Added copyright check and whitespaces check

.devcontainer/ubuntu-22.04/devcontainer.json

@@ -1,7 +1,7 @@
 {
     "name": "Ubuntu-23.04",
     "build": { "dockerfile": "Dockerfile" },
-  
+
     "customizations": {
       "vscode": {
         "extensions": [

.github/markdownlint.jsonc

@@ -8,4 +8,4 @@
   "MD025": false,
   "MD034": false,
   "MD041": false
-}
+}

.github/workflows/check-copyright.yml

@@ -0,0 +1,36 @@
+name: check copyright
+on:
+  pull_request:
+    paths:
+      - '.github/workflows/check-copyright.yml'
+      - '.pre-commit-config.yaml'
+      - 'scripts/check_copyright_notice.py'
+      - '**/*.go'
+      - '!**/docs/**/*'
+      - '!**/*.md'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+jobs:
+  copyright:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout devtools
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Check copyright notice
+        run: |
+          pip install \
+            pre-commit \
+            comment-parser>=1.2.3
+          pre-commit run --all-files

.github/workflows/test.yml

@@ -2,7 +2,7 @@ name: Test
 
 on:
   workflow_dispatch:
-  push: 
+  push:
     branches: [main]
   pull_request:
     paths:
@@ -165,7 +165,7 @@ jobs:
         if: always()
         run: |
           go-junit-report -set-exit-code -in build/cpackgettests-${{ matrix.goos }}-amd64.txt -iocopy -out build/cpackget-testreport-${{ matrix.goos }}-amd64.xml
- 
+
       - name: Publish coverage report to Code Climate
         if: ${{ startsWith(matrix.runs-on, 'ubuntu') && (github.workflow != 'Release') }}
         uses: paambaati/codeclimate-action@f429536ee076d758a24705203199548125a28ca7 # v9.0.0
@@ -191,10 +191,10 @@ jobs:
         uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
         with:
           egress-policy: audit
-  
+
       - name: Check out repository code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-  
+
       - name: Install linux deps
         run: |
           sudo apt-get update
@@ -227,7 +227,7 @@ jobs:
         if: always()
         run: |
           go-junit-report -set-exit-code -in build/cpackgettests-linux-arm64.txt -iocopy -out build/cpackget-testreport-linux-arm64.xml
-  
+
       - name: Archive unit test results
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:

.github/workflows/tpip-check.yml

@@ -46,7 +46,7 @@ jobs:
         run:  |
           go-licenses report . --ignore github.com/Open-CMSIS-Pack/cpackget --template ../scripts/template/tpip-license.template > ../${{ env.report_name }}
         working-directory: ./cmd
-        
+
       - name: Archive tpip report
         uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
@@ -97,4 +97,3 @@ jobs:
           delete-branch: true
           labels: TPIP
           reviewers: soumeh01
-

.pre-commit-config.yaml

@@ -0,0 +1,19 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.5.0
+  hooks:
+    - id: end-of-file-fixer
+      name: Fix end of files
+      description: Ensures files end with a newline
+    - id: trailing-whitespace
+      name: Check for trailing whitespace
+      description: Fails and fix files with trailing whitespace
+
+- repo: local
+  hooks:
+    - id: check-copyright-notice
+      name: Check for copyright notice
+      description: Ensures source files include a copyright notice
+      entry: python3 scripts/check_copyright_notice.py
+      language: system
+      types: [go]

CHANGELOG.md

@@ -9,7 +9,7 @@ Bug fixes:
 - If PDSC file is no longer listed in index.pidx, it shall be removed from .Web folder
 - touch pack.idx after init command
 - refined --skip-touch option
-  
+
 New features:
 
 - update-index: added option "-a" to download all missing PDSC files that are listed in index.pidx
@@ -32,7 +32,7 @@ Bug fixes:
 - cpackget add -f packlist.txt throws an error when the file is empty
 - Installing a local pack that does not exist triggers error message twice
 - add -f packs.txt: does not check if the required/dependent pack is installed already
-  
+
 New features:
 
 - added --skip-touch flag to not touch pack.idx

SECURITY.md

@@ -1,3 +1,3 @@
-# Security  
+# Security
 
 For reporting security issues, please follow the official guidelines outlined in [SECURITY.md](https://github.com/Open-CMSIS-Pack/cmsis-toolbox/blob/main/SECURITY.md).

