CI: Add check for SPDX license headers

[jodh-intel]

Add a check to ensure that all files where possible contain the
required SPDX license header.

Fixes #240.

Signed-off-by: James O. D. Hunt james.o.hunt@intel.com

[jodh-intel]

/cc @grahamwhaley.

[jodh-intel]

This list of excludes works reasonably well, but I wonder if we want to add .pullapprove.yml to it too? We could of course instead add the SPDX header to that file ;)

[jcvenegas]

what about exclude yml and toml files in general?

[jodh-intel]

I guess we could, although for example the versions database does have the SPDX tag:

• https://github.com/kata-containers/runtime/blob/master/versions.yaml#L4

But yes, we'd need to add it to configuration.toml (and probably should ;)

[grahamwhaley]

I vote maybe we should add them if that does not upset any of the relevant processing tools or bots

[jodh-intel]

Ok - added.

[jcvenegas]

lgtm! I would exclude yaml and toml files too

[jcvenegas]

ACMRUX ?

[grahamwhaley]

new to me - went to look it up - still digesting... https://git-scm.com/docs/git-diff-tree#git-diff-tree---diff-filterACDMRTUXB82308203

[jodh-intel]

Yeah, it's a bit opaque :) I've updated the file to make it a bit clearer ;)

[jcvenegas]

what about exclude yml and toml files in general?

[grahamwhaley]

Even if we are going to fix all the .yaml and other files that are either missing or have a non-SPDX header, I think this will still work fine, so:
lgtm

[grahamwhaley]

and thanks @jodh-intel for writing that :-)

[GabyCT]

lgtm

[jcvenegas]

@GabyCT @chavafg "jenkins-ci-ubuntu-16-04 Expected — Waiting for status to be reported" I see ubuntu did not reported, is this a known issue?

[chavafg]

Don't know what happened. The job finished successfully: http://kata-jenkins-ci.westus2.cloudapp.azure.com/job/kata-containers-tests-ubuntu-16-04-PR/325/
Restarted the job.

[jodh-intel]

@grahamwhaley - assuming this was a CI hiccup, do you want to merge?

[grahamwhaley]

afaict, the CI did pass - at least as well as any other PR. @chavafg , looking at a few of the logs for the 16.04 builds, they seem to have a number of error-ish type lines (around yaml not found and coverage not reported etc.). I wonder if we can make the scripts a little smarter to reduce some of the noise in the future?
merging..

[bergwolf]

It seems that this PR is breaking all CIs. I'm seeing

ERROR: Required license identifier ('SPDX-License-Identifier: Apache-2.0') missing from following files:

for PRs that do not add any new files. Do we want to block all PRs until the switch is done?

[grahamwhaley]

@bergwolf (or anybody) - do you have a link to a PR that has the failing CI so we can have a look?

[bergwolf]

@grahamwhaley https://travis-ci.org/kata-containers/runtime/builds/368056793

[grahamwhaley]

Ah, I'm afraid the tool did exactly what it was meant to. The bit you did not paste is:

virtcontainers/agent.go
virtcontainers/api.go
virtcontainers/api_test.go
virtcontainers/hyperstart_agent.go
virtcontainers/implementation.go
virtcontainers/interfaces.go
virtcontainers/kata_agent.go
virtcontainers/noop_agent.go
virtcontainers/pkg/vcmock/mock.go
virtcontainers/pkg/vcmock/mock_test.go
virtcontainers/pkg/vcmock/sandbox.go
virtcontainers/pkg/vcmock/types.go
virtcontainers/sandbox.go

From the files in the PR: https://github.com/bergwolf/kata-runtime/blob/6eb92805dd13ba4bd9e37cbe8a48f1b53c363065/virtcontainers/agent.go#L1-L15

See kata-containers/runtime#227
The correct fix might be to update/fix the license headers in those files...

[bergwolf]

@grahamwhaley That's what I meant by "block all PRs until the switch is done", because it is now required to update the license header for any PR that touches the improperly licensed files.

I think the sequence to move forward is to send separate PRs to fix the license headers and get them merged first, and then merge this PR to make sure new any added files are properly licensed.

Right now, it seems that we are merging tests first and catching up with implementations.

[bergwolf]

And CI for any PR in runtime repo will fail until kata-containers/runtime#227 is fixed.

[grahamwhaley]

Well, I understand :-) Yes, we are currently checking any files that are modified as well as newly added.
options:

1. fix the files that are touched in PRs right now whilst we prep the PR for vc SPDX headers
2. temporarily change the check so it only checks newly added files
3. turn the check off completely
4. write and land the vc SPDX update PR asap

I favour maybe a combination of 2 and 4, if we cannot do 4 very quickly... I can jump on (4) in a few hours time....

[bergwolf]

@grahamwhaley I'm in favor of any option that can unblock other PRs quickly ;) Thanks!

[grahamwhaley]

See kata-containers/runtime#231