v0.4.0 Release still testing automatic workflow

joenaess · joenaess · commit 505a51d92be7 · 2026-02-05T10:55:28.000+01:00
diff --git a/.github/workflows/self-test.yml b/.github/workflows/self-test.yml
@@ -0,0 +1,16 @@
+name: Toolkit Quality Check
+on: [push, pull_request]
+
+jobs:
+  quality:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v5
+
+      - name: Lint with Ruff
+        run: uvx ruff check .
+
+      - name: Run Unit Tests
+        # ..-tell uv to run pytest, which will automatically find our tests
+        run: uv run pytest tests/
diff --git a/.github/workflows/toolkit-ci.yml b/.github/workflows/toolkit-ci.yml
@@ -0,0 +1,7 @@
+lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: astral-sh/setup-uv@v5
+      - name: Lint with Ruff
+        run: uvx ruff check .
diff --git a/compliance_tool.py b/compliance_tool.py
@@ -2,93 +2,72 @@
 # requires-python = ">=3.11"
 # dependencies = [
 #     "scancode-toolkit",
-#     "requests",
 # ]
 # ///
 
 import json
 import subprocess
 import sys
-import os
-from datetime import datetime
+from pathlib import Path
 
-# A more robust mapping of license text templates
-# In a production org, you'd pull these from https://opensource.org/licenses/
-LICENSE_MAP = {
-    "MIT": "https://opensource.org/licenses/MIT",
-    "Apache-2.0": "https://opensource.org/licenses/Apache-2.0",
-    "GPL-3.0": "https://opensource.org/licenses/GPL-3.0",
-    "AGPL-3.0": "https://opensource.org/licenses/AGPL-3.0",
-}
-
-def get_full_license_text(license_id, holder):
+def evaluate_compliance(detected_licenses):
     """
-    In a real scenario, you'd have these files in your 'compliance-toolkit' repo.
-    For this script, we generate a placeholder header.
+    Pure logic: Takes a list of licenses and returns (recommendation, commercial_allowed, blockers).
     """
-    year = datetime.now().year
-    return f"FULL LICENSE TEXT FOR {license_id}\nCopyright (c) {year} {holder}\n\n[Standard {license_id} terms apply...]"
+    recommendation = "Apache-2.0"
+    commercial_allowed = True
+    blockers = []
 
-def run_scan(target):
-    print("🚀 Scanning dependencies...")
-    subprocess.run(["scancode", "-l", "--json-pp", "results.json", target], check=True, capture_output=True)
+    # Normalize to lowercase for easier matching
+    normalized = [l.lower() for l in detected_licenses]
 
-def analyze():
-    with open("results.json") as f:
-        data = json.load(f)
+    # Check for Viral/Strong Copyleft (AGPL/GPL)
+    if any("agpl" in l for l in normalized):
+        recommendation = "AGPL-3.0"
+        commercial_allowed = False
+    elif any("gpl" in l for l in normalized):
+        recommendation = "GPL-3.0"
+        commercial_allowed = False
+        
+    # Collect blockers for commercial release
+    if not commercial_allowed:
+        blockers = [l for l in detected_licenses if any(v in l.lower() for v in ["gpl", "agpl"])]
 
-    detected = set()
-    hindering_commercial = []
-    
-    for file in data.get('files', []):
-        for entry in file.get('license_expressions', []):
-            lic = entry.lower()
-            detected.add(entry)
-            # Check for commercial blockers
-            if any(viral in lic for viral in ["gpl", "osl", "cpal"]):
-                hindering_commercial.append(f"{file['path']} ({entry})")
+    return recommendation, commercial_allowed, blockers
 
-    return detected, hindering_commercial
+def run_scancode(target_path):
+    """Runs the actual shell command to scan the project."""
+    output_file = "results.json"
+    subprocess.run(
+        ["scancode", "-l", "--json-pp", output_file, target_path],
+        check=True, capture_output=True
+    )
+    return output_file
 
 def main():
     target = sys.argv[1] if len(sys.argv) > 1 else "."
     apply_fix = "--apply" in sys.argv
-    org_name = "Your Organization Name"
 
