opensource.google.com

Menu

Docs

Compliance Linter

go/thirdparty/linter

Overview

The compliance linter is an analyzer that runs via Tricorder and shows any findings in Critique; similarly to how golint, error prone, etc. analyses show their findings in Critique. What it does is verify that the information supplied in the third-party metadata files—BUILD, OWNERS, LICENSE, and METADATA—are correct. This allows the programmer to correct mistakes before sending the CL out for review.

Below is some information about the messages the linter emits—what they mean and why they were emitted in the first place.

Compliance linter warnings explained

BUILD file linter warnings

Must have licenses() rule

licenses() specifies the default license type(s) of the build rules in a BUILD file. Place this directive before the first build rule.

Invalid type of license in licenses() rule

The valid license types are:

Only one license type should be in the licenses() rule

If the code is released under multiple licenses, follow the instructions on which license type to specify.

Must have exports_files(["LICENSE"]) rule

exports_files() specifies that the LICENSE file is exported to other packages but not otherwise mentioned in the BUILD file.

Default visibility cannot be public if the license is by_exception_only

by_exception_only licenses are normally purchased and licensed only for specific uses. An explicit exception for each Google target build rule is needed before the code can be used by another project. Therefore, the “default” visibility is not allowed for by_exception_only licenses.

exports_files() must come after licenses()

The exports_files() rule must come after the licenses() rule in the BUILD file.

Failed to parse BUILD file

The BUILD file has a syntax error of some sort.

METADATA file linter warnings

You must specify a description field

Write a short description of the package. This helps others who want to use the package know what the package is.

You must specify a source “url” field with type ARCHIVE, GIT, HG, SVN, LOCAL_SOURCE, PIPER, or EMAIL

The third_party field needs at least one url field that identifies where the exact version of the package came from. This is normally done by specifying either ARCHIVE, GIT, HG, SVN, LOCAL_SOURCE, or PIPER. There are several examples on the third-party METADATA page.

You must specify a version field

The version field must be set. The one exception being when the url field is a PIPER URL.

You must specify a last_upgrade_date field

The last_upgrade_field field must be set. The one exception being when the url field is a PIPER URL.

OWNERS file linter warnings

Employee user is not an active FTE

The first two usernames listed in the OWNERS file must be active FTEs.

There should be at least two FTEs listed before non-FTE user

As stated above, the first two usernames listed in the OWNERS file must be active FTEs. After those, any current, active Google employee can be listed.

user is not an employee

Only usernames of current, active Google employees may be listed in the OWNERS file.

Do not use set noparent in third_party OWNERS files

Under no circumstances may an OWNERS file under //third_party include the line set noparent.

File directive should point to relative ‘java’ OWNERS file

If the OWNERS file is under //third_party/java_src, then isn’t not required to have two FTEs listed. However, it should have a file directive pointing to an OWNERS file in the related //third_party/java repository.

File directive should point to third-party OWNERS file

Pointing to an OWNERS file outside of //third_party implicitly makes all of the people listed in those OWNERS files maintainers of the third-party package. Yet those people may have no knowledge of third-party packages, and may be surprised that they are considered owners of these packages. Thus, a file directive in //third_party should point only to a third-party OWNERS file.

Deleted files warnings

Some but not all of … were removed

All metadata files should be deleted at once. This should be done only when removing or branching the entire software package.

Disallowed licenses warnings

The … license CANNOT be used at Google

There are a few licenses that cannot be used at Google under any circumstances. The linter makes a check for these licenses and emits a warning if it thinks it found one. A disallowed license that is mentioned without it being the actual software’s license is okay, and the linter tries to account for these situations.

Except as otherwise noted, the content of this page is licensed under CC-BY-4.0 license. Third-party product names and logos may be the trademarks of their respective owners.