Merge pull request #104 from aboutcode-org/update-spdx-license-list

Update licenses with SPDX license list 3.25

.github/workflows/pypi-release.yml

@@ -21,7 +21,7 @@ on:
 jobs:
   build-pypi-distribs:
     name: Build and publish library to PyPI
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     steps:
       - uses: actions/checkout@v4
@@ -50,7 +50,7 @@ jobs:
     name: Create GH release
     needs:
       - build-pypi-distribs
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Download built archives
@@ -70,7 +70,7 @@ jobs:
     name: Create PyPI release
     needs:
       - create-gh-release
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Download built archives

CHANGELOG.rst

@@ -1,6 +1,15 @@
 Changelog
 =========
 
+v30.4.0 - 2024-10-21
+--------------------
+
+This is a minor release without API changes:
+
+- Use latest skeleton
+- Update license list to latest ScanCode and SPDX 3.25
+- Drop support for Python 3.8
+
 v30.3.1 - 2024-08-13
 --------------------
 

Makefile

@@ -4,7 +4,7 @@
 # ScanCode is a trademark of nexB Inc.
 # SPDX-License-Identifier: Apache-2.0
 # See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-# See https://github.com/nexB/skeleton for support or download.
+# See https://github.com/aboutcode-org/skeleton for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
@@ -35,7 +35,7 @@ check:
 	@echo "-> Run pycodestyle (PEP8) validation"
 	@${ACTIVATE} pycodestyle --max-line-length=100 --exclude=.eggs,venv,lib,thirdparty,docs,migrations,settings.py,.cache .
 	@echo "-> Run isort imports ordering validation"
-	@${ACTIVATE} isort --sl --check-only -l 100 setup.py src tests . 
+	@${ACTIVATE} isort --sl --check-only -l 100 setup.py src tests .
 	@echo "-> Run black validation"
 	@${ACTIVATE} black --check --check -l 100 src tests setup.py
 

azure-pipelines.yml

@@ -7,48 +7,48 @@
 jobs:
   - template: etc/ci/azure-posix.yml
     parameters:
-      job_name: ubuntu20_cpython
-      image_name: ubuntu-20.04
-      python_versions: ["3.8", "3.9", "3.10", "3.11", "3.12"]
+      job_name: ubuntu22_cpython
+      image_name: ubuntu-22.04
+      python_versions: ["3.9", "3.10", "3.11", "3.12", "3.13"]
       test_suites:
         all: venv/bin/pytest -n 2 -vvs
-
+  
   - template: etc/ci/azure-posix.yml
     parameters:
-      job_name: ubuntu22_cpython
-      image_name: ubuntu-22.04
-      python_versions: ["3.8", "3.9", "3.10", "3.11", "3.12"]
+      job_name: ubuntu24_cpython
+      image_name: ubuntu-24.04
+      python_versions: ["3.9", "3.10", "3.11", "3.12", "3.13"]
       test_suites:
         all: venv/bin/pytest -n 2 -vvs
 
   - template: etc/ci/azure-posix.yml
     parameters:
-      job_name: macos12_cpython
-      image_name: macOS-12
-      python_versions: ["3.8", "3.9", "3.10", "3.11", "3.12"]
+      job_name: macos13_cpython
+      image_name: macOS-13
+      python_versions: ["3.9", "3.10", "3.11", "3.12", "3.13"]
       test_suites:
         all: venv/bin/pytest -n 2 -vvs
 
   - template: etc/ci/azure-posix.yml
     parameters:
-      job_name: macos13_cpython
-      image_name: macOS-13
-      python_versions: ["3.8", "3.9", "3.10", "3.11", "3.12"]
+      job_name: macos14_cpython
+      image_name: macOS-14
+      python_versions: ["3.9", "3.10", "3.11", "3.12", "3.13"]
       test_suites:
         all: venv/bin/pytest -n 2 -vvs
 
   - template: etc/ci/azure-win.yml
     parameters:
       job_name: win2019_cpython
       image_name: windows-2019
-      python_versions: ["3.8", "3.9", "3.10", "3.11", "3.12"]
+      python_versions: ["3.9", "3.10", "3.11", "3.12", "3.13"]
       test_suites:
         all: venv\Scripts\pytest -n 2 -vvs
 
