[Fix CI] Improve license parsing in ddev validation (#22559)

dkirov-dd · web-flow · commit f3e67530ab47 · 2026-02-06T13:55:41.000Z
* Improve license parsing * Add changelog * fix(licenses): Fix validation of SPDX identifiers containing -or- and -and- - Update _OP_SPLIT regex to use negative lookbehind/lookahead assertions - Prevent matching "-or-" or "-and-" inside identifiers like "GPL-2.0-or-later" - Fix fallback logic to check per-chunk instead of entire parts list - Ensure all license identifiers are extracted from compound expressions Rationale: The _OP_SPLIT regex was incorrectly splitting SPDX identifiers like GPL-2.0-or-later into fragments (GPL-2.0- and -later) because \bOR\b with re.IGNORECASE matched the lowercase "or" between hyphens. This caused valid licenses with -or-later or -and- segments to be rejected by ddev validate licenses. Additionally, the fallback logic bug prevented proper extraction of multiple license identifiers from compound expressions, resulting in only the first identifier being extracted. This commit made by [/dd:git:commit:atomic](https://github.com/DataDog/claude-marketplace/tree/main/dd/commands/git/commit/atomic.md) * Add type hint to parts * fix(licenses): Remove comma as a separator in license expressions - Remove comma from _OP_SPLIT regex separator list - Fixes incorrect splitting of license names containing commas - Addresses validation failures for licenses like "Apache License, Version 2.0" Rationale: Commas are not part of the SPDX expression syntax (only AND, OR, and WITH are valid operators). When commas appear in license strings, they are part of the license name itself, not expression separators. The previous implementation incorrectly split "Apache License, Version 2.0" into ["Apache License", "Version 2.0"], causing validation failures. This commit made by [/dd:git:commit:atomic](https://github.com/DataDog/claude-marketplace/tree/main/dd/commands/git/commit/atomic.md)
diff --git a/ddev/changelog.d/22559.fixed b/ddev/changelog.d/22559.fixed
@@ -0,0 +1 @@
+Improve license parsing in validation
diff --git a/ddev/src/ddev/cli/validate/licenses.py b/ddev/src/ddev/cli/validate/licenses.py
@@ -3,13 +3,22 @@
 # Licensed under a 3-clause BSD style license (see LICENSE)
 from __future__ import annotations
 
+import re
 from typing import TYPE_CHECKING
 
 import click
 
 if TYPE_CHECKING:
     from ddev.cli.application import Application
 
+# Split license expressions on operators (AND, OR, and/or) and separators (/, +).
+# Use negative lookbehind (?<!-) and lookahead (?!-) to avoid matching "-or-" or "-and-"
+# inside SPDX identifiers like "GPL-2.0-or-later" or "LGPL-2.1-or-later".
+_OP_SPLIT = re.compile(r'\s*(?:(?<!-)\b(?:AND|OR)\b(?!-)|/|\+|\band/or\b)\s*', re.IGNORECASE)
+# SPDX ids are typically: letters/digits plus . + -
+# and may appear as LicenseRef-* / DocumentRef-*:LicenseRef-*
+_ID = re.compile(r"(DocumentRef-[A-Za-z0-9.+-]+:)?LicenseRef-[A-Za-z0-9.+-]+|[A-Za-z0-9.+-]+")
+
 
 def format_attribution_line(package_name, license_id, package_copyright):
     if ',' in package_copyright:
@@ -330,6 +339,33 @@ def read_file_lines(file, encoding='utf-8'):
         return f.readlines()
 
 
+def split_license_expression_simple(expr: str) -> list[str]:
+    # Normalize parens to spaces
+    expr = expr.replace("(", " ").replace(")", " ")
+
+    parts: list[str] = []
+    for chunk in _OP_SPLIT.split(expr):
+        chunk = chunk.strip()
+        if not chunk:
+            continue
+
+        # Handle "WITH" exceptions by taking the left side license id.
+        chunk = re.split(r"\s+\bWITH\b\s+", chunk, flags=re.IGNORECASE)[0].strip()
+
+        # Extract tokens; keep ones that look like SPDX-ish ids
+        chunk_start_len = len(parts)
+        for token in _ID.findall(chunk):
+            if token:
+                parts.append(token if isinstance(token, str) else token[0])
+        if len(parts) == chunk_start_len:
+            # If we couldn't extract any ID from this chunk, try to use the whole chunk
+            # as a fallback, stripping any remaining noise.
+            fallback = re.sub(r'\s+', ' ', chunk).strip()
+            if fallback:
+                parts.append(fallback)
+    return parts
+
+
 @click.command(short_help='Validate third-party license list')
 @click.option('--sync', '-s', is_flag=True, help='Generate the `LICENSE-3rdparty.csv` file')
 @click.pass_obj
@@ -420,13 +456,7 @@ def licenses(app: Application, sync: bool):
         for package_license in data['licenses']:
             package_license = package_license.strip('"')
 
-            expanded_licenses = []
-            for separator in (' and/or ', '/', ' OR ', ' or '):
-                if separator in package_license:
-                    expanded_licenses.extend(package_license.split(separator))
-                    break
-            else:
-                expanded_licenses.append(package_license)
+            expanded_licenses = split_license_expression_simple(package_license)
 
             for expanded_license in expanded_licenses:
                 normalized_license = expanded_license.lower()
