text icon indicating copy to clipboard operation
text copied to clipboard
verified publisher icon nextcloud

fix(build): without non deterministic vendor-LICENSE.txt

Open max-nextcloud opened this issue 1 year ago • 2 comments

The content of vendor.LICENSE.txt is not deterministic.

If two versions of one library are imported one of them will be picked and listed in the file.

This results in arbitrary changes to the file which in turn create npm fix audit PRs such as #6534.

See also: https://nextcloud-libraries.github.io/nextcloud-vite-config/interfaces/BaseOptions.html#thirdPartyLicense

max-nextcloud avatar Oct 17 '24 03:10 max-nextcloud

I think we added that on purpose for compliance reasons, but I'm unsure what the current state there is.

activity for example also has this disabled and a separate flag but commented out: https://github.com/nextcloud/activity/blame/master/vite.config.ts#L16-L18

@susnux Any hint there? Is this fine to turn off for now?

juliusknorr avatar Oct 17 '24 06:10 juliusknorr

It is ok to do so, but instead enabled extractLicenseInformation to keep us compliant.

susnux avatar Oct 17 '24 13:10 susnux

@max-nextcloud Can you adjust that?

juliusknorr avatar Nov 18 '24 07:11 juliusknorr

@max-nextcloud Can you adjust that?

Done. Added extractLicenseInformation: true.

max-nextcloud avatar Dec 10 '24 07:12 max-nextcloud

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 47.56%. Comparing base (58d0626) to head (2eea6a2). Report is 25 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6539      +/-   ##
==========================================
+ Coverage   46.26%   47.56%   +1.29%     
==========================================
  Files         746      284     -462     
  Lines       34452    33515     -937     
  Branches     1239      777     -462     
==========================================
  Hits        15940    15940              
+ Misses      17892    17417     -475     
+ Partials      620      158     -462

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Dec 13 '24 07:12 codecov[bot]

@max-nextcloud I think this broke reuse compliance, can you check that? Seems it only happend on main as the committed assets were only updated there.

juliusknorr avatar Dec 16 '24 08:12 juliusknorr

@juliusknorr ahh... I was wondering what broke it. I'll take a look

max-nextcloud avatar Dec 16 '24 09:12 max-nextcloud

/backport to stable30

max-nextcloud avatar Dec 16 '24 15:12 max-nextcloud

The backport to stable30 failed. Please do this backport manually.

# Switch to the target branch and update it
git checkout stable30
git pull origin stable30

# Create the new backport branch
git checkout -b backport/6539/stable30

# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts, resolve them
git cherry-pick 2eea6a29

# Push the cherry pick commit to the remote repository and open a pull request
git push origin backport/6539/stable30

Error: No changes found in backport branch

Learn more about backports at https://docs.nextcloud.com/server/stable/go.php?to=developer-backports.

backportbot[bot] avatar Dec 16 '24 15:12 backportbot[bot]

Please remove the backport-request label if you manually backported :)

juliusknorr avatar Mar 19 '25 22:03 juliusknorr