feat: add license check

[olexii4]

What does this PR do?

Add license check.

What issues does this PR fix?

fixes eclipse-che/che#23363

How to test this PR?

Does this PR contain changes that override default upstream Code-OSS behavior?

• the PR contains changes in the code folder (you can skip it if your changes are placed in a che extension )
• the corresponding items were added to the CHANGELOG.md file
• rules for automatic git rebase were added to the .rebase folder

[github-actions]

Click here to review and test in web IDE:

[github-actions]

Pull Request images published ✨

Editor amd64: quay.io/che-incubator-pull-requests/che-code:pr-527-amd64
Editor arm64: quay.io/che-incubator-pull-requests/che-code:pr-527-arm64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-527-dev-amd64

[vitaliy-guliy]

Honestly, I do not have the whole picture of what this PR does.

Could we instead of adding all those files, add only one GitHub action, that will be triggered by pushing to the main branch (or pull request)? The action should not block anything and its successful execution may be represented as a badge in the README file.

[olexii4]

Honestly, I do not have the whole picture of what this PR does.

Could we instead of adding all those files, add only one GitHub action, that will be triggered by pushing to the main branch (or pull request)? The action should not block anything and its successful execution may be represented as a badge in the README file.

@vitaliy-guliy We have some information here che-incubator/dash-licenses:

...
Update dependency info
The following command generates dependencies info of a project and then checks all found dependencies. It returns a non-zero exit code if any of them are restricted to use.

docker run --rm -t \
       -v ${PWD}/:/workspace/project  \
       quay.io/che-incubator/dash-licenses:next

As a result, this command creates the next files:

• prod.md with the list of production dependencies;
• dev.md which contains only build and test dependencies;
• problems.md will be created if some dependencies are not covered with CQ, unnecessary excludes present, etc.

Check dependencies
If you just need to verify that all dependencies satisfy IP requirements, use the --check flag, like the following

docker run --rm -t \
       -v ${PWD}/:/workspace/project  \
       quay.io/che-incubator/dash-licenses:next --check

So, this command doesn't create any new files in the project directory (except a temporary one) but checks if the dependencies info is up-to-date and then validates all found dependencies. It returns a non-zero exit code if any of the dependencies are restricted to use.
...

Files prod.md and dev.md include license information for libraries. for example:

Production dependencies

Packages	License	Resolved CQs
@vscode/sqlite3@5.1.8-vscode	BSD-3-Clause	clearlydefined
...

You can click a link with CQ and the next page will be opened

[github-actions]

Pull Request images published ✨

Editor amd64: quay.io/che-incubator-pull-requests/che-code:pr-527-amd64
Editor arm64: quay.io/che-incubator-pull-requests/che-code:pr-527-arm64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-527-dev-amd64

[github-actions]

Pull Request images published ✨

Editor amd64: quay.io/che-incubator-pull-requests/che-code:pr-527-amd64
Editor arm64: quay.io/che-incubator-pull-requests/che-code:pr-527-arm64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-527-dev-amd64

[RomanNikitenko]

@olexii4
I propose to add section that describes license check functionality to the readme file
you could take this comment as a basis #527 (comment)

[github-actions]

Pull Request images published ✨

Editor amd64: quay.io/che-incubator-pull-requests/che-code:pr-527-amd64
Editor arm64: quay.io/che-incubator-pull-requests/che-code:pr-527-arm64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-527-dev-amd64

[github-actions]

Pull Request images published ✨

Editor amd64: quay.io/che-incubator-pull-requests/che-code:pr-527-amd64
Editor arm64: quay.io/che-incubator-pull-requests/che-code:pr-527-arm64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-527-dev-amd64

[olexii4]

@olexii4 I propose to add section that describes license check functionality to the readme file you could take this comment as a basis #527 (comment)

@RomanNikitenko I have fixed it:

[github-actions]

Pull Request images published ✨

Editor amd64: quay.io/che-incubator-pull-requests/che-code:pr-527-amd64
Editor arm64: quay.io/che-incubator-pull-requests/che-code:pr-527-arm64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-527-dev-amd64

