eclipse-ipa 0.1.0

Tool to perform IP Analysis for GitHub and GitLab repositories.

Eclipse IP Analysis

About

Eclipse IP Analysis (IPA) enables seamless third-party dependency analysis in GitLab and GitHub repositories and groups/organizations using the Eclipse Dash License Tool. As default output, it generates a comprehensive HTML report with the results.

List of currently supported programming languages: Go, Java (Maven and Gradle), JavaScript (NPM and Yarn), TypeScript (NPM and Yarn), Kotlin (Gradle), Python.

Getting Started

Base Requirements

To run the tool, you must install the base requirements described below.

• Python >=3.9: check your Python version with the command python3 --version. Also, check that you have the Python Package Manager (pip) installed. Similar to Python, you can run pip3 --version. The resulting line should contain your version of Python at its end. If pip is not installed, official documentation can be followed here.

• Java JDK 11 or above: the latest version can be safely installed. Check that Java is installed and what's the current version by running the command java --version.

• Apache Maven: the latest version can be safely installed. Check that Maven is installed and what's the current version by running the command mvn --version.

• Git CLI: the latest version can be safely installed. Check that Git is installed and what's the current version by running the command git --version.

Install

pip3 install eclipse-ipa

Build from Source (Optional)

• Clone this repository using your favorite Git software or the command line. For the command line, please execute:

git clone https://gitlab.eclipse.org/eclipse/technology/dash/ip-analysis.git

• Navigate to the directory of the repository that you just cloned.
• Get Hatch to build the tool (https://hatch.pypa.io/latest/install).
• Build and install the tool:

hatch build

pip3 install dist/eclipse_ipa-0.1.0.tar.gz

(back to top)

Usage

Run the tool with the following command:

eclipse-ipa [-h] [-ci] [-gh] [--gh-token GH_TOKEN] [-gl GITLAB] [--gl-token GL_TOKEN] [-b BRANCH] [-c CONFIG] [-df DEPENDENCIES_FILE] [-e ECLIPSE_PROJECT] [-g GROUP] [-p PROJECT] [-pf PROJECTS_FILE] [-r REVIEW] [-s] [-v]

The command does not require any of its options. However, a minimum set is needed to execute simple IP analysis if a configuration file is not specified.

A summary of the options is given below:

  -h, --help            show this help message and exit
  -ci, --ci_mode        execute in CI mode
  -gh, --github         execute for GitHub
  --gh-token GH_TOKEN   Github access token for API
  -gl GITLAB, --gitlab GITLAB
                        execute for GitLab URL
  --gl-token GL_TOKEN   Gitlab access token for API/IP review
  -b BRANCH, --branch BRANCH
                        branch to analyze
  -c CONFIG, --config CONFIG
                        config file to use
  -df DEPENDENCIES_FILE, --dependencies_file DEPENDENCIES_FILE
                        file with dependency locations to analyze
  -e ECLIPSE_PROJECT, --eclipse_project ECLIPSE_PROJECT
                        execute for Eclipse Project
  -g GROUP, --group GROUP
                        Github Organization/Gitlab Group to analyze
  -p PROJECT, --project PROJECT
                        Github/Gitlab project to analyze
  -pf PROJECTS_FILE, --projects_file PROJECTS_FILE
                        file with projects to analyze
  -r REVIEW, --review REVIEW
                        Eclipse Project ID for IP review
  -s, --summary         output is an Eclipse Dash summary file
  -v, --version         show the version and exit

To start using the tool, you must provide one of the following six options:

1. An Eclipse Project ID (e.g., technology.dash). This is specified with option -e as summarized above.

2. A file with the dependency locations to analyze. Each line should contain the GitHub/GitLab Project ID, the full location path, and the programming language, all separated by semicolons (;). The full path of this file is specified with option -df as summarized above.

Example for a GitHub line:

kubernetes-client/python;requirements.txt;Python

Example for a GitLab line:

eclipse/technology/dash/ip-analysis;requirements.txt;Python

3. A file with the list of GitHub/GitLab Projects to analyze. Each line should contain the GitHub/GitLab project full name. The full path of this file is specified with option -pf as summarized above.

Example for a GitHub line:

kubernetes-client/python

Example for a GitLab line:

eclipse/technology/dash/ip-analysis

4. Your specific GitHub Organization, or your specific GitLab Group. This is specified with option -g as summarized above.

5. Your specific GitHub Project (full name including Organization), or your specific GitLab Project (full name including namespace). This is specified with option -p as summarized above.

6. A configuration file, specified with option -c as summarized above. It allows additional customization, and a sample is provided in the same folder as the tool with the filename config.ini.sample. Parameters within the config file are described in the comments.

Please note that, for GitHub API public access, the API rate limits are very low. It's recommended to provide an access token if such cases.

How the tool works

If a GitHub Organization/GitLab Group or a list of GitHub/GitLab Projects is provided, the tool fetches the programming languages for each project and searches for dependency files for each supported programming language. Once a list of dependency locations is available (user-provided or automatically detected), it runs Eclipse Dash on those dependencies to analyze their IP approval status.

At the end, and by default, the tool outputs a full report in HTML. Any additional details can be found in the log file (ip-analysis.log).

(back to top)

License

This program and the accompanying materials are made available under the terms of the Eclipse Public License 2.0, which is available at http://www.eclipse.org/legal/epl-2.0.

(back to top)