Merge pull request #512 from Alfresco/feature/ACS-2382_LicenseReport

ACS-2382 License reporting.

.travis.yml

@@ -77,13 +77,6 @@ jobs:
       before_script: travis_wait bash _ci/cache_artifacts.sh
       install: _ci/build.sh full-build
       script:  travis_wait 30 bash _ci/test.sh aio-test
-    # - name: "WhiteSource"
-    #   if: branch NOT IN (company_release)
-    #   script: bash _ci/whitesource.sh
-    # - name: "Source Clear Scan (SCA)"
-    #   if: branch NOT IN (company_release)
-    #   install: skip
-    #   script: travis_wait 30 bash _ci/sourceclear.sh
 #    - name: "Static Analysis (SAST)"
 # TODO ATS-721: comment out until it is possible to run concurrent SAST scans
 #    if: branch NOT IN (company_release) AND type != pull_request

.whitesource

@@ -1,8 +0,0 @@
-{
-  "generalSettings": {
-    "shouldScanRepo": true
-  },
-  "checkRunSettings": {
-    "vulnerableCheckRunConclusionLevel": "failure"
-  }
-}

_ci/prepare_release_deploy.sh

@@ -10,11 +10,9 @@ export VERSION=$(git describe --abbrev=0 --tags)
 
 mkdir -p deploy_dir
 
-# Download the WhiteSource report
-# mvn -B org.alfresco:whitesource-downloader-plugin:inventoryReport \
-#     -N \
-#     "-Dorg.whitesource.product=Transform Service" \
-#     -DsaveReportAs=deploy_dir/3rd-party.xlsx
+# Create third party license csv file and add it to the deploy directory.
+git clone --depth=1 https://github.com/Alfresco/third-party-license-overrides.git
+python3 ./third-party-license-overrides/thirdPartyLicenseCSVCreator.py --project "`pwd`" --version "${VERSION}" --combined --output "deploy_dir"
 
 echo "Local deploy directory content:"
 ls -lA deploy_dir

_ci/prepare_staging_deploy.sh

@@ -10,11 +10,9 @@ export VERSION=$(git describe --abbrev=0 --tags)
 
 mkdir -p deploy_dir
 
-# Download the WhiteSource report
-# mvn -B org.alfresco:whitesource-downloader-plugin:inventoryReport \
-#     -N \
-#     "-Dorg.whitesource.product=Transform Service" \
-#     -DsaveReportAs=deploy_dir/3rd-party.xlsx
+# Create third party license csv file and add it to the deploy directory.
+git clone --depth=1 https://github.com/Alfresco/third-party-license-overrides.git
+python3 ./third-party-license-overrides/thirdPartyLicenseCSVCreator.py --project "`pwd`" --version "${VERSION}" --combined --output "deploy_dir"
 
 echo "Local deploy directory content:"
 ls -lA deploy_dir

_ci/settings.xml

@@ -28,10 +28,6 @@
                     <url>https://artifacts.alfresco.com/nexus/content/groups/internal</url>
                 </pluginRepository>
             </pluginRepositories>
-            <properties>
-                <!-- WhiteSource token -->
-                <org.whitesource.orgToken>${env.WHITESOURCE_TOKEN}</org.whitesource.orgToken>
-            </properties>
         </profile>
     </profiles>
 

_ci/whitesource.sh

@@ -1,22 +0,0 @@
-#!/usr/bin/env bash
-
-echo "=========================== Starting WhiteSource Script ==========================="
-PS4="\[\e[35m\]+ \[\e[m\]"
-set -vex
-pushd "$(dirname "${BASH_SOURCE[0]}")/../"
-
-
-mvn -B clean install \
-    -DskipTests org.whitesource:whitesource-maven-plugin:update \
-    -Dorg.whitesource.failOnError=true \
-    -Dorg.whitesource.forceUpdate=true \
-    -Dorg.whitesource.checkPolicies=true \
-    -Dorg.whitesource.forceCheckAllDependencies=true \
-    -Dorg.whitesource.ignorePomModules=false \
-    "-Dorg.whitesource.product=Transform Service" \
-    -Dmaven.wagon.http.pool=false
-
-popd
-set +vex
-echo "=========================== Finishing WhiteSource Script =========================="
-

alfresco-transform-core-aio/alfresco-transform-core-aio-boot/src/license/THIRD-PARTY.properties

