chore: fix flaky license check for dario.cat/mergo#397
Closed
tsivaprasad wants to merge 1 commit into
Closed
Conversation
📝 WalkthroughWalkthroughThis pull request adds the ChangesLicense Notice Addition
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Up to standards ✅🟢 Issues
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
Makefile (1)
149-159: ⚡ Quick winUpdate the comment to document the new ignore entry and fix typo.
The comment should explain why
dario.cat/mergois ignored, and there's a typo in the filename reference.📝 Proposed comment update
# Exclude some dependencies from NOTICE.txt generation # - github.com/pgEdge/control-plane is our own code -# - github.com/eclipse/paho.golang is licensed under EDL-1.0 explicitly in # NOTICES.txt.tmpl +# - github.com/eclipse/paho.golang is licensed under EDL-1.0 explicitly in NOTICE.txt.tmpl +# - dario.cat/mergo is licensed under BSD-3-Clause explicitly in NOTICE.txt.tmpl (DNS lookups for dario.cat are unreliable) .PHONY: licenses licenses: GOOS=linux $(go-licenses) check ./...🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@Makefile` around lines 149 - 159, Update the comment above the Makefile target licenses to both document why dario.cat/mergo is excluded and fix the filename typo: replace the existing comment that mentions "# NOTICES.txt.tmpl" with a clear note that github.com/pgEdge/control-plane is our own code, github.com/eclipse/paho.golang is explicitly licensed under EDL-1.0 in NOTICE.txt.tmpl, and that dario.cat/mergo is ignored because it is (e.g.) a bundled/merged dependency or otherwise exempt from NOTICE generation in our build; ensure the reference matches the template used by the target (--template=NOTICE.txt.tmpl) and correct the typo to NOTICE.txt.tmpl.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@NOTICE.txt.tmpl`:
- Around line 31-67: Update the dario.cat/mergo NOTICE entry so the license URL
does not redirect: replace the current GitHub blob URL
(https://github.com/imdario/mergo/blob/v1.0.0/LICENSE) with a non-redirecting
URL that returns 200 (for example the raw file URL like
https://raw.githubusercontent.com/imdario/mergo/v1.0.0/LICENSE) in the
NOTICE.txt.tmpl dario.cat/mergo section (version v1.0.0) so automated checks
resolve the license link directly.
---
Nitpick comments:
In `@Makefile`:
- Around line 149-159: Update the comment above the Makefile target licenses to
both document why dario.cat/mergo is excluded and fix the filename typo: replace
the existing comment that mentions "# NOTICES.txt.tmpl" with a clear note that
github.com/pgEdge/control-plane is our own code, github.com/eclipse/paho.golang
is explicitly licensed under EDL-1.0 in NOTICE.txt.tmpl, and that
dario.cat/mergo is ignored because it is (e.g.) a bundled/merged dependency or
otherwise exempt from NOTICE generation in our build; ensure the reference
matches the template used by the target (--template=NOTICE.txt.tmpl) and correct
the typo to NOTICE.txt.tmpl.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 57b9ead8-2725-448d-90f3-36cdbb2c9d14
📒 Files selected for processing (3)
MakefileNOTICE.txtNOTICE.txt.tmpl
Comment on lines
+31
to
+67
| ## dario.cat/mergo | ||
|
|
||
| * Name: dario.cat/mergo | ||
| * Version: v1.0.0 | ||
| * License: [BSD-3-Clause](https://github.com/imdario/mergo/blob/v1.0.0/LICENSE) | ||
|
|
||
| ``` | ||
| Copyright (c) 2013 Dario Castañé. All rights reserved. | ||
| Copyright (c) 2012 The Go Authors. All rights reserved. | ||
|
|
||
| Redistribution and use in source and binary forms, with or without | ||
| modification, are permitted provided that the following conditions are | ||
| met: | ||
|
|
||
| * Redistributions of source code must retain the above copyright | ||
| notice, this list of conditions and the following disclaimer. | ||
| * Redistributions in binary form must reproduce the above | ||
| copyright notice, this list of conditions and the following disclaimer | ||
| in the documentation and/or other materials provided with the | ||
| distribution. | ||
| * Neither the name of Google Inc. nor the names of its | ||
| contributors may be used to endorse or promote products derived from | ||
| this software without specific prior written permission. | ||
|
|
||
| THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | ||
| "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT | ||
| LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR | ||
| A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | ||
| OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | ||
| LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||
| THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||
| (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | ||
| OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| ``` | ||
|
|
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Verify dario.cat/mergo version, license URL, and license text
echo "=== Checking go.mod for dario.cat/mergo version ==="
rg -n "dario.cat/mergo" go.mod
echo -e "\n=== Verifying license URL accessibility ==="
curl -s -o /dev/null -w "HTTP Status: %{http_code}\n" "https://github.com/imdario/mergo/blob/v1.0.0/LICENSE"
echo -e "\n=== Fetching actual license text from repository ==="
curl -s "https://raw.githubusercontent.com/imdario/mergo/v1.0.0/LICENSE"Repository: pgEdge/control-plane
Length of output: 1805
Adjust dario.cat/mergo NOTICE entry to ensure the license URL resolves cleanly
go.modspecifiesdario.cat/mergo v1.0.0(indirect), matching the NOTICE version.- The BSD-3-Clause license text for
v1.0.0matches the text included inNOTICE.txt.tmpl(lines 31-67). - The provided GitHub license link returns an HTTP 301 (redirect) when fetched; update it to a URL that returns 200 directly (or a non-redirecting equivalent) to avoid compliance/automation issues.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@NOTICE.txt.tmpl` around lines 31 - 67, Update the dario.cat/mergo NOTICE
entry so the license URL does not redirect: replace the current GitHub blob URL
(https://github.com/imdario/mergo/blob/v1.0.0/LICENSE) with a non-redirecting
URL that returns 200 (for example the raw file URL like
https://raw.githubusercontent.com/imdario/mergo/v1.0.0/LICENSE) in the
NOTICE.txt.tmpl dario.cat/mergo section (version v1.0.0) so automated checks
resolve the license link directly.
Contributor
Author
|
Addressed same issue as part of #396 |
tsivaprasad
deleted the
PLAT-637-fix-flaky-license-ci-check-caused-by-dario-cat-dns-failures
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR addresses license compliance failures caused by the expired dario.cat/mergo license lookup by excluding it from automated license scanning and providing a static license entry in NOTICE.txt.
Changes
--ignore dario.cat/mergoto thego-licenses reportcommand in the Makefile to avoid unreliable DNS lookups fordario.cat.dario.cat/mergoBSD-3-Clause license entry toNOTICE.txt.tmpl(following the same approach used forpaho.golang) to maintain license compliance.PLAT-626