[pull] master from erlang:master

[pull]

See Commits and Changes for more details.

---

Created by pull[bot] (v2.0.0-alpha.1)

Can you help keep this open source service alive? 💖 Please sponsor : )

Summary by Sourcery

Updates the CI workflow to use the OSS Review Toolkit (ORT) scanner and reporter for license and copyright detection. The changes include improvements to caching, the introduction of a REUSE tool for license compliance, and modifications to the scanning process to enhance accuracy and efficiency.

CI:

• Updates the CI workflow to use the OSS Review Toolkit (ORT) scanner and reporter for license and copyright detection.
• Improves caching of scan results to reduce redundant scanning.
• Introduces a REUSE tool to improve license compliance.
• Modifies the scanning process to enhance accuracy and efficiency.
• Uses HTTPS instead of SSH for Git cloning.
• Updates the build on FreeBSD to use a newer version of the FreeBSD VM.
• Updates the docker login action to a newer version.
• Updates the actions/checkout action to a newer version.
• Updates the actions/upload-artifact action to a newer version.
• Updates the oss-review-toolkit/ort-ci-github-action action to a newer version.
• Adds a step to overwrite scan results using REUSE.
• Changes the way the scan results are cached and linked.
• Renames the 'Run OSS Review Toolkit reporter' job to 'Run OSS Review Toolkit (upload)'.
• Removes the apache-2.0-or-lgpl-2.1-or-later.LICENSE file.
• Removes the scan-code.escript file.
• Adds a new script ort-scanner.es to handle the scanning process.
• Removes the init.sh file and replaces it with a .profile file.
• Updates the build-base-image action to a newer version.
• Removes the Dockerfile.64-bit file.
• Removes the Dockerfile.ubuntu-base file.

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request introduces significant changes to the build and compliance workflows. It integrates OSS Review Toolkit (ORT) for enhanced license scanning and reporting, updates Docker configurations, and refactors scanning logic into a dedicated script. The changes aim to improve the accuracy and efficiency of license detection and ensure compliance with licensing requirements.

Sequence diagram for OSS Review Toolkit (scanner) with cache

sequenceDiagram
  participant GHA as GitHub Actions
  participant Docker as Docker Container
  participant ORT as OSS Review Toolkit
  participant Cache as Scan Result Cache

  GHA->Docker: Run ORT scanner with cache
  alt Cache exists
    Docker->ORT: Initialize scan result from analyzer result
    ORT->ORT: Restore license results from cache
    ORT->ORT: Scan with ScanCode
  else Cache does not exist
    Docker->ORT: Initialize scan result from analyzer result
    ORT->ORT: Scan with ScanCode
  end
  ORT->ORT: Overwrite scan results using reuse
  ORT->Cache: Copy scan results to cache
  GHA->GHA: Upload scan results

Loading

File-Level Changes

Change	Details	Files
Updates the GitHub Actions workflow to use HTTPS for Git cloning and integrates OSS Review Toolkit (ORT) for license scanning and reporting.	Configures Git to use HTTPS instead of SSH for cloning. Adds a job to build a Docker image with ScanCode Toolkit and reuse. Restores scan results from cache if available. Runs OSS Review Toolkit (scanner) to identify licenses. Uploads scan results as artifacts. Copies scan results to cache and links them. Runs OSS Review Toolkit (reporter) to generate reports. Uploads SPDX SBOM results as artifacts. Runs OSS Review Toolkit (upload) to upload the report. Overwrites scan results using reuse.	.github/workflows/main.yaml
Introduces a new script ort-scanner.es to handle ORT scanning logic, including initialization, cache restoration, and scanning with different tools.	Implements init command to create a scan-result from an analyze-result. Implements restore-cache command to restore license results from an old scan-result.json file. Implements scan command to update a scan-result.json file using 'scancode' or 'reuse'. Adds logic to deduplicate scan results. Adds logic to replace certain predefined mappings to NOASSERTION.	.github/scripts/ort-scanner.es
Modifies the otp-compliance.es script to improve SBOM generation and handle scan results more effectively.	Formats the SPDX SBOM file using json:format for better readability. Updates the scan_results function to handle multiple scan results and merge their summaries. Adds logic to handle multiple scan results and merge their summaries.	.github/scripts/otp-compliance.es
Replaces init.sh with .profile in the Dockerfiles to set up the environment for OTP builds.	Replaces init.sh with .profile. Adds a line to export the path to the user's local bin directory.	.github/dockerfiles/.profile
Updates the build-base-image action to use a newer version of the docker/login-action and modifies caching.	Updates the docker/login-action to v3.4.0. Updates the cache key for the base image.	.github/actions/build-base-image/action.yaml
Updates the update-base.yaml workflow to use a newer version of the docker/login-action.	Updates the docker/login-action to v3.4.0.	.github/workflows/update-base.yaml
Updates the path to the scan code script in .ort.yml.	Changes the path from scripts/scan-code.escript to .github/scripts/ort-scanner.es.	.ort.yml
Removes unused files.	Removes apache-2.0-or-lgpl-2.1-or-later.LICENSE. Removes scan-code.escript. Removes Dockerfile.64-bit. Removes Dockerfile.ubuntu-base.	scripts/licensedetection/licenses/apache-2.0-or-lgpl-2.1-or-later.LICENSE scripts/scan-code.escript .github/dockerfiles/Dockerfile.64-bit .github/dockerfiles/Dockerfile.ubuntu-base

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!
• Generate a plan of action for an issue: Comment @sourcery-ai plan on
  an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.