Skip to content

[chore] add license compliance checker for Conan dependencies #65

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
yangzhg wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[chore] add license compliance checker for Conan dependencies #65

yangzhg wants to merge 1 commit into from

Conversation

@yangzhg
Copy link
Collaborator

@yangzhg yangzhg commented Dec 29, 2025
edited by JinyuanZhang617
Loading

What problem does this PR solve?

Issue Number: close #64

Type of Change

  • πŸ› Bug fix (non-breaking change which fixes an issue)
  • ✨ New feature (non-breaking change which adds functionality)
  • πŸš€ Performance improvement (optimization)
  • ⚠️ Breaking change (fix or feature that would cause existing functionality to change)
  • πŸ”¨ Refactoring (no logic changes)
  • πŸ”§ Build/CI or Infrastructure changes
  • πŸ“ Documentation only

Description

This PR introduces a Python-based tool to ensure our project's dependencies remain compliant with the Apache Software Foundation (ASF) licensing requirements.

Key Changes

  • Dependency Flattening: The script traverses the full Conan dependency graph to ensure no transitive dependencies are missed.
  • License Validation: Checks each dependency against the ASF 3rd Party License Policy.
  • Reporting: Provides a clear console output showing:
    • βœ… Approved licenses (Category A/B).
    • ❌ Prohibited licenses (Category X).
    • ⚠️ Unknown/Missing license metadata.

Performance Impact

  • No Impact: This change does not affect the critical path (e.g., build system, doc, error handling).

  • Positive Impact: I have run benchmarks.

    Click to view Benchmark Results 
    Paste your google-benchmark or TPC-H results here.
Before: 10.5s
After:   8.2s  (+20%)

  • Negative Impact: Explained below (e.g., trade-off for correctness).

Release Note

Please describe the changes in this PR

Release Note:

Release Note:
 [chore]: add license compliance checker for Conan dependencies
    - Implement a script to flatten Conan dependency tree.
    - Add logic to verify dependency licenses against ASF (Apache Software Foundation) compatibility.
    - Generate a summary report of compliant and non-compliant packages.

Checklist (For Author)

  • I have added/updated unit tests (ctest).
  • I have verified the code with local build (Release/Debug).
  • I have run clang-format / linters.
  • (Optional) I have run Sanitizers (ASAN/TSAN) locally for complex C++ changes.
  • No need to test or manual test.

Breaking Changes

  • No

  • Yes (Description: ...)

    Click to view Breaking Changes 
    Breaking Changes:
- Description of the breaking change.
- Possible solutions or workarounds.
- Any other relevant information.

@yangzhg
[chore]: add license compliance checker for Conan dependencies
ff3db82 
- Implement a script to flatten Conan dependency tree.
- Add logic to verify dependency licenses against ASF (Apache Software Foundation) compatibility.
- Generate a summary report of compliant and non-compliant packages.
@yangzhg yangzhg changed the title [chore]: add license compliance checker for Conan dependencies [chore] add license compliance checker for Conan dependencies Dec 30, 2025
@yangzhg yangzhg added build build system & dependency management ci Pipeline & resource management for continuous integration labels Jan 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

build build system & dependency management ci Pipeline & resource management for continuous integration

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Chore] [license] implement Conan dependency license compatibility checker

1 participant

@yangzhg