Add report for 3rd party dependencies

Author: swallez

.ci/make.sh

@@ -137,7 +137,6 @@ output_mount="-v $repo/.ci/output:/elasticsearch-java/build"
 build_image() {
   echo -e "\033[34;1mINFO: building $product container\033[0m"
 
-
   docker build --file .ci/Dockerfile --tag $docker_image \
     --build-arg USER_ID="$(id -u)" \
     --build-arg GROUP_ID="$(id -g)" .
@@ -155,6 +154,7 @@ if [[ "$CMD" == "assemble" ]]; then
     publishForReleaseManager
 
 	if compgen -G ".ci/output/release/*" > /dev/null; then
+	  cp .ci/output/release/dependencies.csv "$DEPENDENCIES_REPORTS_DIR"/"$DEPENDENCIES_REPORT"
 		echo -e "\033[32;1mTARGET: successfully assembled client version $VERSION\033[0m"
 	else
 		echo -e "\033[31;1mTARGET: assemble failed, empty workspace!\033[0m"

build.gradle.kts

@@ -53,7 +53,10 @@ tasks.register<Task>(name = "resolveDependencies") {
 tasks.register<Task>(name = "publishForReleaseManager") {
     group = "Publishing"
     description = "Publishes artifacts in a format suitable for the Elastic release manager"
-    dependsOn(":java-client:publishAllPublicationsToBuildRepository")
+    dependsOn(
+        ":java-client:publishAllPublicationsToBuildRepository",
+        ":java-client:generateLicenseReport"
+    )
     doLast {
         val version = this.project.version.toString()
         val isSnapshot = version.endsWith("SNAPSHOT")

java-client/build.gradle.kts

@@ -17,12 +17,15 @@
  * under the License.
  */
 
-import java.time.ZoneOffset
+import com.github.jk1.license.ProjectData
+import com.github.jk1.license.render.ReportRenderer
+import java.io.FileWriter
 
 plugins {
     java
     checkstyle
     `maven-publish`
+    id("com.github.jk1.dependency-license-report") version "1.17"
 }
 
 java {
@@ -144,3 +147,55 @@ dependencies {
     testImplementation("org.testcontainers", "testcontainers", "1.15.3")
     testImplementation("org.testcontainers", "elasticsearch", "1.15.3")
 }
+
+
+licenseReport {
+    renderers = arrayOf(SpdxReporter(File(rootProject.buildDir, "release/dependencies.csv")))
+    excludeGroups = arrayOf("org.elasticsearch.client")
+}
+
+class SpdxReporter(val dest: File) : ReportRenderer {
+    // License names to their SPDX identifier
+    val spdxIds = mapOf(
+        "Apache License, Version 2.0" to "Apache-2.0",
+        "The Apache Software License, Version 2.0" to "Apache-2.0",
+        "BSD Zero Clause License" to "0BSD",
+        "Eclipse Public License 2.0" to "EPL-2.0",
+        "Eclipse Public License v. 2.0" to "EPL-2.0",
+        "GNU General Public License, version 2 with the GNU Classpath Exception" to "GPL-2.0 WITH Classpath-exception-2.0",
+        "COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0" to "CDDL-1.0"
+    )
+
+    private fun quote(str: String) : String {
+        return if (str.contains(',') || str.contains("\"")) {
+            "\"" + str.replace("\"", "\"\"") + "\""
+        } else {
+            str
+        }
+    }
+
+    override fun render(data: ProjectData?) {
+        dest.parentFile.mkdirs()
+        FileWriter(dest).use { out ->
+            out.append("name,url,version,revision,license\n")
+            data?.allDependencies?.forEach { dep ->
+                val info = com.github.jk1.license.render.LicenseDataCollector.multiModuleLicenseInfo(dep)
+
+                val depVersion = dep.version
+                val depName = dep.group + ":" + dep.name
+                val depUrl = info.moduleUrls.first()
+
+                val licenseIds = info.licenses.mapNotNull { license ->
+                    license.name?.let {
+                        checkNotNull(spdxIds[it]) { "No SPDX identifier for $license" }
+                    }
+                }.toSet()
+
+                // Combine multiple licenses.
+                // See https://spdx.github.io/spdx-spec/appendix-IV-SPDX-license-expressions/#composite-license-expressions
+                val licenseId = licenseIds.joinToString(" OR ")
+                out.append("${quote(depName)},${quote(depUrl)},${quote(depVersion)},,${quote(licenseId)}\n")
+            }
+        }
+    }
+}