.txt
false
true
false
test,provided
^com\.deviceinsight|^net\.centersight
dependencies-license.adoc
/com/deviceinsight/license/exporter/adoc-template.ftl
${project.basedir}
create-license-list
add-third-party
aggregate-add-third-party
generate-resources
```
Now run the following command and a file `dependencies-license.adoc` should be generated in the root folder of the project:
```bash
mvn clean generate-resources -Pcreate-license-list
```
Or invoke the goal directly:
```bash
mvn license:add-third-party
mvn license:aggregate-add-third-party
```
## Configuration Guide
### Overriding Default Configuration Files
Each project can also override the files included in this plugin with their own, e.g.:
```xml
file:/${maven.multiModuleProjectDirectory}/dependencies-license-allowed.txt
${project.basedir}/dependencies-license-template.ftl
```
### Overriding Found Licenses
If [License Maven Plugin](https://www.mojohaus.org/license-maven-plugin/) determines a license for a dependency but the
license is incorrect or not specific enough, we can override it:
In this repo we maintain file with license overrides (`src/main/resources/override-licenses.txt`) where license information can be added.
this file is loaded via `overrideUrl` configuration in the profile above.
#### File Format
```text
${mavenGroupId}--${mavenArtifactId}--${version}=${license}
```
NOTE: `${license}` should be the `spdx identifier` of the license (see: https://spdx.org/licenses/).
### Missing Licenses
If [License Maven Plugin](https://www.mojohaus.org/license-maven-plugin/) was unable to determine the license for a dependency
the license can manually be added. Missing licenses can be added in two ways:
- Recommended way: Define the license in license overrides, see above
- If you do not want to define the license in that central place for whatever reason, it is possible to define
it in the local project.
* Remove the configuration `true` or define it as `false`
* The build will generate a file `src/license/THIRD-PARTY.properties`, see: [missingFile configuration](https://www.mojohaus.org/license-maven-plugin/add-third-party-mojo.html#missingFile)
* Define the license in that file \
The file format is the same as in the license overrides
* Note: The `override-licenses.txt` will override that definition
### Merging Licenses
Dependencies might declare the name of the same license in different ways e.g. (`Apache 2`, `Apache 2.0`, `...`) in order
to consolidate the used licenses different names can be merged into one using the file `src/main/resources/license-merges.txt`
which is loaded via `licenseMergesUrl` configuration in the profile above.
#### File Format
```text
${spdx identifier}|${license spelling A}|${license spelling B}|${license spelling C}
```
In order to have a consistent naming of the licenses the first entry in a row should be the `spdx identifier` of the
license (see: https://spdx.org/licenses/).
Whenever a new `spdx identifier` is added, make sure to add it to the output templates as well, e.g.
`src/main/resources/com/deviceinsight/license/exporter/adoc-template.ftl`.
This way we can directly generate a link to the license description.
### Multi module project
There are two different goals: `add-third-party` and `aggregate-add-third-party`.
With `add-third-party` the dependency file is created for each module.
If only one dependency file in a multi module project should be generated, the `aggregate-add-third-party` goal can be used.
### Allowed Licenses
Projects can be configured to fail at build time when containing a library whose license is not allowed:
```xml
true
classpath:allowed-licenses.txt
```
### Built-in Templates for Generated License List
This plugin provides two built-in asciidoc templates for the generated license files.
`adoc-template.ftl` lists the libraries with groupId:artifactId, version, URL and the SPDX link to the license.
`adoc-template-four-columns.ftl` lists the libraries with human readable name - linked to the library's homepage,
groupId:artifactId, version, and the SPDX link to the license.
```xml
/com/deviceinsight/license/exporter/adoc-template-four-columns.ftl
```
## Releasing
Creating a new release involves the following steps:
* `mvn gitflow:release-start gitflow:release-finish`
* `git push origin master`
* `git push --tags`
* `git push origin develop`
In order to deploy the release to Maven Central, you need to create an account at https://central.sonatype.com.
Then, generate a login token at https://oss.sonatype.org at _Profile_ / _User Token_. Add this login token to the file `~/.m2/settings.xml`:
```xml
ossrh
...token-username...
...token-password...
```
The account also needs access to the project on Maven Central. This can be requested by another project member.
Then check out the release you want to deploy (`git checkout x.y.z`) and run `mvn deploy -Prelease`.