From 09b28bbe904cf45488dfe33dd16a893f335e3d97 Mon Sep 17 00:00:00 2001 From: Julian Berman Date: Mon, 5 Dec 2022 16:43:07 -0500 Subject: [PATCH] Run pip-licenses on the format-nongpl extra. --- .github/workflows/ci.yml | 6 +++++- docs/validate.rst | 11 +++++++---- tox.ini | 18 +++++++++--------- 3 files changed, 21 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b0e0b377..bacc6a5d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -109,7 +109,11 @@ jobs: - name: "3.11" toxenv: docs-style - name: "3.11" - toxenv: audit + toxenv: format-audit + - name: "3.11" + toxenv: formatnongpl-audit + - name: "3.11" + toxenv: noextra-audit - name: "3.11" toxenv: readme - name: "3.11" diff --git a/docs/validate.rst b/docs/validate.rst index 6a721d79..71ec19df 100644 --- a/docs/validate.rst +++ b/docs/validate.rst @@ -196,19 +196,22 @@ The easiest way to ensure you have what is needed is to install ``jsonschema`` u For example: -.. code-block:: sh +.. code:: sh $ pip install jsonschema[format] -Or if you want to install MIT-license compatible dependencies only: +Or if you want to avoid GPL dependencies, a second extra is available: -.. code-block:: sh +.. code:: sh $ pip install jsonschema[format-nongpl] -The non-GPL extra is intended to not install any direct dependencies that are GPL licensed (but that of course end-users should do their own verification). At the moment, it supports all the available checkers except for ``iri`` and ``iri-reference``. +.. warning:: + + It is your own responsibility ultimately to ensure you are license-compliant, so you should be double checking your own dependencies if you rely on this extra. + The more specific list of formats along with any additional dependencies they have is shown below. .. warning:: diff --git a/tox.ini b/tox.ini index 0d59f234..fb815f13 100644 --- a/tox.ini +++ b/tox.ini @@ -1,7 +1,7 @@ [tox] envlist = py{37,38,39,310,311,py3}-{noextra,format,formatnongpl}-{build,tests} - audit + {noextra,format,formatnongpl}-audit readme secrets style @@ -26,6 +26,11 @@ commands = format,perf,perfsuite: {envpython} -m pip install --disable-pip-version-check '{toxinidir}[format]' formatnongpl: {envpython} -m pip install --disable-pip-version-check '{toxinidir}[format-nongpl]' + audit: {envpython} -m pip_audit + audit-formatnongpl: {envpython} -m piplicenses {posargs} --ignore-packages pip-requirements-parser pip_audit pip-api --allow-only="Apache Software License;ISC License (ISCL);MIT License;BSD License;Mozilla Public License 2.0 (MPL 2.0)" + + build: {envpython} -m build {toxinidir} --outdir {envtmpdir}/dist + # Ignore the deprecation warning until pypa/setuptools#3276 is released tests,coverage,codecov: {envpython} -Werror -W"ignore:module 'sre_constants' is deprecated:DeprecationWarning" -m {env:MAYBE_COVERAGE:} twisted.trial {posargs:jsonschema} tests: {envpython} -m doctest {toxinidir}/README.rst @@ -37,9 +42,10 @@ commands = perf: {envpython} {toxinidir}/jsonschema/benchmarks/issue232.py --inherit-environ JSON_SCHEMA_TEST_SUITE {posargs:--output {envtmpdir}/bench-issue232.json} perfsuite: {envpython} {toxinidir}/jsonschema/benchmarks/json_schema_test_suite.py --inherit-environ JSON_SCHEMA_TEST_SUITE {posargs:--output {envtmpdir}/bench-json_schema_test_suite.json} - - build: {envpython} -m build {toxinidir} --outdir {envtmpdir}/dist deps = + audit: pip-audit + audit-formatnongpl: pip-licenses + build: build perf,perfsuite: pyperf @@ -63,12 +69,6 @@ commands = {envpython} -m twine check {envtmpdir}/dist/* {envbindir}/rst2html5.py --halt=warning {toxinidir}/CHANGELOG.rst /dev/null -[testenv:audit] -deps = pip-audit -commands = - {envpython} -m pip install --disable-pip-version-check '{toxinidir}[format]' - {envpython} -m pip_audit - [testenv:secrets] deps = detect-secrets commands = {envbindir}/detect-secrets scan {toxinidir}