dev: Replace spdx-license-list package

Replace the suddenly defunct spdx-license-list package with a local module and a generator module to make updating relatively easy. Both are heavily based on the last version of the upstream https://gitlab.com/uniqx/spdx-license-list project which was the origin of the now gone PyPi package. Bug: T325833 Change-Id: I8c4d86c21bb68f0ec2e4466e36d2a1115fe7524f
wikimedia · Dec 22, 2022 · eaf39ae · eaf39ae
1 parent bb4ab8f
commit eaf39ae
Show file tree

Hide file tree

Showing 8 changed files with 4,236 additions and 76 deletions.
diff --git a/Makefile b/Makefile
@@ -207,6 +207,15 @@ format-code:  ## Reformat Python and JS files
 	docker-compose exec nodejs npm run-script format
 .PHONY: format-code
 
+generate-spdx:  ## Generate a new SPDX data file
+	docker-compose exec web sh -c " \
+		poetry run python3 toolhub/apps/toolinfo/generate_spdx.py > \
+			toolhub/apps/toolinfo/spdx.py && \
+		poetry run black toolhub/apps/toolinfo/spdx.py && \
+		cat toolhub/apps/toolinfo/spdx.py \
+	"
+.PHONY: generate-spdx
+
 clean:  ## Clean up Docker images and containers
 	yes | docker image prune
 	yes | docker container prune

diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -34,7 +34,6 @@ whitenoise = {extras = ["brotli"], version = "^5.2.0"}
 django-oauth-toolkit = "^1.3.3"
 jsonschema = "^3.2.0"
 django-reversion = "^4.0.0"
-spdx-license-list = "^0.5.2"
 jsonpatch = "^1.28"
 django-reversion-compare = "^0.14.1"
 elasticsearch-dsl = ">=7.3.0,<7.4.0"

diff --git a/toolhub/apps/toolinfo/generate_spdx.py b/toolhub/apps/toolinfo/generate_spdx.py
@@ -0,0 +1,98 @@
+# Copyright (c) 2022 Wikimedia Foundation and contributors.
+# All Rights Reserved.
+#
+# This file is part of Toolhub.
+#
+# Toolhub is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Toolhub is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Toolhub.  If not, see <http://www.gnu.org/licenses/>.
+import datetime
+import pkg_resources
+import pprint
+import sys
+
+import requests
+
+
+TEMPLATE = """\
+# Copyright (c) {year} Wikimedia Foundation and contributors.
+# All Rights Reserved.
+#
+# This file is part of Toolhub.
+#
+# Toolhub is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Toolhub is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Toolhub.  If not, see <http://www.gnu.org/licenses/>.
+
+SPDX_GIT_TAG = "{git_tag}"
+
+SPDX_LICENSES = {licenses}
+"""
+
+
+def get_latest_release_tag():
+    """Get the latest release tag for spdx/license-list-data."""
+    url = "https://api.github.com/repos/spdx/license-list-data/tags"
+    r = requests.get(url)
+    tags = r.json()
+    latest = "0"
+    for tag in tags:
+        if pkg_resources.parse_version(
+            tag["name"]
+        ) > pkg_resources.parse_version(latest):
+            latest = tag["name"]
+    return latest
+
+
+def main():
+    """Generate a module containing a dict of SPDX license data.
+
+    Borrows heavily from Michael Pöhn's defunct spdx-license-list package
+    found at <https://gitlab.com/uniqx/spdx-license-list>.
+    """
+    git_tag = get_latest_release_tag()
+    url = "https://github.com/{project}/raw/{tag}/json/licenses.json".format(
+        project="spdx/license-list-data", tag=git_tag
+    )
+    r = requests.get(url)
+
+    licenses = {}
+    for entry in r.json()["licenses"]:
+        del entry["detailsUrl"]
+        del entry["reference"]
+        del entry["seeAlso"]
+        if "isOsiApproved" not in entry:
+            entry["isOsiApproved"] = False
+        if "isFsfLibre" not in entry:
+            entry["isFsfLibre"] = False
+        entry["referenceNumber"] = int(entry["referenceNumber"])
+        licenses[entry["licenseId"]] = entry
+
+    raw = TEMPLATE.format(
+        year=datetime.datetime.now().year,
+        git_tag=git_tag,
+        licenses=pprint.pformat(licenses),
+    )
+    print(raw)
+
+
+if __name__ == "__main__":
+    sys.exit(main())