Füge Lizenzberichterstattung und SBOM-Generierung für example_app hinzu

tragisch · tragisch · commit 2e6b629d6c64 · 2026-02-10T21:54:30.000+01:00
diff --git a/apps/example_app/BUILD b/apps/example_app/BUILD
@@ -1,5 +1,6 @@
 load("@rules_cc//cc:cc_binary.bzl", "cc_binary")
 load("//tools:c_copts.bzl", "C_COPTS")
+load("//tools/license:license_report.bzl", "generate_sbom", "license_report", "license_summary")
 
 cc_binary(
     name = "example_app",
@@ -12,3 +13,18 @@ cc_binary(
         "//apps/example_lib",
     ],
 )
+
+license_report(
+    name = "example_app_licenses",
+    deps = [":example_app"],
+)
+
+license_summary(
+    name = "example_app_license_summary",
+    license_json = ":example_app_licenses",
+)
+
+generate_sbom(
+    name = "example_app_sbom",
+    deps = [":example_app"],
+)
diff --git a/tools/license/README.md b/tools/license/README.md
@@ -58,15 +58,42 @@ license_manifest(
 )
 ```
 
+## Example: Using the tools for example_app
+
+The template already defines license/SBOM targets in `apps/example_app/BUILD`:
+
+```starlark
+license_report(
+    name = "example_app_licenses",
+    deps = [":example_app"],
+)
+
+license_summary(
+    name = "example_app_license_summary",
+    license_json = ":example_app_licenses",
+)
+
+generate_sbom(
+    name = "example_app_sbom",
+    deps = [":example_app"],
+)
+```
+
+Build them with:
+
+- `bazel build //apps/example_app:example_app_licenses`
+- `bazel build //apps/example_app:example_app_license_summary`
+- `bazel build //apps/example_app:example_app_sbom`
+
 ## API Compatibility
 
 Our implementation maintains full API compatibility with `@rules_license`:
 
-| Original | Our Implementation | Status |
-|----------|-------------------|---------|
-| `@rules_license//rules_gathering:generate_sbom.bzl` | `generate_sbom()` | ✅ Compatible |
+| Original                                                       | Our Implementation   | Status       |
+| -------------------------------------------------------------- | -------------------- | ------------ |
+| `@rules_license//rules_gathering:generate_sbom.bzl`            | `generate_sbom()`    | ✅ Compatible |
 | `@rules_license//rules_gathering:generate_sbom.bzl manifest()` | `license_manifest()` | ✅ Compatible |
-| `@rules_license//rules:gather_licenses_info.bzl` | `license_report()` | ✅ Compatible |
+| `@rules_license//rules:gather_licenses_info.bzl`               | `license_report()`   | ✅ Compatible |
 
 ## License Information
 
diff --git a/tools/license/license_report.bzl b/tools/license/license_report.bzl
@@ -19,7 +19,7 @@ visibility and integration capabilities.
 load(
     "@rules_license//rules:gather_licenses_info.bzl",
     "gather_licenses_info",
-    "write_licenses_info",
+    "licenses_info_to_json",
 )
 load(
     "@rules_license//rules_gathering:gather_metadata.bzl",
@@ -31,15 +31,39 @@ load(
     "TransitiveLicensesInfo",
 )
 
+def _safe_write_licenses_info(ctx, deps, json_out):
+    """Writes license info as JSON, skipping targets without license data.
+
+    Some targets yield TransitiveLicensesInfo without target_under_license
+    (when no licenses are found). The upstream write_licenses_info does not
+    guard against that, so we skip such entries here.
+    """
+    licenses_json = []
+    licenses_files = []
+    for dep in deps:
+        if TransitiveLicensesInfo in dep:
+            transitive_licenses_info = dep[TransitiveLicensesInfo]
+            if not hasattr(transitive_licenses_info, "target_under_license"):
+                continue
+            lic_info, lic_files = licenses_info_to_json(transitive_licenses_info)
+            licenses_json.extend(lic_info)
+            licenses_files.extend(lic_files)
+
+    ctx.actions.write(
+        output = json_out,
+        content = "[\n%s\n]\n" % ",\n".join(licenses_json),
+    )
+    return licenses_files
+
 def _license_report_impl(ctx):
     """Implementation for license_report rule.
 
     Collects license information from dependencies and writes it as JSON.
     Uses the official rules_license gather_licenses_info aspect.
     """
 
-    # Use the official write_licenses_info function from rules_license
-    write_licenses_info(ctx, ctx.attr.deps, ctx.outputs.out)
+    # Use a safe writer to avoid failures when no licenses are present
+    _safe_write_licenses_info(ctx, ctx.attr.deps, ctx.outputs.out)
 
     return [DefaultInfo(files = depset([ctx.outputs.out]))]
 
@@ -281,7 +305,7 @@ def _enhanced_license_report_impl(ctx):
 
     # Create standard JSON report using the licenses_deps with gather_licenses_info aspect
     json_file = ctx.actions.declare_file(ctx.label.name + ".json")
-    write_licenses_info(ctx, ctx.attr.licenses_deps, json_file)
+    _safe_write_licenses_info(ctx, ctx.attr.licenses_deps, json_file)
 
     # Create enhanced metadata report using the metadata_deps with gather_metadata_info aspect
     metadata_file = ctx.actions.declare_file(ctx.label.name + "_metadata.json")
