Skip to content

Commit 8bfc3fb

Browse files
authored
chore(license): replace cargo-bundle-licenses with dd-rust-license-tool (#1837)
## What does this PR do? Replaces `cargo-bundle-licenses` with `dd-rust-license-tool` for third-party license tracking. This is the official Datadog tool for this purpose, already used by `datadog-lambda-extension` and other Datadog Rust projects. ## Motivation The current `LICENSE-3rdparty.yml` file is 53,656 lines (4.8 MB) because `cargo-bundle-licenses` embeds full license texts for every dependency. This causes: - **Frequent merge conflicts** on the first line (`root_name`) and throughout the file whenever dependencies change - **Complex CI pipeline** requiring `sed` path normalization and manual `diff` to validate - **Large diffs** that obscure actual code changes in PRs `dd-rust-license-tool` generates a CSV with one line per dependency (component, origin, license SPDX ID, copyright), producing a 556-line (60 KB) file. | | Before | After | |---|---|---| | Tool | `cargo-bundle-licenses` | `dd-rust-license-tool` | | Format | YAML (full license texts) | CSV (SPDX IDs only) | | File size | 4.8 MB (53,656 lines) | 60 KB (556 lines) | | CI check | `cargo bundle-licenses` + `sed` + `diff` | `dd-rust-license-tool check` | | Path normalization | Required (`sed` to handle registry path differences) | Not needed | | Merge conflict risk | High | Low | ## Changes - `LICENSE-3rdparty.yml` removed - `LICENSE-3rdparty.csv` added (generated by `dd-rust-license-tool write`) - `license-tool.toml` added with overrides for 4 crates missing metadata (`crunchy`, `value-bag-sval2`, `value-bag-serde1`, `stringmetrics`) - `.github/workflows/lint.yml` simplified: replaced the `cargo-bundle-licenses` + sed + diff pipeline with `dd-rust-license-tool check` - `scripts/update_license_3rdparty.sh` updated to use `dd-rust-license-tool write` ## How to test the change? ``` cargo install dd-rust-license-tool dd-rust-license-tool check ``` To regenerate after dependency changes: ``` dd-rust-license-tool write # or ./scripts/update_license_3rdparty.sh ``` Co-authored-by: jordan.gonzalez <jordan.gonzalez@datadoghq.com>
1 parent 02d95c0 commit 8bfc3fb

7 files changed

Lines changed: 576 additions & 53715 deletions

File tree

.github/CODEOWNERS

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,6 +58,7 @@ libdd-trace-protobuf @DataDog/serverless @DataDog/libdatadog-apm
5858
libdd-trace-stats @DataDog/apm-common-components-core
5959
libdd-trace-utils @DataDog/serverless @DataDog/libdatadog-apm
6060
LICENSE* @DataDog/libdatadog
61+
license-tool.toml @DataDog/libdatadog
6162
local-linux.Dockerfile @DataDog/libdatadog
6263
NOTICE @DataDog/libdatadog
6364
README.md @DataDog/libdatadog

.github/workflows/lint.yml

Lines changed: 7 additions & 55 deletions
Original file line numberDiff line numberDiff line change
@@ -75,70 +75,22 @@ jobs:
7575
# Exclude symbolizer-ffi from the checks (mostly imported code)
7676
run: '! find . \( -name "*.rs" -o -name "*.c" -o -name "*.sh" \) -not -path "./symbolizer-ffi/*" -not -path "./datadog-ipc/plugins/*" -not -path "./datadog-ipc/tarpc/*" -print0 | xargs -0 licensecheck -c ".*" | grep -v "Apache License 2.0"'
7777

78-
# todo: fix upstream warnings; from the readme:
79-
# The most common cause of missing licenses seems to be workspaces that
80-
# don't include forward their license files. Go to the repo for the
81-
# workspace and copy the relevant files from there.
82-
# A package license may receive a confidence warning stating that
83-
# cargo-bundle-licenses is "unsure" or "semi" confident. This means that
84-
# when the found license was compared to a template license it was found to
85-
# have diverged in more than a few words. You should verify that the licence
86-
# text is in fact correct in these cases.
8778
license-3rdparty:
8879
runs-on: ubuntu-latest
89-
name: "Valid LICENSE-3rdparty.yml"
80+
name: "Valid LICENSE-3rdparty.csv"
9081
steps:
9182
- name: Checkout sources
9283
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # 4.2.2
93-
- run: stat LICENSE-3rdparty.yml
94-
- name: Cache
84+
- name: Cache dd-rust-license-tool
9585
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # 4.2.2
9686
with:
9787
path: |
98-
~/.cargo/registry/
99-
~/.cargo/git/db/
100-
~/.cargo/bin/
88+
~/.cargo/bin/dd-rust-license-tool
10189
~/.cargo/.crates.toml
102-
# cache key contains current version of cargo-bundle-licenses
103-
# when upstream version is updated we can bump the cache key version,
104-
# to cache the latest version of the tool
105-
key: "v1-4.0.0"
106-
# cargo-bundle-licenses v2.0 doesn't understand path differences due to
107-
# sparse vs git index, so force git.
108-
- run: mkdir -p .cargo && printf "[registries.crates-io]\nprotocol = \"git\"\n" > .cargo/config.toml
109-
- run: cargo install --version "4.0.0" cargo-bundle-licenses
110-
- name: "Generate new LICENSE-3rdparty.yml and check against the previous"
111-
env:
112-
CARGO_HOME: "/tmp/dd-cargo"
113-
run: |
114-
# Run cargo bundle-licenses without directly checking against a previous snapshot
115-
cargo bundle-licenses \
116-
--format yaml \
117-
--output /tmp/CI.yaml
118-
119-
# Normalize the paths in both files to ignore registry differences
120-
sed -E 's/(registry\/src\/)[^\/]+/\1normalized_path/g' /tmp/CI.yaml > /tmp/CI_normalized.yaml
121-
sed -E 's/(registry\/src\/)[^\/]+/\1normalized_path/g' LICENSE-3rdparty.yml > /tmp/LICENSE-3rdparty_normalized.yml
122-
123-
# Now perform the diff on the normalized files
124-
if ! diff /tmp/CI_normalized.yaml /tmp/LICENSE-3rdparty_normalized.yml; then
125-
echo "Differences detected (see above). You probably need to manually update the license files. To do so:"
126-
echo "cargo install cargo-bundle-licenses"
127-
echo "./scripts/update_license_3rdparty.sh"
128-
echo "...and push a commit with the result. Also, bonus points if someone automates this, wink wink nudge nudge."
129-
exit 1
130-
fi
131-
132-
echo "No differences found."
133-
134-
135-
- name: export the generated license file on failure
136-
if: failure()
137-
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # 4.6.1
138-
with:
139-
name: LICENSE-3rdparty.yml
140-
path: /tmp/CI.yaml
141-
overwrite: true
90+
~/.cargo/.crates2.json
91+
key: dd-rust-license-tool-1.0.6
92+
- run: cargo install dd-rust-license-tool --version "1.0.6" --locked
93+
- run: dd-rust-license-tool check
14294

14395
codeowners-validator:
14496
runs-on: ubuntu-latest

0 commit comments

Comments
 (0)