Fix: Python license file has the wrong contents (#7372)

[dsotirho-ucsc]

Linked issues: #7372

Checklist

Author

• PR is assigned to the author
• Status of PR is In progress
• PR is a draft
• Target branch is develop
• Name of PR branch matches issues/<GitHub handle of author>/<issue#>-<slug>
• PR is linked to all issues it (partially) resolves
• Status of linked issues is In progress
• PR description links to linked issues
• PR title matches¹ that of a linked issue _{or comment in PR explains why they're different}
• PR title references all linked issues
• For each linked issue, there is at least one commit whose title references that issue

¹ when the issue title describes a problem, the corresponding PR
title is Fix: followed by the issue title

Author (partiality)

• Added p tag to titles of partial commits
• This PR is labeled partial _{or completely resolves all linked issues}
• This PR partially resolves each of the linked issues _{or does not have the partial label}

Author (reindex)

• Added r tag to commit title _{or the changes introduced by this PR will not require reindexing of any deployment}
• This PR is labeled reindex:dev _{or the changes introduced by it will not require reindexing of dev}
• This PR is labeled reindex:anvildev _{or the changes introduced by it will not require reindexing of anvildev}
• This PR is labeled reindex:anvilprod _{or the changes introduced by it will not require reindexing of anvilprod}
• This PR is labeled reindex:prod _{or the changes introduced by it will not require reindexing of prod}
• This PR is labeled reindex:partial and its description documents the specific reindexing procedure for dev, anvildev, anvilprod and prod _{or requires a full reindex or carries none of the labels reindex:dev, reindex:anvildev, reindex:anvilprod and reindex:prod}

Author (API changes)

• This PR and its linked issues are labeled API _{or this PR does not modify a REST API}
• Added a (A) tag to commit title for backwards (in)compatible changes _{or this PR does not modify a REST API}
• Updated REST API version number in app.py _{or this PR does not modify a REST API}

Author (upgrading deployments)

• Ran make docker_images.json and committed the resulting changes _{or this PR does not modify azul_docker_images, or any other variables referenced in the definition of that variable}
• Documented upgrading of deployments in UPGRADING.rst _{or this PR does not require upgrading deployments}
• Added u tag to commit title _{or this PR does not require upgrading deployments}
• This PR is labeled upgrade _{or does not require upgrading deployments}
• This PR is labeled deploy:shared _{or does not modify docker_images.json, and does not require deploying the shared component for any other reason}
• This PR is labeled deploy:gitlab _{or does not require deploying the gitlab component}
• This PR is labeled deploy:runner _{or does not require deploying the runner image}

Author (hotfixes)

• Added F tag to main commit title _{or this PR does not include permanent fix for a temporary hotfix}
• Reverted the temporary hotfixes for any linked issues _{or the none of the stable branches (anvilprod and prod) have temporary hotfixes for any of the issues linked to this PR}

Author (before every review)

• Rebased PR branch on develop, squashed fixups from prior reviews
• Ran make requirements_update _{or this PR does not modify Dockerfile, environment, requirements*.txt, common.mk, Makefile or environment.boot}
• Added R tag to commit title _{or this PR does not modify requirements*.txt}
• This PR is labeled reqs _{or does not modify requirements*.txt}
• make integration_test passes in personal deployment _{or this PR does not modify functionality that could affect the IT outcome}
• PR is awaiting requested review from a peer
• Status of PR is Review requested
• PR is assigned to only the peer and the author

Peer reviewer (after approval)

Note that after requesting changes, the PR must be assigned to only the author.