[github-actions]

Pull Request images published ✨

Editor amd64: quay.io/che-incubator-pull-requests/che-code:pr-527-amd64
Editor arm64: quay.io/che-incubator-pull-requests/che-code:pr-527-arm64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-527-dev-amd64

[github-actions]

Pull Request images published ✨

Editor amd64: quay.io/che-incubator-pull-requests/che-code:pr-527-amd64
Editor arm64: quay.io/che-incubator-pull-requests/che-code:pr-527-arm64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-527-dev-amd64

[github-actions]

Pull Request images published ✨

Editor amd64: quay.io/che-incubator-pull-requests/che-code:pr-527-amd64
Editor arm64: quay.io/che-incubator-pull-requests/che-code:pr-527-arm64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-527-dev-amd64

[RomanNikitenko]

@olexii4
ubi9-based build is failing, I created an issue for that problem eclipse-che/che#23424
#541 should fix the problem, waiting for the jobs...

[RomanNikitenko]

@olexii4
I've merged my fix, please fetch new changes from the main branch to fix che-code build in your PR

[vitaliy-guliy]

My first attempt of launching npm run license:generate has been failed.

I created a workspace from https://github.com/olexii4/che-code/tree/CHE-23363 and installed node dependencies. Then I added "comment-json": "4.2.5" dependency to che-api, installed dependency again and launched npm run license:generate command for che-api

[olexii4]

My first attempt of launching npm run license:generate has been failed.

I created a workspace from https://github.com/olexii4/che-code/tree/CHE-23363 and installed node dependencies. Then I added "comment-json": "4.2.5" dependency to che-api, installed dependency again and launched npm run license:generate command for che-api

@vitaliy-guliy I updated the thread. Please try again.

[olexii4]

@vitaliy-guliy I updated the thread. Please try again.

With the update podman doesn't even try to download the image

@olexii4 could you please update package-lock.json files for che-* extensions? This is what I have after installing node dependencies

$ git status
On branch CHE-23363
Your branch is up to date with 'origin/CHE-23363'.

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
        modified:   code/extensions/che-activity-tracker/package-lock.json
        modified:   code/extensions/che-api/package-lock.json
        modified:   code/extensions/che-commands/package-lock.json
        modified:   code/extensions/che-port/package-lock.json
        modified:   code/extensions/che-remote/package-lock.json
        modified:   code/extensions/che-resource-monitor/package-lock.json

no changes added to commit (use "git add" and/or "git commit -a")

@vitaliy-guliy Why should I do it in this PR? It is a separate issue that doesn't depend on my changes.

[vitaliy-guliy]

@olexii4 could you please update package-lock.json files for che-* extensions? This is what I have after installing node dependencies

$ git status
On branch CHE-23363
Your branch is up to date with 'origin/CHE-23363'.

Changes not staged for commit:
  (use "git add <file>..." to update what will be committed)
  (use "git restore <file>..." to discard changes in working directory)
        modified:   code/extensions/che-activity-tracker/package-lock.json
        modified:   code/extensions/che-api/package-lock.json
        modified:   code/extensions/che-commands/package-lock.json
        modified:   code/extensions/che-port/package-lock.json
        modified:   code/extensions/che-remote/package-lock.json
        modified:   code/extensions/che-resource-monitor/package-lock.json

no changes added to commit (use "git add" and/or "git commit -a")

@vitaliy-guliy Why should I do it in this PR? It is a separate issue that doesn't depend on my changes.

Ok, let's skip them as the changes are not related to this PR.

[olexii4]

[olexii4]

@vitaliy-guliy FYI: che-incubator/dash-licenses#26 was merged.

[vitaliy-guliy]

Let's merge this PR as it is.
In case of any issues, changes in this PR will not block creating and merging the pull requests and will not affect the main branch.

[github-actions]

Pull Request images published ✨

Editor amd64: quay.io/che-incubator-pull-requests/che-code:pr-527-amd64
Editor arm64: quay.io/che-incubator-pull-requests/che-code:pr-527-arm64
Dev image: quay.io/che-incubator-pull-requests/che-code-dev:pr-527-dev-amd64

[vitaliy-guliy]

@olexii4 thanks for the contribution!

[devspacesbuild]

Build 3.22 :: code_3.x/1597: Console, Changes, Git Data

[devspacesbuild]

Build 3.22 :: sync-to-downstream_3.x/9332: Console, Changes, Git Data

[devspacesbuild]

Build 3.22 :: get-sources-rhpkg-container-build_3.x/9480: Console, Changes, Git Data

[devspacesbuild]

Build 3.22 :: push-latest-container-to-quay_3.x/5176: Console, Changes, Git Data

[devspacesbuild]

Build 3.22 :: get-sources-rhpkg-container-build_3.x/9480:

code : 3.x :: Build 67663476 : quay.io/devspaces/code-rhel9:3.22-5
SUCCESS; copied to quay; /DS_CI/push-latest-container-to-quay_3.x/5176 triggered

[devspacesbuild]

Build 3.22 :: update-digests_3.x/9233: Console, Changes, Git Data

[devspacesbuild]

Build 3.22 :: code_3.x/1597:

Upstream sync done; /DS_CI/sync-to-downstream_3.x/9332 triggered

[devspacesbuild]

Build 3.22 :: operator-bundle_3.x/4909: Console, Changes, Git Data

[devspacesbuild]

Build 3.22 :: sync-to-downstream_3.x/9333: Console, Changes, Git Data

[devspacesbuild]

Build 3.22 :: get-sources-rhpkg-container-build_3.x/9481: Console, Changes, Git Data

[devspacesbuild]

Build 3.22 :: push-latest-container-to-quay_3.x/5177: Console, Changes, Git Data

[devspacesbuild]

Build 3.22 :: copyIIBsToQuay/2999: Console, Changes, Git Data

[devspacesbuild]

Build 3.22 :: get-sources-rhpkg-container-build_3.x/9481:

devspaces-operator-bundle : 3.x :: Build 67665664 : quay.io/devspaces/devspaces-operator-bundle:3.22-13
SUCCESS; copied to quay; /DS_CI/push-latest-container-to-quay_3.x/5177 triggered;

Bundle CSV related images:
- quay.io/devspaces-tech-preview/idea-rhel9:
- quay.io/devspaces-tech-preview/jetbrains-ide-rhel9:
- quay.io/devspaces/code-rhel9:3.22-5
- quay.io/devspaces/configbump-rhel9:3.22-2
- quay.io/devspaces/dashboard-rhel9:3.22-7
- quay.io/devspaces/devspaces-rhel9-operator:3.22-2
- quay.io/devspaces/pluginregistry-rhel9:3.22-2
- quay.io/devspaces/server-rhel9:3.22-5
- quay.io/devspaces/traefik-rhel9:3.22-1
- quay.io/devspaces/udi-rhel9:3.22-3
= registry.redhat.io/openshift4/ose-kube-rbac-proxy:v4.14.0-202504220036.p0.gb8b8259.assembly.stream.el8
= registry.redhat.io/openshift4/ose-oauth-proxy:v4.14.0-202504220036.p0.ga4a2f27.assembly.stream.el8
= registry.redhat.io/ubi8/ubi-minimal:8.8-1072.1697626218

[devspacesbuild]

Build 3.22 :: sync-to-downstream_3.x/9333:

Build container: devspaces-operator-bundle synced; /DS_CI/get-sources-rhpkg-container-build_3.x/9481 triggered; /job/DS_CI/job/dsc_3.x triggered;

[devspacesbuild]

Build 3.22 :: operator-bundle_3.x/4909:

Upstream sync done; /DS_CI/sync-to-downstream_3.x/9333 triggered

[devspacesbuild]

Build 3.22 :: dsc_3.x/2054: Console, Changes, Git Data

[devspacesbuild]

Build 3.22 :: update-digests_3.x/9233:

Detected new images: rebuild operator-bundle
* code; /DS_CI/operator-bundle_3.x/4909 triggered

[devspacesbuild]

Build 3.22 :: dsc_3.x/2054:

3.22.0-CI