@@ -1,54 +0,0 @@
-# Generated by org.codehaus.mojo.license.AddThirdPartyMojo
-#-------------------------------------------------------------------------------
-# Already used licenses in project :
-# - (MIT-style) netCDF C library license
-# - 3-Clause BSD License
-# - Apache 2.0
-# - Apache License 2.0
-# - Apache License v2
-# - Apache License v2.0
-# - Apache License, Version 2.0
-# - Apache License, version 2.0
-# - Apache Software License - Version 2.0
-# - BSD
-# - BSD 3-clause License w/nuclear disclaimer
-# - BSD 3-clause New License
-# - BSD License
-# - BSD-2-Clause
-# - Bouncy Castle Licence
-# - CDDL + GPLv2 with classpath exception
-# - CDDL, v1.0
-# - CDDL/GPLv2+CE
-# - Common Development and Distribution License (CDDL) v1.0
-# - Common Public License
-# - EDL 1.0
-# - EPL 2.0
-# - Eclipse Distribution License - v 1.0
-# - Eclipse Public License - v 1.0
-# - Eclipse Public License 2.0
-# - GNU General Public License, version 2 with the GNU Classpath Exception
-# - GNU Lesser General Public License
-# - GPL2 w/ CPE
-# - LGPL, v2.1 or later
-# - LGPL, version 2.1
-# - MIT License
-# - MIT License (MIT)
-# - Mozilla Public License 1.1 (MPL 1.1)
-# - OGC copyright
-# - Public Domain
-# - Public Domain, per Creative Commons CC0
-# - Similar to Apache License but with the acknowledgment clause removed
-# - The Apache License, Version 2.0
-# - The Apache Software License, Version 2.0
-# - The BSD License
-# - The MIT License
-# - The SAX License
-# - The W3C License
-# - UnRar License
-# - lgpl
-#-------------------------------------------------------------------------------
-# Please fill the missing licenses for dependencies :
-#
-#
-#Thu Apr 09 10:34:00 BST 2020
-net.jcip--jcip-annotations--1.0=Public

alfresco-transform-core-aio/alfresco-transform-core-aio/src/license/THIRD-PARTY.properties

@@ -1,54 +0,0 @@
-# Generated by org.codehaus.mojo.license.AddThirdPartyMojo
-#-------------------------------------------------------------------------------
-# Already used licenses in project :
-# - (MIT-style) netCDF C library license
-# - 3-Clause BSD License
-# - Apache 2.0
-# - Apache License 2.0
-# - Apache License v2
-# - Apache License v2.0
-# - Apache License, Version 2.0
-# - Apache License, version 2.0
-# - Apache Software License - Version 2.0
-# - BSD
-# - BSD 3-clause License w/nuclear disclaimer
-# - BSD 3-clause New License
-# - BSD License
-# - BSD-2-Clause
-# - Bouncy Castle Licence
-# - CDDL + GPLv2 with classpath exception
-# - CDDL, v1.0
-# - CDDL/GPLv2+CE
-# - Common Development and Distribution License (CDDL) v1.0
-# - Common Public License
-# - EDL 1.0
-# - EPL 2.0
-# - Eclipse Distribution License - v 1.0
-# - Eclipse Public License - v 1.0
-# - Eclipse Public License 2.0
-# - GNU General Public License, version 2 with the GNU Classpath Exception
-# - GNU Lesser General Public License
-# - GPL2 w/ CPE
-# - LGPL, v2.1 or later
-# - LGPL, version 2.1
-# - MIT License
-# - MIT License (MIT)
-# - Mozilla Public License 1.1 (MPL 1.1)
-# - OGC copyright
-# - Public Domain
-# - Public Domain, per Creative Commons CC0
-# - Similar to Apache License but with the acknowledgment clause removed
-# - The Apache License, Version 2.0
-# - The Apache Software License, Version 2.0
-# - The BSD License
-# - The MIT License
-# - The SAX License
-# - The W3C License
-# - UnRar License
-# - lgpl
-#-------------------------------------------------------------------------------
-# Please fill the missing licenses for dependencies :
-#
-#
-#Thu Apr 09 10:33:33 BST 2020
-net.jcip--jcip-annotations--1.0=Public

alfresco-transform-tika/alfresco-transform-tika-boot/src/license/THIRD-PARTY.properties

