Perform SPDX license and copyright checks with reuse #81
Conversation
reuse is specialized to check for SPDX license and copyright information in source files. It is capable of checking way more file types than we currently check with opengrep and faster. However it only checks for SPDX information and not the full mandatory copyright header. Therefore opengrep will still be used to check that, but SPDX information will be checked with reuse.
.pre-commit-config.yaml
Outdated
| - repo: https://codeberg.org/fsfe/reuse-tool | ||
| rev: a1bb792acda6fd0724936b4ebbdbc8eceb9c0459 # v6.2.0 | ||
| hooks: | ||
| - id: reuse-lint-file | ||
| exclude: devcontainer-lock.json|.*\.png |
There was a problem hiding this comment.
For the reviewer: reuse is added here
There was a problem hiding this comment.
Can you add it to some readme somewhere on how to use the tool (without precommit)? Where is the config?
There was a problem hiding this comment.
at the moment there is no config. I will try your template proposal
There was a problem hiding this comment.
.github/workflows/ci.yaml
Outdated
| # terms of the Apache License Version 2.0 which is available at | ||
| # https://www.apache.org/licenses/LICENSE-2.0 | ||
| # | ||
| # SPDX-FileCopyrightText: Copyright (c) 2026 Contributors to the Eclipse Foundation |
There was a problem hiding this comment.
We need to figure out where this header came from and if this change is ok
.pre-commit-config.yaml
Outdated
| - repo: https://codeberg.org/fsfe/reuse-tool | ||
| rev: a1bb792acda6fd0724936b4ebbdbc8eceb9c0459 # v6.2.0 | ||
| hooks: | ||
| - id: reuse-lint-file | ||
| exclude: devcontainer-lock.json|.*\.png |
There was a problem hiding this comment.
Can you add it to some readme somewhere on how to use the tool (without precommit)? Where is the config?
Sure? https://reuse.readthedocs.io/en/stable/man/reuse-annotate.html#templates |
I removed the opengrep solution now, but For example this However whenever |
There was a problem hiding this comment.
note the rename. Maybe we still need to keep a copy at LICENSE
.pre-commit-config.yaml
Outdated
| - id: reuse-lint-file | ||
| name: reuse-lint-file (fix with `./scripts/run_reuse_annotate.sh`) |
There was a problem hiding this comment.
should pre-commit not run ./scripts/run_reuse_annotate.sh directly?
There was a problem hiding this comment.
I would love to, but I did not find a way to achieve that. I might need to write a custom rule to do that
There was a problem hiding this comment.
I assume you can do it like this: https://github.com/eclipse-score/dash-license-scan/blob/420c21c753db1494aacb8ce824e49af5d7a54862/.pre-commit-config.yaml#L20
There was a problem hiding this comment.
it is now done using a custom pre-commit rule
2 participants
reuse is specialized to check for SPDX license and copyright information in source files. It is capable of checking way more file types than we currently check with opengrep and faster. In addition to that the Eclipse foundation recommends to use it.
reuse annotateis run in pre-commit hooks, which automatically fixes missing / incorrect headers.