• Actually approved the PR
• PR is not a draft
• PR is awaiting requested review from system administrator
• Status of PR is Review requested
• PR is assigned to only the system administrator and the author

System administrator (after approval)

• Actually approved the PR
• Labeled linked issues as demo or no demo
• Commented on linked issues about demo expectations _{or all linked issues are labeled no demo}
• Decided if PR can be labeled no sandbox
• A comment to this PR details the completed security design review
• PR title is appropriate as title of merge commit
• N reviews label is accurate
• Status of PR is Approved
• PR is assigned to only the operator and the author

Operator

• Checked reindex:… labels and r commit title tag
• Checked that demo expectations are clear _{or all linked issues are labeled no demo}
• Squashed PR branch and rebased onto develop
• Sanity-checked history
• Pushed PR branch to GitHub

Operator (deploy .shared and .gitlab components)

• Ran _select dev.shared && CI_COMMIT_REF_NAME=develop make -C terraform/shared apply_keep_unused _{or this PR is not labeled deploy:shared}
• Ran _select dev.gitlab && CI_COMMIT_REF_NAME=develop make -C terraform/gitlab apply _{or this PR is not labeled deploy:gitlab}
• Ran _select anvildev.shared && CI_COMMIT_REF_NAME=develop make -C terraform/shared apply_keep_unused _{or this PR is not labeled deploy:shared}
• Ran _select anvildev.gitlab && CI_COMMIT_REF_NAME=develop make -C terraform/gitlab apply _{or this PR is not labeled deploy:gitlab}
• Checked the items in the next section _{or this PR is labeled deploy:gitlab}
• PR is assigned to only the system administrator and the author _{or this PR is not labeled deploy:gitlab}

System administrator (post-deploy of .gitlab component)

• Background migrations for dev.gitlab are complete _{or this PR is not labeled deploy:gitlab}
• Background migrations for anvildev.gitlab are complete _{or this PR is not labeled deploy:gitlab}
• PR is assigned to only the operator and the author

Operator (deploy runner image)

• Ran _select dev.gitlab && make -C terraform/gitlab/runner _{or this PR is not labeled deploy:runner}
• Ran _select anvildev.gitlab && make -C terraform/gitlab/runner _{or this PR is not labeled deploy:runner}

Operator (sandbox build)

• Added sandbox label _{or PR is labeled no sandbox}
• Pushed PR branch to GitLab dev _{or PR is labeled no sandbox}
• Pushed PR branch to GitLab anvildev _{or PR is labeled no sandbox}
• Build passes in sandbox deployment _{or PR is labeled no sandbox}
• Build passes in anvilbox deployment _{or PR is labeled no sandbox}
• Reviewed build logs for anomalies in sandbox deployment _{or PR is labeled no sandbox}
• Reviewed build logs for anomalies in anvilbox deployment _{or PR is labeled no sandbox}
• Deleted unreferenced indices in sandbox _{or this PR does not remove catalogs or otherwise causes unreferenced indices in sandbox}
• Deleted unreferenced indices in anvilbox _{or this PR does not remove catalogs or otherwise causes unreferenced indices in anvilbox}
• Started reindex in sandbox _{or this PR is not labeled reindex:dev}
• Started reindex in anvilbox _{or this PR is not labeled reindex:anvildev}
• Checked for failures in sandbox _{or this PR is not labeled reindex:dev}
• Checked for failures in anvilbox _{or this PR is not labeled reindex:anvildev}

Operator (merge the branch)

• All status checks passed and the PR is mergeable
• The title of the merge commit starts with the title of this PR
• Added PR # reference to merge commit title
• Collected commit title tags in merge commit title _{but only included p if the PR is also labeled partial}
• Pushed merge commit to GitHub
• Status of PR is Merged lower
• Status of blocked issues is Triage _{or no issues are blocked on the linked issues}

Operator (main build)

• Pushed merge commit to GitLab dev
• Pushed merge commit to GitLab anvildev
• Build passes on GitLab dev
• Reviewed build logs for anomalies on GitLab dev
• Build passes on GitLab anvildev
• Reviewed build logs for anomalies on GitLab anvildev
• Ran _select dev.shared && make -C terraform/shared apply _{or this PR is not labeled deploy:shared}
• Ran _select anvildev.shared && make -C terraform/shared apply _{or this PR is not labeled deploy:shared}
• Deleted PR branch from GitHub
• PR is assigned to only the operator
• Deleted PR branch from GitLab dev
• Deleted PR branch from GitLab anvildev
• Status of linked issues is Lower, or Triage, if PR is partial

