From 86572557d544a826766a9459ef99914628bee00a Mon Sep 17 00:00:00 2001 From: Tester Date: Mon, 13 Jul 2026 03:06:57 +0200 Subject: [PATCH] build(license): exclude .gitignore from RAT instead of stamping a header (#846/#847 reversal) Reverse the approach from #846/#847. Rather than stamping the full ASF header into every tracked .gitignore and forcing RAT to scan them, treat .gitignore as hash-comment config with no downstream licensing significance and exclude it from the RAT check. - Strip the ASF header from all 9 tracked .gitignore files. - .rat-excludes: add an explicit **/.gitignore + .gitignore exclusion (parsed-scm GIT self-excludes them too; the entry makes it explicit). - .github/workflows/rat.yml: drop `--input-include '**/.gitignore'`; the ignore files are no longer force-included, so the default exclusion holds. - tools/dev/add-license-headers.py: revert to Markdown-only (drop ASF_HEADER_HASH, the .gitignore stamping branch, and .gitignore from --all's tracked targets). - .pre-commit-config.yaml: hook `files:` back to `\.md$`, name/comment back to Markdown-only. --- .apache-magpie-overrides/.gitignore | 17 ---- .github/workflows/rat.yml | 11 +-- .gitignore | 17 ---- .pre-commit-config.yaml | 32 ++++--- .rat-excludes | 6 ++ projects/_template/.gitignore | 17 ---- .../generate-cve-json/.gitignore | 17 ---- tools/cve-tool-vulnogram/oauth-api/.gitignore | 17 ---- tools/dev/add-license-headers.py | 85 ++++--------------- tools/egress-gateway/.gitignore | 17 ---- tools/gmail/oauth-draft/.gitignore | 17 ---- tools/privacy-llm/checker/.gitignore | 17 ---- tools/privacy-llm/redactor/.gitignore | 17 ---- 13 files changed, 43 insertions(+), 244 deletions(-) diff --git a/.apache-magpie-overrides/.gitignore b/.apache-magpie-overrides/.gitignore index 45679047..f8b5a31a 100644 --- a/.apache-magpie-overrides/.gitignore +++ b/.apache-magpie-overrides/.gitignore @@ -1,18 +1 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - user.md diff --git a/.github/workflows/rat.yml b/.github/workflows/rat.yml index 6b987ff1..d4137a6c 100644 --- a/.github/workflows/rat.yml +++ b/.github/workflows/rat.yml @@ -75,12 +75,10 @@ jobs: # off the report so contributors get the offending file list, not a # Java stack trace. --input-exclude-parsed-scm GIT honours # .gitignore; --input-exclude-std GIT/HIDDEN_DIR skips VCS metadata. - # --input-include '**/.gitignore' overrides those exclusions for the - # tracked .gitignore files themselves (parsed-scm GIT otherwise - # self-excludes the ignore files), so RAT enforces the ASF header - # that tools/dev/add-license-headers.py stamps into them. (.git/ is - # still skipped as a hidden dir; .apache-magpie-overrides/.gitignore - # stays excluded under its hidden dir.) + # Tracked .gitignore files carry no licence header — they are + # hash-comment config with no downstream licensing significance — + # and are excluded via `.rat-excludes` (parsed-scm GIT also + # self-excludes the ignore files). jar="${RUNNER_TEMP}/apache-rat-${RAT_VERSION}/apache-rat-${RAT_VERSION}.jar" report="${RUNNER_TEMP}/rat-report.txt" stderr_log="${RUNNER_TEMP}/rat-stderr.log" @@ -88,7 +86,6 @@ jobs: --input-exclude-std GIT HIDDEN_DIR \ --input-exclude-parsed-scm GIT \ --input-exclude-file .rat-excludes \ - --input-include '**/.gitignore' \ --output-style unapproved-licenses \ --output-file "${report}" \ . 2>"${stderr_log}" && rc=0 || rc=$? diff --git a/.gitignore b/.gitignore index 9a764a9e..0d56254f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,20 +1,3 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - /.idea/ /.vscode/ *.iml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9c73124b..afd7f14f 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -63,28 +63,26 @@ repos: args: - "--maxlevel" - "3" - # Stamp an approved Apache-2.0 licence header into Markdown and .gitignore - # files so the Apache RAT licence check (.github/workflows/rat.yml) — and - # any reviewer — sees an approved header on every one. Markdown and - # .gitignore carry no comment header by convention, so RAT would otherwise - # flag (or silently skip) them. Plain Markdown gets an HTML-comment header - # on line 1; files with YAML front matter get a `# SPDX-License-Identifier` - # comment as the first line *inside* the front matter, so line 1 stays - # `---` and no new key is introduced for a front-matter validator to - # reject; .gitignore gets the full ASF header as `#` comments (the block - # .gitattributes carries), matching the convention that hash-comment - # config files carry the full header. The hook fixes files in place and - # fails the commit when it changes one (the end-of-file-fixer convention), - # so the contributor