-    run_scan(target)
-    detected, blockers = analyze()
+    # 1. Scan
+    results_path = run_scancode(target)
+    
+    # 2. Parse
+    with open(results_path) as f:
+        data = json.load(f)
+    
+    detected = set()
+    for file in data.get('files', []):
+        for entry in file.get('license_expressions', []):
+            detected.add(entry)
 
-    print("\n" + "="*50)
-    print("⚖️  OPEN SOURCE COMPLIANCE ANALYSIS")
-    print("="*50)
+    # 3. Evaluate
+    rec, comm_ok, blockers = evaluate_compliance(list(detected))
 
-    # 1. Commercial Viability Check
+    # 4. Output (simplified for brevity)
+    print(f"Recommended License: {rec}")
+    print(f"Commercial Release Possible: {comm_ok}")
     if blockers:
-        print("\n❌ COMMERCIAL RELEASE: NOT RECOMMENDED")
-        print("The following dependencies have 'Viral' licenses that require your code to be Open Source:")
-        for b in set(blockers[:5]): # Show first 5
-            print(f"  - {b}")
-    else:
-        print("\n✅ COMMERCIAL RELEASE: POSSIBLE")
-        print("All dependencies are permissive. You can release this commercially.")
-
-    # 2. Recommendation Logic
-    recommendation = "Apache-2.0" # Default
-    if any("agpl" in l.lower() for l in detected):
-        recommendation = "AGPL-3.0"
-    elif any("gpl" in l.lower() for l in detected):
-        recommendation = "GPL-3.0"
-
-    print(f"\n💡 RECOMMENDED OPEN SOURCE LICENSE: {recommendation}")
-    
-    # 3. Apply the license file
-    if apply_fix:
-        text = get_full_license_text(recommendation, org_name)
-        with open("LICENSE", "w") as f:
-            f.write(text)
-        print(f"\n💾 SUCCESS: Created LICENSE file ({recommendation})")
-    else:
-        print("\n👉 Run with '--apply' to automatically create the LICENSE file.")
+        print(f"Blockers: {', '.join(blockers)}")
 
 if __name__ == "__main__":
     main()
diff --git a/pyproject.toml b/pyproject.toml
@@ -0,0 +1,7 @@
+[tool.ruff]
+line-length = 100
+target-version = "py311"
+
+[tool.ruff.lint]
+select = ["E", "F", "I"] # Error, Pyflakes, Isort (sorting imports)
+ignore = []
diff --git a/tests/test_compliance.py b/tests/test_compliance.py
@@ -0,0 +1,21 @@
+from compliance_tool import evaluate_compliance
+
+def test_permissive_licenses():
+    # Scenario: Project only uses MIT and BSD
+    rec, comm_ok, blockers = evaluate_compliance(["MIT", "BSD-3-Clause"])
+    assert rec == "Apache-2.0"
+    assert comm_ok is True
+    assert len(blockers) == 0
+
+def test_agpl_blocker():
+    # Scenario: Project uses an AGPL library
+    rec, comm_ok, blockers = evaluate_compliance(["MIT", "AGPL-3.0-only"])
+    assert rec == "AGPL-3.0"
+    assert comm_ok is False
+    assert "AGPL-3.0-only" in blockers
+
+def test_gpl_blocker():
+    # Scenario: Project uses GPL
+    rec, comm_ok, blockers = evaluate_compliance(["GPL-2.0-or-later"])
+    assert rec == "GPL-3.0"
+    assert comm_ok is False
diff --git a/tests/test_recommender.py b/tests/test_recommender.py
@@ -0,0 +1,19 @@
+import pytest
+from compliance_tool import determine_recommendation
+
+def test_recommends_agpl_when_present():
+    detected = ["MIT", "AGPL-3.0-or-later"]
+    rec, commercial_allowed = determine_recommendation(detected)
+    assert rec == "AGPL-3.0"
+    assert commercial_allowed is False
+
+def test_recommends_apache_for_permissive():
+    detected = ["MIT", "BSD-3-Clause"]
+    rec, commercial_allowed = determine_recommendation(detected)
+    assert rec == "Apache-2.0"
+    assert commercial_allowed is True
+
+def test_hindering_licenses_list():
+    # Test that GPL correctly identifies as a commercial blocker
+    blockers = [l for l in ["GPL-3.0", "MIT"] if "gpl" in l.lower()]
+    assert len(blockers) == 1