cmd/cryptography/checksum.go

@@ -1,3 +1,6 @@
+/* SPDX-License-Identifier: Apache-2.0 */
+/* Copyright Contributors to the cpackget project. */
+
 package cryptography
 
 import (

cmd/cryptography/signature.go

@@ -1,3 +1,6 @@
+/* SPDX-License-Identifier: Apache-2.0 */
+/* Copyright Contributors to the cpackget project. */
+
 package cryptography
 
 import (

cmd/cryptography/utils.go

@@ -1,3 +1,6 @@
+/* SPDX-License-Identifier: Apache-2.0 */
+/* Copyright Contributors to the cpackget project. */
+
 package cryptography
 
 import (

scripts/check_copyright_notice.py

@@ -0,0 +1,83 @@
+# -------------------------------------------------------
+# SPDX-License-Identifier: Apache-2.0
+# Copyright Contributors to the cpackget project.
+# -------------------------------------------------------
+
+"""
+Checks the presence of copyright notice in the files
+"""
+
+from typing import Optional, Sequence
+import argparse
+import os
+import sys
+import magic
+from comment_parser import comment_parser
+
+COPYRIGHT_TEXT = "Copyright Contributors to the cpackget project."
+LICENSE_TEXT = "SPDX-License-Identifier: Apache-2.0"
+
+def check_file(filename: str) -> int:
+    """
+    Checks a file for the presence of fixed copyright and license notices.
+    Args:
+        filename: The name of the file to check.
+    Returns:
+        0 if both copyright and license are found, 1 otherwise.
+    """
+    if os.path.getsize(filename) == 0:
+        return 0
+
+    try:
+        mime_type = magic.from_file(filename, mime=True)
+    except Exception as e:
+        print(f"# Error reading MIME type of {filename}: {e}")
+        return 1
+
+    if mime_type == "text/plain":
+        mime_type = "text/x-c++"
+
+    try:
+        comments = "\n".join(comment.text() for comment in comment_parser.extract_comments(filename, mime=mime_type))
+    except Exception as e:
+        print(f"# Failed to parse comments in {filename}: {e}")
+        return 1
+
+    copyright_found = COPYRIGHT_TEXT in comments
+    license_found = LICENSE_TEXT in comments
+
+    if copyright_found and license_found:
+        return 0
+
+    print(f"# Copyright check error(s) in: {filename}")
+    if not copyright_found:
+        print(f"\t# Missing or invalid copyright. Expected: {COPYRIGHT_TEXT}")
+    if not license_found:
+        print(f"\t# Missing or invalid license. Expected: {LICENSE_TEXT}")
+    return 1
+
+def main(argv: Optional[Sequence[str]] = None) -> int:
+    """
+    Entry point to check for copyright notices in the provided files.
+    Args:
+        argv: A list of filenames.
+    Returns:
+        Non-zero if any file is missing the required notice.
+    """
+    parser = argparse.ArgumentParser(description="Check for fixed copyright and license headers.")
+    parser.add_argument('filenames', nargs='*', help='Files to check.')
+    args = parser.parse_args(argv)
+
+    print("Checking copyright headers...")
+    ret = 0
+
+    for filename in args.filenames:
+        ret |= check_file(filename)
+
+    if ret != 0:
+        print(">> error: One or more files are missing a valid copyright or license header")
+
+    return ret
+
+if __name__ == '__main__':
+    sys.exit(main())

scripts/template/tpip-license.template

@@ -6,4 +6,4 @@
 | {{ .Name }} | {{ .Version }}  | [{{ .LicenseName }}]({{ .LicenseURL }}) |
 {{- end }}
 
-Report generated and repository checked for [forbidden](https://github.com/google/licenseclassifier/blob/842c0d70d7027215932deb13801890992c9ba364/license_type.go#L323) and [restricted](https://github.com/google/licenseclassifier/blob/842c0d70d7027215932deb13801890992c9ba364/license_type.go#L176) licenses.
+Report generated and repository checked for [forbidden](https://github.com/google/licenseclassifier/blob/842c0d70d7027215932deb13801890992c9ba364/license_type.go#L323) and [restricted](https://github.com/google/licenseclassifier/blob/842c0d70d7027215932deb13801890992c9ba364/license_type.go#L176) licenses.

