Merge main and fix conflicts

Signed-off-by: tdruez <[email protected]>

Author: tdruez

.github/workflows/generate-sboms.yml

@@ -0,0 +1,39 @@
+name: Generate SBOMS
+
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - "v*.*.*"
+
+env:
+  INPUTS_PATH: scancode-inputs
+
+jobs:
+  generate-sboms:
+    runs-on: ubuntu-24.04
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Ensure INPUTS_PATH directory exists
+        run: mkdir -p "${{ env.INPUTS_PATH }}"
+
+      - name: Build the Docker image from local Dockerfile
+        run: docker build -t local-image .
+
+      - name: Run pip freeze inside the built Docker container
+        run: docker run --rm local-image pip freeze --all --exclude scancodeio > "${{ env.INPUTS_PATH }}/requirements.txt"
+
+      - name: Collect all .ABOUT files in the scancodeio/ directory
+        run: |
+          mkdir -p "${{ env.INPUTS_PATH }}/about-files"
+          find scancodeio/ -type f -name "*.ABOUT" -exec cp {} "${{ env.INPUTS_PATH }}/about-files/" \;
+
+      - name: Resolve the dependencies using ScanCode-action
+        uses: nexB/scancode-action@main
+        with:
+          pipelines: "resolve_dependencies:DynamicResolver"
+          inputs-path: ${{ env.INPUTS_PATH }}
+          scancodeio-repo-branch: main

CHANGELOG.rst

@@ -1,8 +1,19 @@
 Changelog
 =========
 
-v34.9.6 (unreleased)
---------------------
+v34.10.1 (unreleased)
+---------------------
+
+- Convert the ``declared_license`` field value return by ``python-inspector`` in
+  ``resolve_pypi_packages``.
+  Resolving requirements.txt files will now return proper license data.
+  https://github.com/aboutcode-org/scancode.io/issues/1598
+
+- Add support for installing on Apple Silicon (macOS ARM64) in dev mode.
+  https://github.com/aboutcode-org/scancode.io/pull/1646
+
+v34.10.0 (2025-03-21)
+---------------------
 
 - Rename the ``docker``, ``docker_windows``, and ``root_filesystem`` modules to
   ``analyze_docker``, ``analyze_docker_windows``, and ``analyze_root_filesystem``
@@ -17,6 +28,21 @@ v34.9.6 (unreleased)
   * Add a new chapter dedicated to Webhooks management in the documentation
   * Add support for custom payload dedicated to Slack webhooks
 
+- Upgrade Bulma CSS library to version 1.0.2
+  https://github.com/aboutcode-org/scancode.io/pull/1268
+
+- Disable the creation of the global webhook in the ``batch-create`` command by default.
+  The global webhook can be created by providing the ``--create-global-webhook`` option.
+  A ``--no-global-webhook`` option was also added to the ``create-project`` command to
+  provide the ability to skip the global webhook creation.
+  https://github.com/aboutcode-org/scancode.io/pull/1629
+
+- Add support for "Permission denied" file access in make_codebase_resource.
+  https://github.com/aboutcode-org/scancode.io/issues/1630
+
+- Refine the ``scan_single_package`` pipeline to work on git fetched inputs.
+  https://github.com/aboutcode-org/scancode.io/issues/1376
+
 v34.9.5 (2025-02-19)
 --------------------
 

Makefile

@@ -26,6 +26,7 @@ VENV_LOCATION=.venv
 ACTIVATE?=. ${VENV_LOCATION}/bin/activate;
 MANAGE=${VENV_LOCATION}/bin/python manage.py
 VIRTUALENV_PYZ=etc/thirdparty/virtualenv.pyz
+PIP_ARGS=--find-links=./etc/thirdparty/dummy_dist
 # Do not depend on Python to generate the SECRET_KEY
 GET_SECRET_KEY=`head -c50 /dev/urandom | base64 | head -c50`
 # Customize with `$ make envfile ENV_FILE=/etc/scancodeio/.env`
@@ -51,11 +52,11 @@ virtualenv:
 
 conf: virtualenv
 	@echo "-> Install dependencies"
-	@${ACTIVATE} pip install -e .
+	@${ACTIVATE} pip install ${PIP_ARGS} --editable .
 
 dev: virtualenv
 	@echo "-> Configure and install development dependencies"
-	@${ACTIVATE} pip install -e .[dev]
+	@${ACTIVATE} pip install ${PIP_ARGS} --editable .[dev]
 
 envfile:
 	@echo "-> Create the .env file and generate a secret key"
@@ -79,6 +80,12 @@ check:
 	@echo "-> Run Ruff format validation"
 	@${ACTIVATE} ruff format --check
 	@$(MAKE) doc8
+	@echo "-> Run ABOUT files validation"
+	@${ACTIVATE} about check etc/thirdparty/
+	@${ACTIVATE} about check scancodeio/
+	# Needs a --exclude scanpipe/tests/ argument
+	# https://github.com/aboutcode-org/aboutcode-toolkit/issues/583
+	# @${ACTIVATE} about check scanpipe/
 
 check-deploy:
 	@echo "-> Check Django deployment settings"

RELEASE.md

@@ -9,7 +9,7 @@
   - `CHANGELOG.rst` (set date)
 - Commit and push this branch
 - Create a PR and merge once approved
-- Tag and push that tag. This will triggers the `pypi-release.yml` GitHub workflow that 
+- Tag and push that tag. This will trigger the `pypi-release.yml` GitHub workflow that 
   takes care of building the dist release files and upload those to pypi:
   ```
   VERSION=vx.x.x  # <- Set the new version here

docs/command-line-interface.rst

@@ -105,6 +105,9 @@ Optional arguments:
 
 - ``--pipeline PIPELINES`` Pipelines names to add on the project.
 
+.. warning::
+    Pipelines are added and are executed in order.
+
 .. tip::
     Use the "pipeline_name:option1,option2" syntax to select optional steps:
 
@@ -137,8 +140,8 @@ Optional arguments:
   of running in the current thread.
   Applies only when ``--execute`` is provided.
 
-.. warning::
-    Pipelines are added and are executed in order.
+- ``--no-global-webhook`` Skip the creation of the global webhook. This option is
+  only useful if a global webhook is defined in the settings.
 
 .. _cli_batch_create:
 
@@ -196,6 +199,9 @@ Optional arguments:
   of running in the current thread.
   Applies only when ``--execute`` is provided.
 
+- ``--create-global-webhook`` Create the global webhook for each project, if enabled in
+  the settings. If not provided, the global webhook subscriptions are not created.
+
 Example: Processing Multiple Docker Images
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 

etc/thirdparty/dummy_dist/README.txt

@@ -0,0 +1,24 @@
+Dummy Wheel Distributions for Apple Silicon (macOS ARM64)
+=========================================================
+
+Overview
+--------
+This directory provides **empty wheel distributions** designed as a workaround to
+allow the installation of `ScanCode.io` on **Apple Silicon (macOS ARM64)** platforms.
+
+The issue arises because certain required packages, such as `extractcode-7z`, do not
+offer pre-built wheels compatible with Apple Silicon.
+Consequently, `pip` encounters dependency resolution errors during installation.
+
+Purpose
+-------
+The dummy wheels in this project serve as placeholders. These wheels:
+- **Contain no functionality** and are completely empty.
+- Allow `pip` to resolve dependencies correctly by tricking it into treating the
+  required package as already installed.
+
+Caution
+-------
+These dummy wheels **do not provide any actual functionality**.
+They only exist to bypass `pip` dependency resolution issues and allow `ScanCode.io`
+to be installed on Apple Silicon.