   - template: etc/ci/azure-win.yml
     parameters:
       job_name: win2022_cpython
       image_name: windows-2022
-      python_versions: ["3.8", "3.9", "3.10", "3.11", "3.12"]
+      python_versions: ["3.9", "3.10", "3.11", "3.12", "3.13"]
       test_suites:
         all: venv\Scripts\pytest -n 2 -vvs

configure

@@ -3,7 +3,7 @@
 # Copyright (c) nexB Inc. and others. All rights reserved.
 # SPDX-License-Identifier: Apache-2.0
 # See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-# See https://github.com/nexB/ for support or download.
+# See https://github.com/aboutcode-org/ for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 

configure.bat

@@ -4,7 +4,7 @@
 @rem Copyright (c) nexB Inc. and others. All rights reserved.
 @rem SPDX-License-Identifier: Apache-2.0
 @rem See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-@rem See https://github.com/nexB/ for support or download.
+@rem See https://github.com/aboutcode-org/ for support or download.
 @rem See https://aboutcode.org for more information about nexB OSS projects.
 
 

docs/source/conf.py

@@ -50,7 +50,7 @@
 
 # This points to aboutcode.readthedocs.io
 # In case of "undefined label" ERRORS check docs on intersphinx to troubleshoot
-# Link was created at commit - https://github.com/nexB/aboutcode/commit/faea9fcf3248f8f198844fe34d43833224ac4a83
+# Link was created at commit - https://github.com/aboutcode-org/aboutcode/commit/faea9fcf3248f8f198844fe34d43833224ac4a83
 
 intersphinx_mapping = {
     "aboutcode": ("https://aboutcode.readthedocs.io/en/latest/", None),

etc/scripts/check_thirdparty.py

@@ -5,7 +5,7 @@
 # ScanCode is a trademark of nexB Inc.
 # SPDX-License-Identifier: Apache-2.0
 # See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-# See https://github.com/nexB/skeleton for support or download.
+# See https://github.com/aboutcode-org/skeleton for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 import click
@@ -17,7 +17,8 @@
 @click.option(
     "-d",
     "--dest",
-    type=click.Path(exists=True, readable=True, path_type=str, file_okay=False),
+    type=click.Path(exists=True, readable=True,
+                    path_type=str, file_okay=False),
     required=True,
     help="Path to the thirdparty directory to check.",
 )

etc/scripts/fetch_thirdparty.py

@@ -5,7 +5,7 @@
 # ScanCode is a trademark of nexB Inc.
 # SPDX-License-Identifier: Apache-2.0
 # See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-# See https://github.com/nexB/skeleton for support or download.
+# See https://github.com/aboutcode-org/skeleton for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
@@ -55,7 +55,8 @@
     "-d",
     "--dest",
     "dest_dir",
-    type=click.Path(exists=True, readable=True, path_type=str, file_okay=False),
+    type=click.Path(exists=True, readable=True,
+                    path_type=str, file_okay=False),
     metavar="DIR",
     default=utils_thirdparty.THIRDPARTY_DIR,
     show_default=True,
@@ -224,7 +225,8 @@ def fetch_thirdparty(
     environments = None
     if wheels:
         evts = itertools.product(python_versions, operating_systems)
-        environments = [utils_thirdparty.Environment.from_pyver_and_os(pyv, os) for pyv, os in evts]
+        environments = [utils_thirdparty.Environment.from_pyver_and_os(
+            pyv, os) for pyv, os in evts]
 
     # Collect PyPI repos
     repos = []
@@ -260,13 +262,14 @@ def fetch_thirdparty(
                     repos=repos,
                 )
                 if not fetched:
-                    wheels_or_sdist_not_found[f"{name}=={version}"].append(environment)
+                    wheels_or_sdist_not_found[f"{name}=={version}"].append(
+                        environment)
                     if TRACE:
                         print(f"      NOT FOUND")
 
         if (sdists or
             (f"{name}=={version}" in wheels_or_sdist_not_found and name in sdist_only)
-         ):
+            ):
             if TRACE:
                 print(f"  ==> Fetching sdist: {name}=={version}")
 
@@ -289,7 +292,8 @@ def fetch_thirdparty(
         sdist_missing = sdists and "sdist" in dists and not name in wheel_only
         if sdist_missing:
             mia.append(f"SDist missing: {nv} {dists}")
-        wheels_missing = wheels and any(d for d in dists if d != "sdist") and not name in sdist_only
+        wheels_missing = wheels and any(
+            d for d in dists if d != "sdist") and not name in sdist_only
         if wheels_missing:
             mia.append(f"Wheels missing: {nv} {dists}")
 
