✨Generate Licensing report summaries (#47)

* generate summary

* Build a summary

added various templates

* trying to make code climate happy

Author: acabarbaye

mbed_tools_ci_scripts/report_third_party_ip.py

@@ -36,6 +36,8 @@ def generate_spdx_reports(output_directory: Path) -> SpdxProject:
     logger.info("Generating SPDX report.")
     project = SpdxProject(CurrentProjectMetadataParser())
     project.generate_tag_value_files(output_directory)
+    logger.info("Generating licensing summary.")
+    project.generate_licensing_summary(output_directory)
     return project
 
 

mbed_tools_ci_scripts/spdx_report/spdx_document.py

@@ -8,17 +8,17 @@
 from spdx.document import Document, License
 from spdx.review import Review
 from spdx.version import Version
-from typing import List
+from typing import List, Optional
 
-from mbed_tools_ci_scripts.spdx_report.spdx_package import SpdxPackage, PackageInfo
 from mbed_tools_ci_scripts.spdx_report.spdx_dependency import DependencySpdxDocumentRef
+from mbed_tools_ci_scripts.spdx_report.spdx_helpers import determine_spdx_value, get_project_namespace
+from mbed_tools_ci_scripts.spdx_report.spdx_package import SpdxPackage, PackageInfo
 from mbed_tools_ci_scripts.utils.configuration import (
     configuration,
     ConfigurationVariable,
 )
 from mbed_tools_ci_scripts.utils.hash_helpers import generate_uuid_based_on_str
 from mbed_tools_ci_scripts.utils.package_helpers import PackageMetadata
-from mbed_tools_ci_scripts.spdx_report.spdx_helpers import determine_spdx_value, get_project_namespace
 
 TOOL_NAME = "mbed-spdx-generator"
 
@@ -45,6 +45,7 @@ def __init__(
         self._is_dependency: bool = is_dependency
         self._other_document_references: List[DependencySpdxDocumentRef] = other_document_refs
         self._document_namespace = document_namespace
+        self._spdx_package: Optional[SpdxPackage] = None
 
     @property
     def document_name(self) -> str:
@@ -188,15 +189,17 @@ def generate_spdx_package(self) -> SpdxPackage:
         Returns:
             corresponding SPDX package.
         """
-        return SpdxPackage(
-            PackageInfo(
-                metadata=self._package_metadata,
-                root_dir=self._project_root,
-                source_dir=self._project_source,
-                uuid=self._project_uuid,
-            ),
-            is_dependency=self._is_dependency,
-        )
+        if not self._spdx_package:
+            self._spdx_package = SpdxPackage(
+                PackageInfo(
+                    metadata=self._package_metadata,
+                    root_dir=self._project_root,
+                    source_dir=self._project_source,
+                    uuid=self._project_uuid,
+                ),
+                is_dependency=self._is_dependency,
+            )
+        return self._spdx_package
 
     def generate_spdx_document(self) -> Document:
         """Generates the SPDX document.

mbed_tools_ci_scripts/spdx_report/spdx_package.py

@@ -87,6 +87,11 @@ def id(self) -> str:
         """
         return self.name if self._is_dependency else self._package_info.uuid
 
+    @property
+    def is_dependency(self) -> bool:
+        """States whether the package is a dependency or not."""
+        return self._is_dependency
+
     @property
     def name(self) -> str:
         """Gets Package's name.

mbed_tools_ci_scripts/spdx_report/spdx_project.py

@@ -14,6 +14,7 @@
 from mbed_tools_ci_scripts.utils.hash_helpers import determine_sha1_hash_of_file
 from mbed_tools_ci_scripts.utils.package_helpers import ProjectMetadataParser
 from mbed_tools_ci_scripts.spdx_report.spdx_helpers import is_package_licence_checked
+from mbed_tools_ci_scripts.spdx_report.spdx_summary import SummaryGenerator
 
 
 class SpdxProject:
@@ -71,10 +72,20 @@ def generate_tag_value_file(dir: Path, spdx_doc: SpdxDocument, filename: str = "
             raise NotADirectoryError(str(dir))
 
         path = dir.joinpath(filename)
-        with open(path, mode="w", encoding="utf-8") as out:
+        with open(str(path), mode="w", encoding="utf-8") as out:
             write_document(spdx_doc.generate_spdx_document(), out)
         return determine_sha1_hash_of_file(path)
 