re-stages the now-stamped file. The `exclude` mirrors - # `.rat-excludes`: the third-party-licence detection fixtures deliberately - # contain non-Apache licence text and must not be stamped Apache-2.0. + # Stamp an SPDX Apache-2.0 licence identifier into Markdown files so the + # Apache RAT licence check (.github/workflows/rat.yml) sees an approved + # header on every scanned file. Markdown carries no comment header by + # convention, so RAT would otherwise flag it as unapproved. Plain + # Markdown gets an HTML-comment header on line 1; files with YAML front + # matter get a `# SPDX-License-Identifier` comment as the first line + # *inside* the front matter, so line 1 stays `---` and no new key is + # introduced for a front-matter validator to reject. The hook fixes files + # in place and fails the commit when it changes one (the end-of-file-fixer + # convention), so the contributor re-stages the now-stamped file. The + # `exclude` mirrors `.rat-excludes`: the third-party-licence detection + # fixtures deliberately contain non-Apache licence text and must not be + # stamped Apache-2.0. - repo: local hooks: - id: add-license-headers - name: Stamp Apache licence header into Markdown and .gitignore + name: Stamp SPDX licence header into Markdown language: system entry: tools/dev/add-license-headers.py - files: (\.md|(^|/)\.gitignore)$ + files: \.md$ exclude: ^tools/skill-evals/evals/pr-management-code-review/step-4-third-party-license/fixtures/.*$ - repo: https://github.com/pre-commit/pre-commit-hooks rev: v6.0.0 diff --git a/.rat-excludes b/.rat-excludes index a9332b1d..4bd83c34 100644 --- a/.rat-excludes +++ b/.rat-excludes @@ -31,6 +31,12 @@ # Python bytecode caches (untracked; present only in local runs) **/__pycache__/** +# Git ignore files — hash-comment config with no downstream licensing +# significance; carry no licence header. (parsed-scm GIT self-excludes +# these too; listed here to make the exclusion explicit.) +**/.gitignore +.gitignore + # Empty package markers **/__init__.py diff --git a/projects/_template/.gitignore b/projects/_template/.gitignore index 42bece26..e8a8fdc8 100644 --- a/projects/_template/.gitignore +++ b/projects/_template/.gitignore @@ -1,20 +1,3 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - # Reassessment / reproducer campaign evidence packages are # local-only working material: description.md and issue.json are # verbatim, unredacted copies of the reporter's issue body and every diff --git a/tools/cve-tool-vulnogram/generate-cve-json/.gitignore b/tools/cve-tool-vulnogram/generate-cve-json/.gitignore index 1ab31ccb..8cae406d 100644 --- a/tools/cve-tool-vulnogram/generate-cve-json/.gitignore +++ b/tools/cve-tool-vulnogram/generate-cve-json/.gitignore @@ -1,20 +1,3 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - __pycache__/ *.py[cod] .venv/ diff --git a/tools/cve-tool-vulnogram/oauth-api/.gitignore b/tools/cve-tool-vulnogram/oauth-api/.gitignore index 626cd65e..2dfb1cfd 100644 --- a/tools/cve-tool-vulnogram/oauth-api/.gitignore +++ b/tools/cve-tool-vulnogram/oauth-api/.gitignore @@ -1,20 +1,3 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - __pycache__/ .mypy_cache/ .ruff_cache/ diff --git a/tools/dev/add-license-headers.py b/tools/dev/add-license-headers.py index 3a2f12ce..cf1bf40f 100755 --- a/tools/dev/add-license-headers.py +++ b/tools/dev/add-license-headers.py @@ -15,29 +15,16 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. -"""Insert an Apache-2.0 licence header into Markdown and `.gitignore` files. +"""Insert an SPDX Apache-2.0 licence header into Markdown files. Apache RAT (see `.github/workflows/rat.yml`) requires every scanned file to carry an approved licence header. Markdown carries no comment header by convention, so this script stamps an SPDX identifier and the licence URL -that RAT recognises as an approved licence. `.gitignore` files are -hash-comment config, so they get the full ASF header (the same block -`.gitattributes` and `.pre-commit-config.yaml` carry) — matching the -project convention that source/config files carry the full header while -Markdown carries the SPDX identifier. +that RAT recognises as an approved licence. -Placements, chosen per file so the stamp never breaks downstream +Two placements, chosen per file so the stamp never breaks downstream parsers: -* **`.gitignore`** — the full ASF licence header as `#` comment lines, - prepended before the ignore patterns (a leading comment block is inert - to git's ignore parser):: - - # Licensed to the Apache Software Foundation (ASF) under one - # ... (full ASF header) ... - # under the License. - - * **Plain Markdown** — a two-line HTML comment on the first line::