Merge pull request #263 from rajuljha/chore/report/week7

shaheemazmalmmd · web-flow · commit 03ccf95dd95a · 2024-07-18T15:27:05.000+05:30
chore(report): Add week 7 report for CI Scanner project

Reviewed-by: shaheem.azmal@siemens.com
diff --git a/docs/2024/ci-scanner/updates/2024-07-18.md b/docs/2024/ci-scanner/updates/2024-07-18.md
@@ -0,0 +1,100 @@
+---
+title: Week 7
+author: Rajul Jha
+tags: [gsoc24, CI]
+---
+<!--
+SPDX-License-Identifier: CC-BY-SA-4.0
+
+SPDX-FileCopyrightText: 2024 Rajul Jha <rajuljha49gmail.com>
+-->
+
+# Week 7
+*(July, 12 2024 - July 18, 2024)*
+
+## Meeting 1
+*(July 17, 2024)*
+
+## Attendees
+
+* [Rajul Jha](https://github.com/rajuljha)
+* [Shaheem Azmal](https://github.com/shaheemazmalmmd)
+* [Kaushlendra](https://github.com/Kaushl2208)
+* [Avinal Kumar](https://github.com/avinal)
+
+## Discussions
+
+* Discussed the work done on the Fossology Github Action [#PR1](https://github.com/fossology/fossology-action/pull/1) with the mentors.
+* Discussed some issues that were encountered during the testing of [#PR2784](https://github.com/fossology/fossology/pull/2784) by [Kaushal](https://github.com/Kaushl2208)
+* Had a brief discussion on how to improve the examples that are given in the Github workflow file.
+* [Shaheem](https://github.com/shaheemazmalmmd) mentioned I should also start working on the documentation part for the Wiki.
+* Had a fun discussion about what to name the new repository.😁
+
+## Work Done
+
+* Completed the initial work on Fossology Action repository and sent out a [#PR1](https://github.com/fossology/fossology-action/pull/1) for the same.
+* The new Github Action allows the users to scan using the fossology scanners ( `nomos`, `ojo` and `copyright` ) inside their Github Actions workflows in just a few lines of configuration.
+
+```yaml
+name: License scan on PR
+on: [pull_request]
+jobs:
+  compliance_check:
+    runs-on: ubuntu-latest
+    name: Perform license scan
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+
+    - name: License check
+      id: compliance
+      uses: fossology/fossology-action@v1
+      with:
+        scan_mode: ''
+        scanners: 'nomos ojo'
+        report_format: 'SPDX_JSON'
+
+```
+
+* User can scan in various scanning modes like `diff`, `repo` and `differential`.
+* User can retrieve the scan results report as an artifact in Github Actions in various formats like `SPDX_JSON`, `SPDX_YAML`, `SPDX_RDF` and `SPDX_TAG_VALUE` by passing the format as an input with the action.
+* The action also allows the user to pass various custom parameters like passing their own `keyword.conf` or `allowlist.json` file.
+
+```yaml
+scan_mode:
+  description: "Specifies whether to perform diff scans, repo scans, or differential scans. Leave blank for diff scans."
+  required: false
+  default: ""
+scanners:
+  description: "Space-separated list of scanners to invoke."
+  required: true
+  default: "nomos ojo copyright keyword"
+report_format:
+  description: "Report format (SPDX_JSON,SPDX_RDF,SPDX_YAML,SPDX_TAG_VALUE) to print the results in."
+  required: false
+  default: ""
+keyword_conf_file_path:
+  description: "Path to custom keyword.conf file. (Use only with keyword scanner set to True)"
+  required: false
+  default: ""
+allowlist_file_path:
+  description: "Path to allowlist.json file."
+  required: false
+  default: ""
+from_tag:
+  description: "Starting tag to scan from. (Use only with differential mode)"
+  required: false
+  default: ""
+to_tag:
+  description: "Ending tag to scan to. (Use only with differential mode)"
+  required: false
+  default: ""
+```
+
+* Fixed some of the bugs in the previous PR's before they were merged.
+* Got a review from [Gaurav](https://github.com/GMishx) to reduce code duplication at some places and try to maintain backward compatibility in the code.
+
+## Planning for next week
+* Refactor the code in the previous PR's to reduce code duplication (following the DRY principle) and better function handling.
+* Try to complete the line number part for the scanner parts as well.
+* Research about the next step for allowing the users to download scanned dependencies.
