...
| Time | Item | Who | Notes from the Meeting | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| 5 mins | Convene & Roll Call | Former user (Deleted) | |||||||||
| 5 mins | Welcome James! | James McLeod (Unlicensed) | James is the new FINOS Community Director | ||||||||
| 10 mins | FOSSA |
| |||||||||
| 15 mins | WhiteSource Webinar on Wednesday November 6 | Maurizio Pillitu |
| 10 mins | FOSSA reporting format | ||||||
Does fossa-cli use a fossa-generated format, or is this following one of the standard BOM formats being developed by the community for greater reuse? See | |||||||||||
| 5 mins | Retrospective on current sprint | Group | |||||||||
| 10 mins | Planning next Next Sprint priorities | Group | |||||||||
| 10 mins | Backlog scrubbing | Group | |||||||||
| 5 | AOB & adjourn | Group |
FOSSA GitHub Action - (mao proposal)
Build a standard GitHub action that reacts on commits and Pull Requests (PRs) on a given GitHub repository, called FOSSA GitHub Action.
Every time that a commit is pushed or a PR is merged, the FOSSA GitHub Action is triggered, the action
- Reads a
.fossa-licenses.yamlfile, containing - A list of SPDX IDs called "compatibleLicenses"
- A list of SPDX IDs called "incompatibleLicenses"
- A list of strings called "whitelistedLibraries"
- ... (more will come after the MVP)
- Reads the
FOSSA_API_KEY(encrypted) environment variable, containing the key of FINOS account - Invokes "
fossa init" and "fossa report licenses --json", generating a JSON payload with all library and license definitions - Parses the generated JSON (on step 5) and builds a report with
- List of libraries with compatible licenses (and the compatible license that applies)
- List of libraries with incompatible licenses
- List of libraries with unknown licenses
- Format the report in Markdown and post on a new github issue. If the action was triggered by a PR, the check will succeed or fail based on the amount of incompatible /unknown licenses found