Comments (8)
Yes, that would be nice to support natively.
from cavil.
This will become a problem if we start creating containers with Dockerfile for SLE / LEO
from cavil.
A few links to (reasonably diverse) samples would be very helpful to estimate the effort required to implement it.
from cavil.
Most images are in openSUSE:Factory
and are called -image
or -container
. Here's a list of all currently successfully building Dockerfile images in oS:F: https://build.opensuse.org/project/monitor/openSUSE:Factory?defaults=0&succeeded=1&arch_i586=1&&arch_x86_64=1&repo_containerfile=1
From a content point of view, there's no real difference to kiwi builds.
The included license statements and license files are solely for the content provided by the image description (including tarballs), but not any of the packages it installs during build or the base layers. Currently there is only a standard to express the license of the container as a whole (the org.opencontainers.image.licenses
annotation).
from cavil.
The devel:kubic:containers project contains lots of samples for Docker and Kiwi. Helm charts are more of a problem, since they don't have license metadata fields yet, just a bundled LICENSE
file.
from cavil.
since they don't have license metadata fields yet, just a bundled LICENSE file.
Neither do Dockerfile
s. For KIWI descriptions it's currently optional and most don't specify it.
from cavil.
since they don't have license metadata fields yet, just a bundled LICENSE file.
Neither do
Dockerfile
s. For KIWI descriptions it's currently optional and most don't specify it.
True, the convention to use # SPDX-License-Identifier: BSD-3-Clause
comments does exist though. Even if in practice it is mostly missing.
from cavil.
The feature has been added. Cavil can now handle *.Dockerfile
, *.kiwi
and Chart.yaml
. Since Helm charts don't have a convention for including an SPDX expression, we also scan for # SPDX-License-Identifier: ...
comments there.
from cavil.
Related Issues (20)
- One click UI for creating new patterns
- Make priorities more visible for open reviews HOT 1
- Position dropdown menu for managing patterns dynamically
- Ignore snippet everywhere does not work
- Full test coverage for the main review process HOT 1
- Optimize daily cleanup
- decline requests if they report an "Error" HOT 3
- Files with extremely long lines of text HOT 2
- Add UI for removing globs again
- Inconsistent risk assessments
- Inconsistent patterns without license HOT 2
- Support LicenseRef- prefix in specfiles HOT 1
- Inconsistent license capitalisation
- Bring back ordering for ui tables
- RFE: Speeding up license correction HOT 2
- LegalDB report should use license definitions acceptable by obs-service-format_spec_file HOT 2
- Flagging changes authored by AI HOT 1
- Review correction ui
- UI for reviewing ML classification HOT 1
- Encoding error when generating SPDX reports
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cavil.