scala-steward
scala-steward copied to clipboard
scala-steward-org
Proposal: Exclude akka by default
Users that bump akka based on a scala steward PR may find themselves accidentally in violation of changed licence terms. https://www.lightbend.com/blog/why-we-are-changing-the-license-for-akka.
I don't imagine it's too hard to ignore this dependency by default in Scala Steward. What I don't see is an easy way to unignore the default for end users that actually want the updates.
I wonder where would we need to disable it actually, it might only be possible on a particular repo currently. This looks like something we should change inside of Scala Steward itself. Or maybe is there a setting to disable it on a particular runner?
But I strongly agree we should not let people upgrade by mistake.
Och, we could use the same trick as we do with Scala releases https://github.com/scala-steward-org/scala-steward/pull/2706/files
One thing that worries me is how would we be able to override the ignore section as the configurations are merged. Maybe we should instead have additional config for allowed-licenses, which could be overridden.
However, I think it would be good to update ignored section for akka for the time being.
I raised a PR here: https://github.com/scala-steward-org/scala-steward/pull/2709
WiP for now.
Instead of auto-applying white- or black-lists, we should instead support filtering by license. License information is included in Maven Central published poms. We should by-default only accept open source licenses. Users/Projects who acquired commercial licenses can then add those projects coordinates to their project config.
Instead of auto-applying white- or black-lists, we should instead support filtering by license. License information is included in Maven Central published poms. We should by-default only accept open source licenses. Users/Projects who acquired commercial licenses can then add those projects coordinates to their project config.
That's what I was thinking of doing next, just not sure about how long it will take me to implement :sweat:
Closing as resolved in https://github.com/scala-steward-org/scala-steward/pull/2709 Please not that akka exclusion is not 100%-guaranteed. It may be slipped if akka is used as a transitive dependency.
how can i enable the upgrade of akka? (without disabling the default config alltogether)
I think you should be able to just create your scala-steward.conf file and that should be used instead of the default?
@tgodzik thanks for your reply. I have a scala-steward.conf file so I thought the default and my own one are merged, there's also a CLI option
--disable-default-repo-config
Whether to disable the default repo config file
Looking at https://github.com/scala-steward-org/scala-steward/blob/main/modules/core/src/main/scala/org/scalasteward/core/repoconfig/RepoConfigLoader.scala#L35 the config files are merged
@an-tex you would need to disable the global config.
and copy what you still want from the global default into your local scala-steward.conf.
Merging has no option to "overwrite" the ignore from the global config.
thanks @mzuehlke then i'll do that. just a shame i'll have to check for changes in the default config for every new release of scala steward then :/
We should base this on the license instead, but I wasn't able to work on it. We should have a list of accepted licenses, which can be easily overriden in the local config.