feat: add Python pre-build license checker with --fix and --pr#5
Merged
Merged
Conversation
Adds shenyu_watcher.py — a pure-stdlib tool that resolves Maven runtime dependencies (via mvn dependency:list, an assembled lib/ dir, or pom.xml fallback), checks them against the LICENSE file, and can auto-fix missing entries by fetching license info from Maven Central POMs. New --pr action integrates the fix into a reviewable workflow: after fixing the target project's LICENSE, it creates a git branch, commits only the LICENSE path, pushes, and opens a GitHub PR via the gh CLI. Branch creation happens before the write so the only commit on the branch is the LICENSE change; an empty diff (all duplicates) rolls back with no PR. Also fixes the legacy Java tool: - cross-platform path separators (File.separator instead of "\\") - version comparison via regex + numeric compare (was a literal "Python 3.8" string match) - prints a success message when all jars match - uses commons-collections4 CollectionUtils README rewritten to document both tools. Co-Authored-By: Claude <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
This PR adds a new Python-based, pre-build license checker (shenyu_watcher.py) to validate (and optionally auto-fix) Maven dependency LICENSE declarations before packaging, while also improving the existing Java-based post-package checker’s portability and Python version detection.
Changes:
- Added
shenyu_watcher.py: resolves dependencies, checks LICENSE entries, supports--fix, and can open a GitHub PR via--pr. - Updated Java checker to use cross-platform path construction and improved Python version detection logic.
- Updated documentation and repo hygiene (
README.md,.gitignore) and added a new Maven dependency.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
src/main/java/org/apache/shenyu/ShenyuWatcher.java |
Improves cross-platform path handling and output behavior in the Java post-package checker. |
src/main/java/org/apache/shenyu/env/CheckEnv.java |
Updates Python version detection to parse and compare versions rather than string matching. |
shenyu_watcher.py |
Introduces a new pre-build Python license checker with --fix and --pr workflows. |
README.md |
Rewritten to document both tools, usage flows, and behavior. |
pom.xml |
Adds commons-collections4 dependency used by the Java tool update. |
.gitignore |
Ignores Python bytecode caches/artifacts. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+41
to
+45
| String fileName = filePath.substring(filePath.lastIndexOf(File.separator) + 1); | ||
| System.out.println("Start to unzip " + fileName + "..."); | ||
|
|
||
| String destDir = filePath.substring(0, filePath.lastIndexOf("\\")); | ||
| String destDir = filePath.substring(0, filePath.lastIndexOf(File.separator)); |
| System.err.println("The following jars need to be modified: "); | ||
| failureMatchJar.forEach(System.err::println); | ||
| } else { | ||
| System.out.println("The license is ok "); |
|
|
||
| } else { | ||
| System.err.println("The python version not 3.8"); |
|
|
||
| public static boolean PYTHON_CHECK = false; | ||
|
|
||
| private static final Pattern pattern = Pattern.compile("Python (\\d+\\.\\d+\\.\\d+)"); |
|
|
||
| ### Requirements | ||
|
|
||
| - Python 3.6+ |
| root_real = os.path.realpath(git_root) | ||
| lic_real = os.path.realpath(license_path) | ||
| rel = os.path.relpath(lic_real, root_real) | ||
| if rel == "." or os.path.isabs(rel) or rel.startswith(".." + os.sep): |
Comment on lines
45
to
46
| InputStream inputStream = process.getInputStream(); | ||
| String str = IOUtils.toString(inputStream, StandardCharsets.UTF_8); |
Comment on lines
+48
to
+52
| Matcher matcher = pattern.matcher(str); | ||
| if (matcher.find()) { | ||
| System.out.println(matcher.group(1)); | ||
| PYTHON_CHECK = isVersionGreaterOrEqual(matcher.group(1), REQUIRED_PYTHON_VERSION); | ||
| } |
Comment on lines
+54
to
65
| if (!PYTHON_CHECK) { | ||
| exe = "python3 -V"; | ||
| } | ||
| process = Runtime.getRuntime().exec(exe); | ||
| inputStream = process.getInputStream(); | ||
| str = IOUtils.toString(inputStream, StandardCharsets.UTF_8); | ||
|
|
||
| matcher = pattern.matcher(str); | ||
| if (matcher.find()) { | ||
| System.out.println(matcher.group(1)); | ||
| PYTHON_CHECK = isVersionGreaterOrEqual(matcher.group(1), REQUIRED_PYTHON_VERSION); | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds a Python pre-build license checker (
shenyu_watcher.py) alongside the existing Java post-package checker, and fixes several issues in the Java tool. The headline new capability is a--praction that integrates the--fixlicense repair into a reviewable pull-request workflow.What's new
shenyu_watcher.py(new)A pure-stdlib tool (no pip dependencies) that:
mvn dependency:list, an assembledlib/directory, or pom.xml fallback--fix: fetches license info from Maven Central POMs and appends missing entries to the correct LICENSE section--pr(implies--fix): after fixing, creates a git branch, commits only the LICENSE path, pushes, and opens a GitHub PR viaghHow
--prworksThe branch is created before the fix writes to disk, so the only commit on the new branch is the LICENSE change. Path-scoped commit (
git commit -- <relpath>) means unrelated dirty files in the working tree are never swept in — it only requires the LICENSE file itself to be clean. Auto-detects the git root (works when the project is a subdirectory of a larger repo, e.g. ashenyumonorepo module). If no entries are actually added (all duplicates), the branch is rolled back and no PR is opened.Java tool fixes
File.separatorinstead of hardcoded\\)"Python 3.8"string match, so 3.9+ failed)commons-collections4CollectionUtilsOther
.gitignore: ignore Python__pycache__/and*.pycREADME.md: rewritten to document both tools, the--fix/--prflows, exit codes, and a comparison tableVerification
python3 -c "import ast; ast.parse(...)"— syntax OK--helpshows the new--pr/--branch/--base/--remoteflags--fixregression: confirmed against a scratch repo (appends entry, re-check passes, no commit)--prend-to-end on a scratch git repo (withgh/push stubbed): branch created frommain, commit touched onlyLICENSE, PR title/body generated with added entries + check context/tmp↔/private/tmp) handled via realpath normalizationNotes
.asf.yaml(1 approving review + status checks onmain).🤖 Generated with Claude Code