Stuff

Author: garazdawi

.github/scripts/ort-scanner.es

@@ -150,6 +150,7 @@ init(#{ input := AnalyzerResult, path := GitRepo } = Args) ->
           ~"end_time" => rfctime(),
           ~"environment" => maps:get(~"environment", maps:get(~"analyzer", Analyzer)),
           ~"provenances" => [ Provenance ],
+          ~"scan_results" => [],
           ~"scanners" => #{ Id => [] },
           ~"files" => [#{ ~"provenance" => PP,
                           ~"files" => FilesSha1Sum}]
@@ -231,8 +232,26 @@ scan(#{ input := InputScanResult, strategy := Strategy, tool := Tool, path := Pa
     #{ ~"scan_results" := ScanResults, ~"scanners" := Scanners } = InputScanner,
 
     Area = setup_scan_area(InputScanner, Path, Strategy),
+
+    Mappings = maps:get(~"detected_license_mapping", maps:get(~"config", InputScanner, #{}),
+                        #{ ~"LicenseRef-scancode-agpl-generic-additional-terms" => ~"NOASSERTION",
+                           ~"LicenseRef-scancode-free-unknown" => ~"NOASSERTION",
+                           ~"LicenseRef-scancode-generic-cla" => ~"NOASSERTION",
+                           ~"LicenseRef-scancode-generic-exception" => ~"NOASSERTION",
+                           ~"LicenseRef-scancode-generic-export-compliance" => ~"NOASSERTION",
+                           ~"LicenseRef-scancode-generic-tos" => ~"NOASSERTION",
+                           ~"LicenseRef-scancode-generic-trademark" => ~"NOASSERTION",
+                           ~"LicenseRef-scancode-gpl-generic-additional-terms" => ~"NOASSERTION",
+                           ~"LicenseRef-scancode-other-copyleft" => ~"NOASSERTION",
+                           ~"LicenseRef-scancode-other-permissive" => ~"NOASSERTION",
+                           ~"LicenseRef-scancode-patent-disclaimer" => ~"NOASSERTION",
+                           ~"LicenseRef-scancode-unknown" => ~"NOASSERTION",
+                           ~"LicenseRef-scancode-unknown-license-reference" => ~"NOASSERTION",
+                           ~"LicenseRef-scancode-unknown-spdx" => ~"NOASSERTION",
+                           ~"LicenseRef-scancode-warranty-disclaimer" => ~"NOASSERTION"}),
+
     #{ ~"scanner" := #{ ~"name" := ScannerName }} = NewScanResult =
-        scan_area(Area, InputProvenance, Tool),
+        scan_area(Area, InputProvenance, Mappings, Tool),
 
     NewScanners = #{ K => lists:usort([ScannerName | V]) || K := V <- Scanners},
 
@@ -280,7 +299,7 @@ setup_scan_area(Scanner, GitPath, Strategy) ->
 
     TmpDir.
 
-scan_area(Area, Provenance, "reuse") ->
+scan_area(Area, Provenance, _Mappings, "reuse") ->
     have_tools(["reuse"]),
     StartTime = rfctime(),
     Cmd = "cd " ++ Area ++ " && reuse lint -j",
@@ -317,7 +336,7 @@ scan_area(Area, Provenance, "reuse") ->
               ~"licenses" => LS
             }
      };
-scan_area(Area, Provenance, "scancode") ->
+scan_area(Area, Provenance, Mappings, "scancode") ->
     have_tools(["scancode"]),
     StartTime = rfctime(),
     ScancodeResultFile = filename:join(Area,"scancode.json"),
@@ -326,8 +345,8 @@ scan_area(Area, Provenance, "scancode") ->
     io:format("Running: ~ts~n", [Cmd]),
     cmd(Cmd),
     ScancodeJson = decode(ScancodeResultFile),
-    #{ ~"headers" := [#{ ~"tool_version" := Vsn }] } = ScancodeJson,  
-    NewScanResults = get_new_results(ScancodeJson, Area, []),
+    #{ ~"headers" := [#{ ~"tool_version" := Vsn }] } = ScancodeJson,
+    NewScanResults = get_new_results(ScancodeJson, Area, Mappings),
 
     CS = [R || R = #{ ~"statement" := _ } <- NewScanResults],
     LS = [R || R = #{ ~"license" := _ } <- NewScanResults],
@@ -344,8 +363,8 @@ scan_area(Area, Provenance, "scancode") ->
      }.
 
 %% Dig deep into the scancode result and fetch all license and copyright data from it.
-get_new_results(#{ ~"files" := Files }, Mappings, Area) ->
-        lists:flatmap(fun(File) -> get_new_results(File, Mappings, Area) end, Files);
+get_new_results(#{ ~"files" := Files }, Area, Mappings) ->
+        lists:flatmap(fun(File) -> get_new_results(File, Area, Mappings) end, Files);
 get_new_results(#{ ~"type" :=  ~"file", ~"path" := Path,
                    ~"license_detections" := Licenses,
                    ~"copyrights" := Copyrights

.github/workflows/main.yaml

@@ -866,7 +866,7 @@ jobs:
         uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # ratchet:actions/[email protected]
         with:
           name: ort-no-reuse-sbom
-          path: $HOME/.ort/ort-results/bom.spdx.json
+          path: /home/runner/.ort/ort-results/bom.spdx.json
 
   ## If this is an "OTP-*" tag that has been pushed we do some release work
   release: