scancode.io
scancode.io copied to clipboard
Add AlpinePackages pipeline
Fixes: #191 Depends on: https://github.com/nexB/fetchcode/pull/54, https://github.com/nexB/fetchcode/pull/56, https://github.com/nexB/scancode-toolkit/pull/2598
When developing I ran into some issues that I couldn't fix on my own so I've decided to list them here and mark this PR as a draft:
- The function
fetch_via_git
from https://github.com/nexB/fetchcode/pull/54 doesn't provide any successful/failed checkout feedback which is essential to this PR. - I'm not confident with how I split the entire commit into functions. Especially
complement_missing_packages_data
. It feels too big for a pipeline function (compared to other pipelines). I tried to be as clean as possible but at this point I'm out of ideas. - I'm not sure about file headers/copyrights.
- Do package copyrights require a year (in a legal sense)? This commit uses
--summary
scancode option which is very convenient but it also prunes any year from the original copyright message.
Signed-off-by: Mateusz Perc [email protected]
Can we setup a time to discuss all these in a live session?
Yeah, it would be great.
@pombredanne @aalexanderr I cannot decide on how to test the entire pipeline. It looks like alpine pipe tests which i commited already test the majority of the AlpinePackages pipeline. Integration tests are the only viable option in my opinion but they are slow and problematic (due to using fetchcode etc.). Either way they won't be big, so tell me what you think and i will be quick to write them.
I saved a clone of this repo and branches so we can revisit this when we have this but this will happen in PurlDB using package sets rather than in ScanCode.io proper. We have implemented this for some package types already, and this is where the feature would be best homed.
See https://github.com/nexB/purldb/issues/307 for the follow up.