|
|
|
If your project leverages build technology that pulls third-party content from well-defined software repositories (e.g., Apache Maven pulling from Maven Central, a `yarn.lock` or `package-lock.json` file), consider using the https://github.com/eclipse/dash-licenses[Eclipse Dash License Tool] to https://github.com/eclipse/dash-licenses#automatic-ip-team-review-requests[automatically create] IPLab issues for you.
|
|
|
|
|
|
|
|
[NOTE]
|
|
|
|
====
|
|
|
|
Note that the **Eclipse Dash License Tool** is only capable of creating issues for content that it either discovers from your build or that you feed to it. It will not, for example, find third-party content that is buried in your code. If you've, for example, added some JavaScript library in a `lib` directory or similar, then you may have to manually https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/new?issuable_template=vet-third-party[create a request] to vet that content and manually track your project's use of that library.
|
|
|
|
====
|
|
|
|
|
|
|
|
If you cannot use the Eclipse Dash License Tool, you can manually create a request:
|
|
|
|
|
|
|
|
* https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/new?issuable_template=vet-project[Create a request] to review Project Content; or
|
|
|
|
* https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues/new?issuable_template=vet-third-party[Create a request] to review Third-party content
|
|
|
|
|
|
|
|
_Project Content_ is any content that will be maintained by the project team. Basically anything that a contributor or committer will put into a project's source code repository (generally in source form) is project content. This includes content that the project team forks (the premise being that forked content effectively becomes indistinguishable, at least conceptually, from project content).
|
|
|
|
|
|
|
|
Note our careful use of the term _content_. This includes source code, documentation, configuration, etc.
|
|
|
|
|
|
|
|
_Third-party Content_ is defined as content that is leveraged or otherwise referenced by project code. Third-party content is typically (although not necessarily) acquired from software repositories (e.g., Maven Central or NPMJS) during builds.
|
|
|
|
|
|
|
|
Please see the https://www.eclipse.org/projects/handbook/#ip-third-party[Eclipse Foundation Project Handbook] for more information.
|
|
|
|
|
|
|
|
When creating a review request issue, please provide as much information as you can. If information is missing, or you are not certain how information should be provided, provide what you can and the IP Team will work with you to sort it out.
|
|
|
|
|
|
|
|
GitLab issue uses markdown, so use Markdown syntax when specifying information. Our scanners parse information out of the issue description, and so are most likely to be successful (and require less time-consuming manual intervention) if you stick to the format specified.
|
|
|
|
|
|
|
|
## Instructions
|
|
|
|
|
|
|
|
### Set the title to a valid ClearlyDefined id
|
|
|
|
|
|
|
|
Set the title of the issue to the ClearlyDefined id, `type/source/namespace/name/version` for the content. If you're not sure, do your best and the IP Team will assist.
|
|
|
|
|
|
|
|
e.g., `maven/mavencentral/org.apache.maven.enforcer/enforcer-api/3.1.0`
|
|
|
|
|
|
|
|
Issues that have a valid ClearlyDefined for a title and source pointer (see below) will be automatically processed and so will likely be resolved quickly. There's more information regarding the (https://www.eclipse.org/projects/handbook/#ip-clearlydefined[format of ClearlyDefined ids] in the handbook.
|
|
|
|
|
|
|
|
### Identify the Eclipse open source project
|
|
|
|
|
|
|
|
We need you to identify the _Eclipse open source project_ that is accepting this contribution. Note that we need you to specify an Eclipse open source project, not a GitLab or GitHub project (provide that in the _Git repository_ field).
|
|
|
|
|
|
|
|
In the template replace <project name> with the name of your Eclipse project (e.g., Eclipse Dash) and <project id> with the project's id (e.g., technology.dash):
|
|
|
|
|
|
|
|
`Project: [Eclipse Dash](https://projects.eclipse.org/projects/technology.dash)`
|
|
|
|
|
|
|
|
### Provide Basic Information
|
|
|
|
|
|
|
|
In the _Basic Information_ section, provide as much information as you can, including the license of the content as you understand it as an SPDX identifier (https://spdx.org/licenses/), and URLs that points to the binary and sources of the content.
|
|
|
|
|
|
|
|
### Provide a Pointer to Source
|
|
|
|
|
|
|
|
The _Source_ field is the important one. The scanner looks for content of the form:
|
|
|
|
|
|
|
|
`[Source](<url>)`
|
|
|
|
|
|
|
|
We need pointers to specific versions of content, ideally in an archive format (e.g. ZIP file). That is, please do not provide a pointer to a repository on GitHub; rather, provide a pointer to a specific downloadable ZIP archive associated with the particular release.
|
|
|
|
|
|
|
|
For example:
|
|
|
|
|
|
|
|
`[Source](https://github.com/kataras/iris/archive/refs/tags/v12.1.8.zip)`
|
|
|
|
|
|
|
|
NOTE that we need to have a source pointer. If you cannot (or do not) provide it, processing will be delayed while we hunt it down.
|
|
|
|
|
|
|
|
### Provide additional Information
|
|
|
|
|
|
|
|
Please provide any additional information that you think might be useful to assist the IP Team in resolving this issue in free form text after the Basic Information.
|
|
|
|
|
|
|
|
### Don't Apply Any Labels
|
|
|
|
|
|
|
|
The scanner will only automatically scan issues under the following conditions:
|
|
|
|
|
|
|
|
1. The issue is open;
|
|
|
|
2. The issue has a valid ClearlyDefined id; and
|
|
|
|
3. The issue either has no labels or has the `Review Needed` label applied.
|
|
|
|
|
|
|
|
Issues that do not meet these criteria are ignored. |
|
|
|
\ No newline at end of file |
