From e27e6090fcad159a8ac6f17bcb86f1022cefca91 Mon Sep 17 00:00:00 2001 From: Tester Date: Sun, 12 Jul 2026 23:28:56 +0200 Subject: [PATCH] build(license): stamp ASF header into .gitignore files + enforce in prek MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The 9 tracked .gitignore files carried no licence header. RAT ignores .gitignore by default, so CI stayed green while they shipped unlicensed — a gap for a source-first ASF project where the archive is the release. Extend the add-license-headers hook (previously Markdown-only) to also stamp .gitignore with the full ASF header — the same `#`-comment block .gitattributes and .pre-commit-config.yaml carry, per the convention that hash-comment config files get the full header while Markdown gets the SPDX identifier. A leading comment block is inert to git's ignore parser. - tools/dev/add-license-headers.py: add ASF_HEADER_HASH; stamp .gitignore with it; recognise the ASF header line for idempotency; --all now covers tracked .gitignore too. - .pre-commit-config.yaml: hook `files:` now matches .gitignore; name and comment updated. - Stamp all 9 existing .gitignore files. Idempotent (re-run is a no-op) and RAT-approved. Note: .py files are already fully licensed (208 full ASF header, 2 SPDX) and enforced by RAT; this change closes the .gitignore gap specifically. --- .apache-magpie-overrides/.gitignore | 17 ++++ .gitignore | 17 ++++ .pre-commit-config.yaml | 32 +++---- projects/_template/.gitignore | 17 ++++ .../generate-cve-json/.gitignore | 17 ++++ tools/cve-tool-vulnogram/oauth-api/.gitignore | 17 ++++ tools/dev/add-license-headers.py | 85 +++++++++++++++---- tools/egress-gateway/.gitignore | 17 ++++ tools/gmail/oauth-draft/.gitignore | 17 ++++ tools/privacy-llm/checker/.gitignore | 17 ++++ tools/privacy-llm/redactor/.gitignore | 17 ++++ 11 files changed, 237 insertions(+), 33 deletions(-) diff --git a/.apache-magpie-overrides/.gitignore b/.apache-magpie-overrides/.gitignore index f8b5a31a..45679047 100644 --- a/.apache-magpie-overrides/.gitignore +++ b/.apache-magpie-overrides/.gitignore @@ -1 +1,18 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + user.md diff --git a/.gitignore b/.gitignore index 0d56254f..9a764a9e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,20 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + /.idea/ /.vscode/ *.iml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index afd7f14f..9c73124b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -63,26 +63,28 @@ repos: args: - "--maxlevel" - "3" - # Stamp an SPDX Apache-2.0 licence identifier into Markdown files so the - # Apache RAT licence check (.github/workflows/rat.yml) sees an approved - # header on every scanned file. Markdown carries no comment header by - # convention, so RAT would otherwise flag it as unapproved. Plain - # Markdown gets an HTML-comment header on line 1; files with YAML front - # matter get a `# SPDX-License-Identifier` comment as the first line - # *inside* the front matter, so line 1 stays `---` and no new key is - # introduced for a front-matter validator to reject. The hook fixes files - # in place and fails the commit when it changes one (the end-of-file-fixer - # convention), so the contributor re-stages the now-stamped file. The - # `exclude` mirrors `.rat-excludes`: the third-party-licence detection - # fixtures deliberately contain non-Apache licence text and must not be - # stamped Apache-2.0. + # Stamp an approved Apache-2.0 licence header into Markdown and .gitignore + # files so the Apache RAT licence check (.github/workflows/rat.yml) — and + # any reviewer — sees an approved header on every one. Markdown and + # .gitignore carry no comment header by convention, so RAT would otherwise + # flag (or silently skip) them. Plain Markdown gets an HTML-comment header + # on line 1; files with YAML front matter get a `# SPDX-License-Identifier` + # comment as the first line *inside* the front matter, so line 1 stays + # `---` and no new key is introduced for a front-matter validator to + # reject; .gitignore gets the full ASF header as `#` comments (the block + # .gitattributes carries), matching the convention that hash-comment + # config files carry the full header. The hook fixes files in place and + # fails the commit when it changes one (the end-of-file-fixer convention), + # so the contributor re-stages the now-stamped file. The `exclude` mirrors + # `.rat-excludes`: the third-party-licence detection fixtures deliberately + # contain non-Apache licence text and must not be stamped Apache-2.0. - repo: local hooks: - id: add-license-headers - name: Stamp SPDX licence header into Markdown + name: Stamp Apache licence header into Markdown and .gitignore language: system entry: tools/dev/add-license-headers.py - files: \.md$ + files: (\.md|(^|/)\.gitignore)$ exclude: ^tools/skill-evals/evals/pr-management-code-review/step-4-third-party-license/fixtures/.*$ - repo: https://github.com/pre-commit/pre-commit-hooks rev: v6.0.0 diff --git a/projects/_template/.gitignore b/projects/_template/.gitignore index e8a8fdc8..42bece26 100644 --- a/projects/_template/.gitignore +++ b/projects/_template/.gitignore @@ -1,3 +1,20 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + # Reassessment / reproducer campaign evidence packages are # local-only working material: description.md and issue.json are # verbatim, unredacted copies of the reporter's issue body and every diff --git a/tools/cve-tool-vulnogram/generate-cve-json/.gitignore b/tools/cve-tool-vulnogram/generate-cve-json/.gitignore index 8cae406d..1ab31ccb 100644 --- a/tools/cve-tool-vulnogram/generate-cve-json/.gitignore +++ b/tools/cve-tool-vulnogram/generate-cve-json/.gitignore @@ -1,3 +1,20 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + __pycache__/ *.py[cod] .venv/ diff --git a/tools/cve-tool-vulnogram/oauth-api/.gitignore b/tools/cve-tool-vulnogram/oauth-api/.gitignore index 2dfb1cfd..626cd65e 100644 --- a/tools/cve-tool-vulnogram/oauth-api/.gitignore +++ b/tools/cve-tool-vulnogram/oauth-api/.gitignore @@ -1,3 +1,20 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + __pycache__/ .mypy_cache/ .ruff_cache/ diff --git a/tools/dev/add-license-headers.py b/tools/dev/add-license-headers.py index cf1bf40f..3a2f12ce 100755 --- a/tools/dev/add-license-headers.py +++ b/tools/dev/add-license-headers.py @@ -15,16 +15,29 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. -"""Insert an SPDX Apache-2.0 licence header into Markdown files. +"""Insert an Apache-2.0 licence header into Markdown and `.gitignore` files. Apache RAT (see `.github/workflows/rat.yml`) requires every scanned file to carry an approved licence header. Markdown carries no comment header by convention, so this script stamps an SPDX identifier and the licence URL -that RAT recognises as an approved licence. +that RAT recognises as an approved licence. `.gitignore` files are +hash-comment config, so they get the full ASF header (the same block +`.gitattributes` and `.pre-commit-config.yaml` carry) — matching the +project convention that source/config files carry the full header while +Markdown carries the SPDX identifier. -Two placements, chosen per file so the stamp never breaks downstream +Placements, chosen per file so the stamp never breaks downstream parsers: +* **`.gitignore`** — the full ASF licence header as `#` comment lines, + prepended before the ignore patterns (a leading comment block is inert + to git's ignore parser):: + + # Licensed to the Apache Software Foundation (ASF) under one + # ... (full ASF header) ... + # under the License. + + * **Plain Markdown** — a two-line HTML comment on the first line::