diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md index 0130550c..fef8eb82 100644 --- a/.github/CONTRIBUTING.md +++ b/.github/CONTRIBUTING.md @@ -53,6 +53,11 @@ To make a clean pull request, follow the steps below: - **docs**: Make changes to documentation. - **style**: Implement code style changes (e.g., formatting). - **test**: Modify or add tests. + - **refactor**: Implement code refactoring. + - **perf**: Performance Improvements. + - **build**: Any changes in build conditions. + - **ci**: Implement any continuous integration changes. + - **revert**: Revert to previous code state. For example: @@ -64,6 +69,11 @@ To make a clean pull request, follow the steps below: git commit -m "docs: A brief description of documentation changes" --signoff git commit -m "style: A brief description of code style changes (e.g., formatting)" --signoff git commit -m "test: A brief description of changes related to testing" --signoff + git commit -m "refactor: A brief description of code refactoring" --signoff + git commit -m "perf: A brief description of performance improvements" --signoff + git commit -m "build: A brief description of build conditions" --signoff + git commit -m "ci: A brief description of continuous integration changes" --signoff + git commit -m "revert: A brief description of revert previous code state" --signoff ``` 8. Pull the latest LPVS code from upstream into your branch: diff --git a/Dockerfile b/Dockerfile index cd70e131..d5aaa242 100644 --- a/Dockerfile +++ b/Dockerfile @@ -30,15 +30,16 @@ RUN apt-get update && \ apt-get clean RUN rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +WORKDIR /root/ + # Install SCANOSS -RUN echo "scanoss==1.8.0 --hash=sha256:5d7d3c5dcff799155b72eaf3c88385a5f3e5fbb887afcffed42c9bd87f0b66f3" > requirements.txt -RUN pip3 install --require-hashes --no-deps -r requirements.txt +COPY --from=builder /root/requirements.txt ./ +RUN pip3 install --require-hashes -r requirements.txt # Allow to listen port 7896 EXPOSE 7896 # Set workdir for running jar -WORKDIR /root/ COPY --from=frontend /frontend/build/ ./static/ COPY --from=builder /root/target/lpvs-*.jar ./lpvs.jar diff --git a/README.md b/README.md index 85d212e1..42b7c871 100644 --- a/README.md +++ b/README.md @@ -53,15 +53,18 @@ With these features, LPVS assists developers to manage license compliance for th To enable _LPVS_ license scanning for your project, you need to set up GitHub Webhooks: -1. Create a personal access token (`github.token`): +1. Create a personal github access token (`personal-token`): - Follow the instructions [here](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-fine-grained-personal-access-token) to create a personal access token with the necessary permissions. + > [!NOTE] + > Pay attention that the token must be copied immediately after creation, because you will not be able to see it later!! + 2. Configure the webhook in your GitHub repository settings: - Go to `Settings` -> `Webhooks`. - Click on `Add webhook`. - Fill in the `Payload URL` with: `http://:7896/webhooks`. > If you're using ngrok, the `Payload URL` should be like `https://50be-62-205-136-206.ngrok-free.app/webhooks`. - - Install ngrok from [here](https://ngrok.com/docs/getting-started/#step-2-install-the-ngrok-agent) (follow steps 1 and 2). + - Install ngrok and connect your account from [here](https://ngrok.com/docs/getting-started/#step-2-install-the-ngrok-agent) (follow steps 1 and 2). - Run ngrok using