fix(reporter): Add authors to concluded license in disclosure document #9600
Conversation
Include authors for package dependencies when both `concluded_license` and `authors` are curated, and ORT is configured with the `addAuthorsToCopyrights` option enabled. This ensures that package authors appear under the respective concluded license in the Disclosure Document. This behavior applies when the Scanner option `skipConcluded` is enabled, having the effect that the scan stage is skipped for the particular package dependency in this case. Fixes oss-review-toolkit#9599. Signed-off-by: Wolfgang Klenk <[email protected]>
|
You may notice that the added code block is just a duplication of a code block that can be found already in code in the same file that handles copyright locations for declared licenses. So what this fix does is to apply the same mechanisms now also for concluded licenses. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #9600 +/- ##
============================================
- Coverage 68.03% 67.91% -0.13%
Complexity 1285 1285
============================================
Files 249 249
Lines 8826 8842 +16
Branches 920 922 +2
============================================
Hits 6005 6005
- Misses 2432 2447 +15
- Partials 389 390 +1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
| @@ -83,6 +83,26 @@ class LicenseInfoResolver( | |||
| licenseInfo.concludedLicenseInfo.concludedLicense?.also { | |||
| originalExpressions += ResolvedOriginalExpression(expression = it, source = LicenseSource.CONCLUDED) | |||
| } | |||
|
|
|||
| licenseInfo.declaredLicenseInfo.authors.takeIf { it.isNotEmpty() && addAuthorsToCopyrights }?.also { | |||
There was a problem hiding this comment.
I'd like to understand better in which situation this is required. Is it when the concluded license contains licenses which are not present in the declared licenses?
| statement = statement, | ||
| location = UNDEFINED_TEXT_LOCATION, | ||
| matchingPathExcludes = emptyList() | ||
| ) |
There was a problem hiding this comment.
Please move this to a helper function to avoid the duplication.
Also cover this change in the LicenseInfoResolverTest (similar to the existing test "resolve copyrights from authors if enabled").
Include authors for package dependencies when both
concluded_licenseandauthorsare curated, and ORT is configured with theaddAuthorsToCopyrightsoption enabled. This ensures that package authors appear under the respective concluded license in the Disclosure Document.This behavior applies when the Scanner option
skipConcludedis enabled, having the effect that the scan stage is skipped for the particular package dependency in this case.Fixes #9599.