@@ -1,46 +0,0 @@
-# Generated by org.codehaus.mojo.license.AddThirdPartyMojo
-#-------------------------------------------------------------------------------
-# Already used licenses in project :
-# - (MIT-style) netCDF C library license
-# - Apache 2.0
-# - Apache License 2.0
-# - Apache License v2.0
-# - Apache License, Version 2.0
-# - Apache License, version 2.0
-# - Apache Software License - Version 2.0
-# - BSD
-# - BSD 3-clause New License
-# - BSD License
-# - Bouncy Castle Licence
-# - CDDL + GPLv2 with classpath exception
-# - CDDL, v1.0
-# - EPL 2.0
-# - Eclipse Public License - v 1.0
-# - Eclipse Public License, Version 1.0
-# - GNU Lesser General Public License
-# - GNU Lesser General Public License, Version 2.1
-# - GPL2 w/ CPE
-# - LGPL, v2.1 or later
-# - LGPL, version 2.1
-# - MIT License
-# - MIT License (MIT)
-# - MIT license
-# - Mozilla Public License 1.1 (MPL 1.1)
-# - New BSD license
-# - OGC copyright
-# - Public
-# - Public Domain
-# - Public Domain, per Creative Commons CC0
-# - Similar to Apache License but with the acknowledgment clause removed
-# - Specification License
-# - The Apache License, Version 2.0
-# - The Apache Software License, Version 2.0
-# - The BSD License
-# - The MIT License
-# - UnRar License
-#-------------------------------------------------------------------------------
-# Please fill the missing licenses for dependencies :
-#
-#
-#Mon Aug 19 18:06:38 EEST 2019
-net.jcip--jcip-annotations--1.0=Public

alfresco-transform-tika/alfresco-transform-tika/src/license/THIRD-PARTY.properties

@@ -1,52 +0,0 @@
-# Generated by org.codehaus.mojo.license.AddThirdPartyMojo
-#-------------------------------------------------------------------------------
-# Already used licenses in project :
-# - (MIT-style) netCDF C library license
-# - 3-Clause BSD License
-# - Apache 2.0
-# - Apache License 2.0
-# - Apache License v2
-# - Apache License v2.0
-# - Apache License, Version 2.0
-# - Apache License, version 2.0
-# - Apache Software License - Version 2.0
-# - BSD
-# - BSD 3-clause License w/nuclear disclaimer
-# - BSD 3-clause New License
-# - BSD License
-# - BSD-2-Clause
-# - Bouncy Castle Licence
-# - CDDL + GPLv2 with classpath exception
-# - CDDL, v1.0
-# - CDDL/GPLv2+CE
-# - EDL 1.0
-# - EPL 2.0
-# - Eclipse Distribution License - v 1.0
-# - Eclipse Public License - v 1.0
-# - Eclipse Public License 2.0
-# - GNU General Public License, version 2 with the GNU Classpath Exception
-# - GNU Lesser General Public License
-# - GPL2 w/ CPE
-# - LGPL, v2.1 or later
-# - LGPL, version 2.1
-# - MIT License
-# - MIT License (MIT)
-# - Mozilla Public License 1.1 (MPL 1.1)
-# - OGC copyright
-# - Public Domain
-# - Public Domain, per Creative Commons CC0
-# - Similar to Apache License but with the acknowledgment clause removed
-# - The Apache License, Version 2.0
-# - The Apache Software License, Version 2.0
-# - The BSD License
-# - The MIT License
-# - The SAX License
-# - The W3C License
-# - UnRar License
-# - lgpl
-#-------------------------------------------------------------------------------
-# Please fill the missing licenses for dependencies :
-#
-#
-#Thu Apr 09 10:31:19 BST 2020
-net.jcip--jcip-annotations--1.0=Public

docs/build-and-release.md

@@ -4,7 +4,7 @@ The `.travis.yml` config file can be found in the root of the repository.
 
 
 ## Stages and Jobs
-1. **Build**: Java build with unit tests, integration tests and WhiteSource scan.
+1. **Build**: Java build with unit and integration tests.
 2. **Release**: Release with artifact deployment to Nexus and AWS Staging bucket.
 3. **Company Release**: Artifact deployment to AWS Release bucket.
 

pom.xml

@@ -312,10 +312,15 @@
                                 <goal>add-third-party</goal>
                                 <goal>download-licenses</goal>
                             </goals>
+                            <phase>generate-resources</phase>
                             <configuration>
-                                <useMissingFile>true</useMissingFile>
+                                <failOnMissing>true</failOnMissing>
                                 <excludedScopes>provided,test</excludedScopes>
                                 <excludedGroups>org.alfresco</excludedGroups>
+                                <failIfWarning>false</failIfWarning>
+                                <includedLicenses>https://raw.githubusercontent.com/Alfresco/third-party-license-overrides/master/includedLicenses.txt</includedLicenses>
+                                <licenseMergesUrl>https://raw.githubusercontent.com/Alfresco/third-party-license-overrides/master/licenseMerges.txt</licenseMergesUrl>
+                                <overrideUrl>https://raw.githubusercontent.com/Alfresco/third-party-license-overrides/master/override-THIRD-PARTY.properties</overrideUrl>
                             </configuration>
                         </execution>
                         <execution>