Update ORT to skip approved packages or those under testing

valkey-io · Dec 30, 2024 · f224383 · f224383
1 parent 4df3757
commit f224383
Show file tree

Hide file tree

Showing 6 changed files with 29 additions and 14 deletions.
diff --git a/.github/workflows/ort.yml b/.github/workflows/ort.yml
@@ -93,6 +93,7 @@ jobs:
                   cat << EOF > ~/.ort/config/config.yml
                   ort:
                     analyzer:
+                      skip_excluded: true
                       allowDynamicVersions: true
                       enabledPackageManagers: [Cargo, NPM, PIP, GradleInspector]
                   EOF

diff --git a/python/.ort.yml b/python/.ort.yml
@@ -7,6 +7,9 @@ excludes:
           reason: "DEV_DEPENDENCY_OF"
           comment: "Packages for development only."
     paths:
+        - pattern: "dev_requirements.txt"
+          reason: "TEST_TOOL_OF"
+          comment: "Packages for testing only."
         - pattern: ".*"
           reason: "BUILD_TOOL_OF"
           comment: "invisible"
diff --git a/python/dev_requirements.txt b/python/dev_requirements.txt
@@ -0,0 +1,10 @@
+maturin==0.14.17 # higher version break the needs structure changes, the name of the project is not the same as the package name, and the naming both glide create a circular dependency - TODO: fix this 
+pytest
+pytest-asyncio
+pytest-html
+black >= 24.3.0
+flake8 == 5.0
+isort == 5.10
+mypy == 1.13.0
+mypy-protobuf == 3.5
+packaging >= 22.0
diff --git a/python/pyproject.toml b/python/pyproject.toml
@@ -6,6 +6,8 @@ build-backend = "maturin"
 name = "valkey-glide"
 requires-python = ">=3.9"
 dependencies = [
+    # Note: If you add a dependency here, make sure to also add it to requirements.txt
+    # This is necessary until the issue https://github.com/aboutcode-org/python-inspector/issues/197 is resolved.
     "async-timeout>=4.0.2; python_version < '3.11'",
     "typing-extensions>=4.8.0; python_version < '3.11'",
     "protobuf>=3.20",

diff --git a/python/requirements.txt b/python/requirements.txt
@@ -1,12 +1,5 @@
-async-timeout==4.0.2;python_version<"3.11"
-maturin==0.14.17 # higher version break the needs structure changes, the name of the project is not the same as the package name, and the naming both glide create a circular dependency - TODO: fix this 
-pytest
-pytest-asyncio
-typing_extensions==4.8.0;python_version<"3.11"
-pytest-html
-black >= 24.3.0
-flake8 == 5.0
-isort == 5.10
-mypy == 1.13.0
-mypy-protobuf == 3.5
-packaging >= 22.0
+# Note: If you add a dependency here, make sure to also add it to pyproject.toml
+# This is necessary until the issue https://github.com/aboutcode-org/python-inspector/issues/197 is resolved.
+async-timeout>=4.0.2
+typing-extensions>=4.8.0
+protobuf>=3.20
diff --git a/utils/get_licenses_from_ort.py b/utils/get_licenses_from_ort.py
@@ -17,6 +17,7 @@
     "Apache-2.0",
     "Apache-2.0 AND (Apache-2.0 OR BSD-2-Clause)",
     "Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause)",
+    "Apache-2.0 AND MIT",
     "Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT",
     "Apache-2.0 OR BSD-2-Clause OR MIT",
     "Apache-2.0 OR BSL-1.0",
@@ -34,8 +35,13 @@
     "Zlib",
     "MIT OR Unlicense",
     "PSF-2.0",
+    "Unicode-3.0",
+    "(Apache-2.0 OR MIT) AND Unicode-3.0"
+]
+APPROVED_PACKAGES = [
+    "PyPI::pathspec:0.12.1",
+    "PyPI::certifi:2023.11.17"
 ]
-
 SCRIPT_PATH = os.path.dirname(os.path.realpath(__file__))
 
 
@@ -105,7 +111,7 @@ def __str__(self):
                         package_license = PackageLicense(
                             package["id"], ort_result.name, license
                         )
-                        if license not in APPROVED_LICENSES:
+                        if license not in APPROVED_LICENSES and package["id"] not in APPROVED_PACKAGES:
                             unknown_licenses.append(package_license)
                         else:
                             final_packages.append(package_license)