+    def generate_licensing_summary(self, dir: Path) -> None:
+        """Generates licensing summary into the specified directory.
+
+        Args:
+            dir: output directory
+        """
+        SummaryGenerator(
+            self.main_document.generate_spdx_package(), [d.generate_spdx_package() for d in self.dependency_documents]
+        ).generate_summary(dir)
+
     def generate_tag_value_files(self, dir: Path) -> None:
         """Generates SPDX tag-value files into the specified directory.
 
@@ -102,17 +113,6 @@ def generate_tag_value_files(self, dir: Path) -> None:
         self.main_document.external_refs = externalRefs
         SpdxProject.generate_tag_value_file(dir, self.main_document, f"{self.main_document.name}.spdx")
 
-    @staticmethod
-    def _check_package_licence(package_document: SpdxDocument) -> Tuple[bool, bool, str, str, str]:
-        package = package_document.generate_spdx_package()
-        return (
-            package.is_main_licence_accepted,
-            package.is_licence_accepted,
-            package.name,
-            package.main_licence,
-            package.licence,
-        )
-
     def _report_issues(self, issues: Dict[str, str]) -> None:
         if issues:
             raise ValueError(
@@ -125,7 +125,7 @@ def _report_issues(self, issues: Dict[str, str]) -> None:
             )
 
     def _check_one_licence_compliance(self, spdx_document: SpdxDocument, issues: Dict[str, str]) -> None:
-        main_valid, actual_valid, name, main_licence, actual_licence = SpdxProject._check_package_licence(spdx_document)
+        main_valid, actual_valid, name, main_licence, actual_licence = _check_package_licence(spdx_document)
         if not ((main_valid and actual_valid) or is_package_licence_checked(name)):
             issues[name] = actual_licence if main_valid else main_licence
 
@@ -145,3 +145,14 @@ def check_licence_compliance(self) -> None:
         self._check_package_licence_compliance(issues)
         self._check_package_dependencies_licence_compliance(issues)
         self._report_issues(issues)
+
+
+def _check_package_licence(package_document: SpdxDocument) -> Tuple[bool, bool, str, str, str]:
+    package = package_document.generate_spdx_package()
+    return (
+        package.is_main_licence_accepted,
+        package.is_licence_accepted,
+        package.name,
+        package.main_licence,
+        package.licence,
+    )

