Adopt Apache-2.0 OR MIT dual license; gate CI on license audit#57
Merged
Conversation
Replaces the previous single LICENSE file (which carried BSD-3-Clause text despite Cargo.toml declaring MIT) with the standard Rust dual-license setup: LICENSE-MIT, LICENSE-APACHE, and a top-level LICENSE pointer. Both crates now declare `license = "Apache-2.0 OR MIT"`. README and the navigation guide are updated accordingly. Adds cargo-about (about.toml + about.hbs) and a generated THIRD_PARTY_LICENSES.md enumerating every third-party crate that ships with the distribution. A new `licenses` CI job (using a cached cargo-about binary via taiki-e/install-action) regenerates the file and diffs against the committed copy; the test matrix now blocks on it. Local equivalents are `just licenses` (regenerate) and `just ci-check-licenses` (verify). Also fixes two pre-existing clippy errors that surfaced on the local toolchain (Rust 1.95.0): `duration_suboptimal_units` in database/config.rs and `map_unwrap_or` in reservation.rs. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 5a09f5231f
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Comment on lines
+39
to
+41
| ignore-build-dependencies = false | ||
| ignore-dev-dependencies = false | ||
| ignore-transitive-dependencies = false |
There was a problem hiding this comment.
about.toml does not set no-clearly-defined = true, so cargo about generate will query clearlydefined.io by default; cargo-about’s own docs note that this external data can change or be temporarily unavailable for the same dependency graph. Because ci-check-licenses diffs generated output against committed THIRD_PARTY_LICENSES.md, this introduces nondeterministic, unrelated CI failures in the new blocking licenses gate. Configure generation to avoid external lookups (or otherwise pin the source) so the check is stable.
Useful? React with 👍 / 👎.
- Replace Duration::from_millis with Duration::from_secs at three sites in trop/src/database/config.rs to satisfy the new clippy::duration_suboptimal_units lint introduced in Rust 1.95.0. - Regenerate THIRD_PARTY_LICENSES.md on Linux (via Docker) so it matches what CI's Linux runner produces; the previous file was generated on macOS and picked a slightly different miniz_oxide license file. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
CI upgraded to stable rustc 1.95.0, which collapses the let-binding onto a single line. Reapply `cargo fmt` to match. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
`test_exclude_port_range` failed intermittently on Ubuntu release CI with `database error: database is locked`. Tests using `command_bare()` omit `--data-dir`, so the binary falls back to `~/.trop/trop.db`. Multiple parallel tests then contend for the same SQLite database and hit lock timeouts (release builds run fast enough to make this collision likely). Setting `TROP_DATA_DIR` in `command_bare()` gives each test its own isolated data dir. The `--data-dir` CLI flag still takes precedence over the env var, so tests that pass `--data-dir` explicitly (e.g. init_command, global_options flag-override tests) are unaffected. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The license audit gate diffs cargo-about output against the committed THIRD_PARTY_LICENSES.md. The previous `tool: cargo-about` (unpinned) would silently track new releases, so any upstream formatting tweak could flake the gate on an unrelated PR. Note on the reviewer's suggested `no-clearly-defined = true` in about.toml: cargo-about 0.9.0 removed clearlydefined.io support entirely (CHANGELOG PR#287, src/licenses/config.rs:304-305 logs a "removed" warning if the key is set), so the external-source nondeterminism that flag originally guarded against is gone in the version we use. Pinning the tool version addresses the underlying reproducibility concern at its actual source. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
# Conflicts: # .github/workflows/ci.yml # AGENTIC_NAVIGATION_GUIDE.md
The merge of origin/main into this branch (0ee45d1) accidentally dropped the blank line that deeb8f5 had added to keep THIRD_PARTY_LICENSES.md matching the file `cargo-about` produces on Linux. CI re-flagged the file as stale with the exact one-line diff. `cargo-about` reads a different miniz_oxide license file depending on filesystem readdir order (Linux picks `LICENSE`, macOS picks `LICENSE-MIT.md`), and these files differ by one blank line. Since CI runs on Linux, the committed file must match Linux output. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Reconciles
trop's license metadata, adopts the standard RustApache-2.0 OR MITdual license, and adds a blocking CI license-audit job.Type of Change
Motivation and Context
The project's
LICENSEfile carried BSD-3-Clause text while bothCargo.tomlfiles declaredlicense = "MIT"— an inconsistency that needed resolution. An audit of the 163-crate distributable dependency tree confirmed thatApache-2.0 OR MIT(the de-facto Rust standard) is fully compatible with every dep, including the three constraining ones (unicode-bom,sha1_smol,ryu), so we adopt that.To prevent future drift between the license claim and the actual third-party obligations, this PR also wires in
cargo-aboutand a CI check that fails if the generatedTHIRD_PARTY_LICENSES.mdis stale.Implementation Details
LICENSEis now a short pointer to the dual license;LICENSE-APACHEcarries the full Apache 2.0 text;LICENSE-MITcarries the standard MIT text. BothCargo.tomls declarelicense = "Apache-2.0 OR MIT".cargo-about:about.tomllists accepted SPDX IDs and the five target triples we support (Linux x86_64/aarch64, macOS x86_64/arm64, Windows x86_64-msvc) so generation is deterministic across machines.about.hbsis the Handlebars template (uses triple-brace expressions to skip HTML escaping in license text).THIRD_PARTY_LICENSES.md: ~187 KB generated artifact, committed so CI has something to diff against. Counts: 227 MIT, 19 Unicode-3.0, 10 Apache-2.0, 1 BSD-3-Clause.just licensesregenerates;just ci-check-licensesregenerates into a temp file and unified-diffs against the committed copy with a helpful error on mismatch.licensesjob usestaiki-e/install-action@v2for a cached prebuiltcargo-about. Added toneeds:of thetestmatrix, so the entire test job blocks on it.duration_suboptimal_unitsand tightenedmap_unwrap_or. Trivial fixes indatabase/config.rsandreservation.rs(4 lines total) so this PR's CI passes.Testing
just preflight-prgreen)ci-check-licensesrejects)Platform Compatibility
Checklist
cargo fmt --checkpasses)cargo clippypasses)🤖 Generated with Claude Code