@@ -299,7 +303,8 @@ def fetch_thirdparty(
         raise Exception(mia)
 
     print(f"==> FETCHING OR CREATING ABOUT AND LICENSE FILES")
-    utils_thirdparty.fetch_abouts_and_licenses(dest_dir=dest_dir, use_cached_index=use_cached_index)
+    utils_thirdparty.fetch_abouts_and_licenses(
+        dest_dir=dest_dir, use_cached_index=use_cached_index)
     utils_thirdparty.clean_about_files(dest_dir=dest_dir)
 
     # check for problems

etc/scripts/gen_requirements.py

@@ -5,7 +5,7 @@
 # ScanCode is a trademark of nexB Inc.
 # SPDX-License-Identifier: Apache-2.0
 # See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-# See https://github.com/nexB/skeleton for support or download.
+# See https://github.com/aboutcode-org/skeleton for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 import argparse

etc/scripts/gen_requirements_dev.py

@@ -5,7 +5,7 @@
 # ScanCode is a trademark of nexB Inc.
 # SPDX-License-Identifier: Apache-2.0
 # See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-# See https://github.com/nexB/skeleton for support or download.
+# See https://github.com/aboutcode-org/skeleton for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 import argparse

etc/scripts/utils_dejacode.py

@@ -5,7 +5,7 @@
 # ScanCode is a trademark of nexB Inc.
 # SPDX-License-Identifier: Apache-2.0
 # See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-# See https://github.com/nexB/skeleton for support or download.
+# See https://github.com/aboutcode-org/skeleton for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 import io
@@ -33,7 +33,8 @@
 
 def can_do_api_calls():
     if not DEJACODE_API_KEY and DEJACODE_API_URL:
-        print("DejaCode DEJACODE_API_KEY and DEJACODE_API_URL not configured. Doing nothing")
+        print(
+            "DejaCode DEJACODE_API_KEY and DEJACODE_API_URL not configured. Doing nothing")
         return False
     else:
         return True
@@ -68,7 +69,8 @@ def get_package_data(distribution):
         return results[0]
 
     elif len_results > 1:
-        print(f"More than 1 entry exists, review at: {DEJACODE_API_URL_PACKAGES}")
+        print(
+            f"More than 1 entry exists, review at: {DEJACODE_API_URL_PACKAGES}")
     else:
         print("Could not find package:", distribution.download_url)
 
@@ -149,7 +151,8 @@ def find_latest_dejacode_package(distribution):
     # there was no exact match, find the latest version
     # TODO: consider the closest version rather than the latest
     # or the version that has the best data
-    with_versions = [(packaging_version.parse(p["version"]), p) for p in packages]
+    with_versions = [(packaging_version.parse(p["version"]), p)
+                     for p in packages]
     with_versions = sorted(with_versions)
     latest_version, latest_package_version = sorted(with_versions)[-1]
     print(

etc/scripts/utils_requirements.py

@@ -5,7 +5,7 @@
 # ScanCode is a trademark of nexB Inc.
 # SPDX-License-Identifier: Apache-2.0
 # See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
-# See https://github.com/nexB/skeleton for support or download.
+# See https://github.com/aboutcode-org/skeleton for support or download.
 # See https://aboutcode.org for more information about nexB OSS projects.
 #
 
@@ -102,7 +102,8 @@ def lock_dev_requirements(
     all_req_nvs = get_required_name_versions(all_req_lines)
     dev_only_req_nvs = {n: v for n, v in all_req_nvs if n not in main_names}
 
-    new_reqs = "\n".join(f"{n}=={v}" for n, v in sorted(dev_only_req_nvs.items()))
+    new_reqs = "\n".join(
+        f"{n}=={v}" for n, v in sorted(dev_only_req_nvs.items()))
     with open(dev_requirements_file, "w") as fo:
         fo.write(new_reqs)
 
@@ -113,10 +114,12 @@ def get_installed_reqs(site_packages_dir):
     as a text.
     """
     if not os.path.exists(site_packages_dir):
-        raise Exception(f"site_packages directory: {site_packages_dir!r} does not exists")
+        raise Exception(
+            f"site_packages directory: {site_packages_dir!r} does not exists")
     # Also include these packages in the output with --all: wheel, distribute,
     # setuptools, pip
-    args = ["pip", "freeze", "--exclude-editable", "--all", "--path", site_packages_dir]
+    args = ["pip", "freeze", "--exclude-editable",
+            "--all", "--path", site_packages_dir]
     return subprocess.check_output(args, encoding="utf-8")