scripts/test-public-index

@@ -1,5 +1,5 @@
 #!/bin/bash
-	
+
 echo "Attempting to install all publicly available packs found in www.keil.com/pack/keil.vidx"
 echo "Warning: this should only be used from time to time (possibly before releases) because it'll download dozens of GB of files"
 

testdata/NewTimestamp.pidx

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8" ?> 
+<?xml version="1.0" encoding="UTF-8" ?>
 <index schemaVersion="1.1.0" xs:noNamespaceSchemaLocation="PackIndex.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance">
 <vendor>Keil</vendor>
 <url>https://www.keil.com/pack/</url>

testdata/OldTimestamp.pidx

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8" ?> 
+<?xml version="1.0" encoding="UTF-8" ?>
 <index schemaVersion="1.1.0" xs:noNamespaceSchemaLocation="PackIndex.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance">
 <vendor>Keil</vendor>
 <url>https://www.keil.com/pack/</url>

testdata/PackIndex.xsd

@@ -1,22 +1,22 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!-- 
- 
+<!--
+
   Copyright (c) 2013-2017 ARM Limited. All rights reserved.
- 
+
   SPDX-License-Identifier: Apache-2.0
- 
+
   Licensed under the Apache License, Version 2.0 (the License); you may
   not use this file except in compliance with the License.
   You may obtain a copy of the License at
- 
+
   http://www.apache.org/licenses/LICENSE-2.0
- 
+
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an AS IS BASIS, WITHOUT
   WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
- 
+
   $Date:        23. Januar 2017
   $Revision:    1.1.0
 
@@ -29,7 +29,7 @@
 
 <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="qualified" version="1.1.0">
 
-  <!-- semantic versioning (semver.org) <major>.<minor>.<patch>-<quality> --> 
+  <!-- semantic versioning (semver.org) <major>.<minor>.<patch>-<quality> -->
   <xs:simpleType name="SemanticVersionType">
     <xs:restriction  base="xs:string">
       <!--               <major>         . <minor>        . <patch>        - <quality>                                                                                       + <build meta info>               -->

testdata/integration/EmptyPublicIndex.pidx

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8" ?> 
+<?xml version="1.0" encoding="UTF-8" ?>
 <index schemaVersion="1.1.0" xs:noNamespaceSchemaLocation="PackIndex.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance">
 <vendor>TheVendor</vendor>
 <url>http://the.vendor/</url>

testdata/integration/SamplePublicIndex.pidx

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8" ?> 
+<?xml version="1.0" encoding="UTF-8" ?>
 <index schemaVersion="1.1.0" xs:noNamespaceSchemaLocation="PackIndex.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance">
 <vendor>TheVendor</vendor>
 <url>http://the.vendor/</url>

testdata/integration/concurrent/SamplePublicIndex.pidx

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8" ?> 
+<?xml version="1.0" encoding="UTF-8" ?>
 <index schemaVersion="1.1.0" xs:noNamespaceSchemaLocation="PackIndex.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance">
 <vendor>TheVendor</vendor>
 <url>http://the.vendor/</url>

testdata/integration/public_index/index.pidx

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8" ?> 
+<?xml version="1.0" encoding="UTF-8" ?>
 <index schemaVersion="1.1.0" xs:noNamespaceSchemaLocation="PackIndex.xsd" xmlns:xs="http://www.w3.org/2001/XMLSchema-instance">
 <vendor>Keil</vendor>
 <url></url>

testdata/utils/test-listfile

@@ -1,2 +1,2 @@
 pack1
-pack2
+pack2

third_party_licenses.md

@@ -39,4 +39,4 @@
 | golang.org/x/text | v0.25.0  | [BSD-3-Clause](https://cs.opensource.google/go/x/text/+/v0.25.0:LICENSE) |
 | gopkg.in/yaml.v3 | v3.0.1  | [MIT](https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE) |
 
-Report generated and repository checked for [forbidden](https://github.com/google/licenseclassifier/blob/842c0d70d7027215932deb13801890992c9ba364/license_type.go#L323) and [restricted](https://github.com/google/licenseclassifier/blob/842c0d70d7027215932deb13801890992c9ba364/license_type.go#L176) licenses.
+Report generated and repository checked for [forbidden](https://github.com/google/licenseclassifier/blob/842c0d70d7027215932deb13801890992c9ba364/license_type.go#L323) and [restricted](https://github.com/google/licenseclassifier/blob/842c0d70d7027215932deb13801890992c9ba364/license_type.go#L176) licenses.