mbed_tools_ci_scripts/spdx_report/spdx_summary.py

@@ -0,0 +1,123 @@
+"""Summary generators."""
+import datetime
+import jinja2
+import logging
+import os
+from pathlib import Path
+from typing import List, Tuple, Optional, Dict, Any
+
+from mbed_tools_ci_scripts.spdx_report.spdx_helpers import is_package_licence_checked
+from mbed_tools_ci_scripts.spdx_report.spdx_package import SpdxPackage
+
+JINJA_TEMPLATE_SUMMARY_HTML = "third_party_IP_report.html.jinja2"
+JINJA_TEMPLATE_SUMMARY_CSV = "third_party_IP_report.csv.jinja2"
+JINJA_TEMPLATE_SUMMARY_TEXT = "third_party_IP_report.txt.jinja2"
+JINJA_TEMPLATES = [JINJA_TEMPLATE_SUMMARY_HTML, JINJA_TEMPLATE_SUMMARY_CSV, JINJA_TEMPLATE_SUMMARY_TEXT]
+logger = logging.getLogger(__name__)
+try:
+    jinja2_env = jinja2.Environment(
+        loader=jinja2.PackageLoader("mbed_tools_ci_scripts.spdx_report.spdx_summary", "templates"),
+        autoescape=jinja2.select_autoescape(["html", "xml"]),
+    )
+except ModuleNotFoundError as e:
+    logger.error(e)
+
+
+def generate_file_based_on_template(
+    output_dir: Path, template_name: str, template_args: dict, suffix: str = None
+) -> None:
+    """Write file based on template and arguments."""
+    logger.info("Loading template '%s'.", template_name)
+    template = jinja2_env.get_template(template_name)
+    filename = Path(template_name.rsplit(".", 1)[0])
+    if suffix:
+        filename = Path(
+            "{0}_{2}{1}".format(
+                *(str(filename.name), str(filename.suffix), str(suffix.replace(".", "_").replace("-", "_")),)
+            )
+        )
+    output_filename = output_dir.joinpath(filename)
+    rendered = template.render(**template_args)
+    logger.info("Writing to '%s'.", output_filename)
+    output_filename.write_text(rendered, encoding="utf8")
+
+
+class SummaryGenerator:
+    """Licensing summary generator."""
+
+    def __init__(self, project_package: SpdxPackage, dependencies_documents: List[SpdxPackage]) -> None:
+        """Initialiser."""
+        self.project = project_package
+        self.all_packages = list(dependencies_documents)
+        self.all_packages.append(self.project)
+        self._template_arguments: Optional[dict] = None
+
+    def _generate_template_arguments(self) -> Dict[str, Any]:
+        arguments: Dict[str, Any] = dict()
+
+        global_compliance, description_list = self._generate_packages_description()
+        arguments["project"] = {
+            "name": self.project.name,
+            "compliance": global_compliance,
+            "compliance_details": (
+                f"Project [{self.project.name}]'s licence is compliant: {self.project.licence}.{os.linesep}"
+                "All its dependencies are also compliant licence-wise."
+            )
+            if global_compliance
+            else f"Project [{self.project.name}] or one, at least, of its dependencies has a non compliant licence",
+        }
+        arguments["packages"] = description_list
+        arguments["render_time"] = datetime.datetime.now()
+        return arguments
+
+    def _generate_packages_description(self) -> Tuple[bool, dict]:
+        description_list = dict()
+        global_compliance = True
+        for p in self.all_packages:
+            main_licence_valid = p.is_main_licence_accepted
+            actual_licence_valid = p.is_licence_accepted
+            package_checked = is_package_licence_checked(p.name)
+            is_licence_compliant = main_licence_valid and actual_licence_valid
+            is_compliant = is_licence_compliant or package_checked
+            if not is_compliant:
+                global_compliance = False
+            description_list[p.name] = self._generate_description_for_one_package(
+                is_compliant, is_licence_compliant, package_checked, p
+            )
+
+        return global_compliance, description_list
+
+    def _generate_description_for_one_package(
+        self, is_compliant: bool, is_licence_compliant: bool, package_checked: bool, p: SpdxPackage
+    ) -> dict:
+        return {
+            "name": p.name,
+            "is_dependency": p.is_dependency,
+            "url": p.url,
+            "licence": p.licence,
+            "is_compliant": is_compliant,
+            "mark_as_problematic": not is_licence_compliant,
+            "licence_compliance_details": "Licence is compliant."
+            if is_licence_compliant
+            else (
+                "Package's licence has been checked"
+                if package_checked
+                else "Licence is not compliant according to project's configuration."
+            ),
+        }
+
+    @property
+    def template_arguments(self) -> dict:
+        """Gets template arguments."""
+        if not self._template_arguments:
+            self._template_arguments = self._generate_template_arguments()
+        return self._template_arguments
+
+    def generate_summary(self, dir: Path) -> None:
+        """Generates a licensing summary into the specified directory.
+
+        Args:
+            dir: output directory
+        """
+        for t in JINJA_TEMPLATES:
+            generate_file_based_on_template(dir, t, self.template_arguments)

mbed_tools_ci_scripts/spdx_report/templates/third_party_IP_report.csv.jinja2

@@ -0,0 +1,4 @@
+Compliance, Name,Is a dependency?,URL,Licence,Details
+{% for name,package in packages|dictsort %}
+{%- if package.is_compliant == True -%}True{%- else -%}False{%- endif -%},{{ package.name }},{%- if package.is_dependency == True -%}True{%- else -%}False{%- endif -%},{{ package.url }},{{ package.licence }},{{ package.licence_compliance_details }}
+{% endfor %}