the command: `ngrok http 7896`. - Specify the content type as `application/json`. - Fill in the `Secret` field with the passphrase: `LPVS`. @@ -85,13 +88,23 @@ For the Docker deployment scenario, you may need to fill in the environment vari #### 2.1 Setting up LPVS Docker environment variables -In the case where you plan to use a database user other than `root` that reflects in files `application.properties` or `docker-compose.yml` as: +1. Open `docker-compose.yml` file. + +2. In the `environment` part of the `lpvs` service, find `## Github data for fetching code` and fill in the github `login` and personal `token` that was generated earlier + +```yaml +- github.login= +- github.token= ``` - spring.datasource.username=user - spring.datasource.password=password + +3. In case you plan to use a database user other than `root` reflect this in the appropriate lines in the `## Database Configuration` part of the `lpvs` service in `environment` section: + +```yaml +- spring.datasource.username=user +- spring.datasource.password=password ``` -make the following changes in the `docker-compose.yml` file in section `environment` near `MYSQL_ROOT_PASSWORD` value: +4. Make the following changes in the `environment` section of `mysqldb` service near `MYSQL_ROOT_PASSWORD` value: ```yaml - MYSQL_USER: user @@ -101,12 +114,16 @@ make the following changes in the `docker-compose.yml` file in section `environm If you are using only the `root` user, make the following change: ```yaml +- spring.datasource.username=root +- spring.datasource.password=rootpassword +``` +```yaml - MYSQL_ROOT_PASSWORD: rootpassword ``` In both cases, ensure that the `MYSQL_ROOT_PASSWORD` field is filled. -You can also change the directory for storing MySQL data by modifying the following line: +5. You can also change the directory for storing MySQL data by modifying the following line: ```yaml - ./mysql-lpvs-data:/var/lib/mysql # db storage by default it is a directory in the root of the repository with the name mysql-lpvs-data diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 00000000..f3a731f7 --- /dev/null +++ b/requirements.txt @@ -0,0 +1,29 @@ +scanoss==1.8.0 --hash=sha256:5d7d3c5dcff799155b72eaf3c88385a5f3e5fbb887afcffed42c9bd87f0b66f3 +binaryornot==0.4.4 --hash=sha256:b8b71173c917bddcd2c16070412e369c3ed7f0528926f70cac18a6c97fd563e4 +chardet==3.0.4 --hash=sha256:fc323ffcaeaed0e0a02bf4d117757b98aed530d9ed4531e3e15460124c106691 +crc32c==2.3.post0 --hash=sha256:a2f6105a430f4f1f393cc660bf8ac3a4860396fa9b5ac8bf0c7ba1de044a3cbc +google-api-core==2.15.0 --hash=sha256:2aa56d2be495551e66bbff7f729b790546f87d5c90e74781aa77233bcb395a8a +google-auth==2.25.2 --hash=sha256:473a8dfd0135f75bb79d878436e568f2695dce456764bf3a02b6f8c540b1d256 +cachetools==5.3.2 --hash=sha256:861f35a13a451f94e301ce2bec7cac63e881232ccce7ed67fab9b5df4d3beaa1 +pyasn1-modules==0.3.0 --hash=sha256:d3ccd6ed470d9ffbc716be08bd90efbd44d0734bc9303818f7336070984a162d +pyasn1==0.5.1 --hash=sha256:4439847c58d40b1d0a573d07e3856e95333f1976294494c325775aeca506eb58 +rsa==4.9 --hash=sha256:90260d9058e514786967344d0ef75fa8727eed8a7d2e43ce9f4bcf1b536174f7 +googleapis-common-protos==1.62.0 --hash=sha256:4750113612205514f9f6aa4cb00d523a94f3e8c06c5ad2fee466387dc4875f07 +grpcio==1.54.2 --hash=sha256:5cc928cfe6c360c1df636cf7991ab96f059666ac7b40b75a769410cc6217df9c +progress==1.6 --hash=sha256:c9c86e98b5c03fa1fe11e3b67c1feda4788b8d0fe7336c2ff7d5644ccfba34cd +protobuf==4.23.1 --hash=sha256:3ce113b3f3362493bddc9069c2163a38f240a9ed685ff83e7bcb756b05e1deb0 +pyOpenSSL==23.3.0 --hash=sha256:6756834481d9ed5470f4a9393455154bc92fe7a64b7bc6ee2c804e78c52099b2 +cryptography==41.0.6 --hash=sha256:068bc551698c234742c40049e46840843f3d98ad7ce265fd2bd4ec0d11306596 --hash=sha256:0f27acb55a4e77b9be8d550d762b0513ef3fc658cd3eb15110ebbcbd626db12c --hash=sha256:2132d5865eea673fe6712c2ed5fb4fa49dba10768bb4cc798345748380ee3660 --hash=sha256:3288acccef021e3c3c10d58933f44e8602cf04dba96d9796d70d537bb2f4bbc4 --hash=sha256:35f3f288e83c3f6f10752467c48919a7a94b7d88cc00b0668372a0d2ad4f8ead --hash=sha256:398ae1fc711b5eb78e977daa3cbf47cec20f2c08c5da129b7a296055fbb22aed --hash=sha256:422e3e31d63743855e43e5a6fcc8b4acab860f560f9321b0ee6269cc7ed70cc3 --hash=sha256:48783b7e2bef51224020efb61b42704207dde583d7e371ef8fc2a5fb6c0aabc7 --hash=sha256:4d03186af98b1c01a4eda396b137f29e4e3fb0173e30f885e27acec8823c1b09 --hash=sha256:5daeb18e7886a358064a68dbcaf441c036cbdb7da52ae744e7b9207b04d3908c --hash=sha256:60e746b11b937911dc70d164060d28d273e31853bb359e2b2033c9e93e6f3c43 --hash=sha256:742ae5e9a2310e9dade7932f9576606836ed174da3c7d26bc3d3ab4bd49b9f65 --hash=sha256:7e00fb556bda398b99b0da289ce7053639d33b572847181d6483ad89835115f6 --hash=sha256:85abd057699b98fce40b41737afb234fef05c67e116f6f3650782c10862c43da --hash=sha256:8efb2af8d4ba9dbc9c9dd8f04d19a7abb5b49eab1f3694e7b5a16a5fc2856f5c --hash=sha256:ae236bb8760c1e55b7a39b6d4d32d2279bc6c7c8500b7d5a13b6fb9fc97be35b --hash=sha256:afda76d84b053923c27ede5edc1ed7d53e3c9f475ebaf63c68e69f1403c405a8 --hash=sha256:b27a7fd4229abef715e064269d98a7e2909ebf92eb6912a9603c7e14c181928c --hash=sha256:b648fe2a45e426aaee684ddca2632f62ec4613ef362f4d681a9a6283d10e079d --hash=sha256:c5a550dc7a3b50b116323e3d376241829fd326ac47bc195e04eb33a8170902a9 --hash=sha256:da46e2b5df770070412c46f87bac0849b8d685c5f2679771de277a422c7d0b86 --hash=sha256:f39812f70fc5c71a15aa3c97b2bbe213c3f2a460b79bd21c40d033bb34a9bf36 --hash=sha256:ff369dd19e8fe0528b02e8df9f2aeb2479f89b1270d90f96a63500afe9af5cae +cffi==1.15.1 --hash=sha256:5d598b938678ebf3c67377cdd45e09d431369c3b1a5b331058c338e201f12b27 +pycparser==2.21 --hash=sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9 +PyPAC==0.16.4 --hash=sha256:dc2b775c7a2c9c77b1351681fec729788b08b7c76e6d2a041fe35cf60ca493c6 +dukpy==0.3.0 --hash=sha256:9087a3321649beb17f91afa6ffde991d477aa0029c3be5ce908369517ac85251 +tldextract==3.4.3 --hash=sha256:5ed3fd01df4e78b8b378bdff94397cd8cdb130b54d2681c40d254beadd50f69f +filelock==3.12.0 --hash=sha256:ad98852315c2ab702aeb628412cbf7e95b7ce8c3bf9565670b4eaecf1db370a9 +idna==2.8 --hash=sha256:ea8b7f6188e6fa117537c3df7da9fc686d485087abf6ac197f9c46432f7e4a3c +requests-file==1.5.1 --hash=sha256:dfe5dae75c12481f68ba353183c53a65e6044c923e64c24b2209f6c7570ca953 +six==1.14.0 --hash=sha256:8f3cd2e254d8f793e7f3d6d9df77b92252b52637291d0f0da013c76ea2724b6c +requests==2.31.0 --hash=sha256:58cd2187c01e70e6e26505bca751777aa9f2ee0b7f4300988b709f44e013003f --hash=sha256:942c5a758f98d790eaed1a29cb6eefc7ffb0d1cf7af05c3d2791656dbd6ad1e1 +urllib3==1.26.18 --hash=sha256:34b97092d7e0a3a8cf7cd10e386f401b3737364026c45e622aa02903dffe0f07 --hash=sha256:f8ecc1bba5667413457c529ab955bf8c67b45db799d159066261719e328580a0 +certifi==2023.7.22 --hash=sha256:539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082 --hash=sha256:92d6037539857d8206b8f6ae472e8b77db8058fec5937a1ef3f54304089edbb9 +charset-normalizer==3.1.0 --hash=sha256:21fa558996782fc226b529fdd2ed7866c2c6ec91cee82735c98a197fae39f706