Operator (reindex)

• Deindexed all unreferenced catalogs in dev _{or this PR is neither labeled reindex:partial nor reindex:dev}
• Deindexed all unreferenced catalogs in anvildev _{or this PR is neither labeled reindex:partial nor reindex:anvildev}
• Deindexed specific sources in dev _{or this PR is neither labeled reindex:partial nor reindex:dev}
• Deindexed specific sources in anvildev _{or this PR is neither labeled reindex:partial nor reindex:anvildev}
• Indexed specific sources in dev _{or this PR is neither labeled reindex:partial nor reindex:dev}
• Indexed specific sources in anvildev _{or this PR is neither labeled reindex:partial nor reindex:anvildev}
• Started reindex in dev _{or this PR does not require reindexing dev}
• Started reindex in anvildev _{or this PR does not require reindexing anvildev}
• Checked for, triaged and possibly requeued messages in both fail queues in dev _{or this PR does not require reindexing dev}
• Checked for, triaged and possibly requeued messages in both fail queues in anvildev _{or this PR does not require reindexing anvildev}
• Emptied fail queues in dev _{or this PR does not require reindexing dev}
• Emptied fail queues in anvildev _{or this PR does not require reindexing anvildev}
• Restarted the Data Browser pipeline for the ucsc/hca/dev branch on GitLab in dev _{or this PR does not require reindexing dev}
• Restarted the Data Browser pipeline for the ucsc/lungmap/dev branch on GitLab in dev _{or this PR does not require reindexing dev}
• Restarted deploy_browser job in the GitLab pipeline for this PR in dev _{or this PR does not require reindexing dev}
• Restarted the Data Browser pipeline for the ucsc/anvil/anvildev branch on GitLab in anvildev _{or this PR does not require reindexing anvildev}
• Restarted deploy_browser job in the GitLab pipeline for this PR in anvildev _{or this PR does not require reindexing anvildev}

Operator (mirroring)

• Started mirroring in dev _{or this PR does not require mirroring dev}
• Started mirroring in anvildev _{or this PR does not require mirroring anvildev}
• Checked for, triaged and possibly requeued messages in mirror fail queue in dev _{or this PR does not require mirroring dev}
• Checked for, triaged and possibly requeued messages in mirror fail queue in anvildev _{or this PR does not require mirroring anvildev}
• Emptied mirror fail queue in dev _{or this PR does not require mirroring dev}
• Emptied mirror fail queue in anvildev _{or this PR does not require mirroring anvildev}

Operator

• Propagated the deploy:shared, deploy:gitlab, deploy:runner, API, reindex:partial, reindex:anvilprod and reindex:prod labels to the next promotion PRs _{or this PR carries none of these labels}
• Propagated any specific instructions related to the deploy:shared, deploy:gitlab, deploy:runner, API, reindex:partial, reindex:anvilprod and reindex:prod labels, from the description of this PR to that of the next promotion PRs _{or this PR carries none of these labels}
• PR is assigned to no one

Shorthand for review comments

• L line is too long
• W line wrapping is wrong
• Q bad quotes
• F other formatting problem

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.82%. Comparing base (5f86ccf) to head (bf094a6).
⚠️ Report is 8 commits behind head on develop.

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #7701   +/-   ##
========================================
  Coverage    84.82%   84.82%           
========================================
  Files          157      157           
  Lines        23060    23060           
========================================
  Hits         19561    19561           
  Misses        3499     3499           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coveralls]

coverage: 85.046%. remained the same
when pulling bf094a6 on issues/dsotirho-ucsc/7372-license-files
into 5f86ccf on develop.

[dsotirho-ucsc]

7701_IT_2026-01-20.txt

[achave11-ucsc]

diff --git a/scripts/fetch_requirement_licences.py b/scripts/fetch_requirement_licences.py
index f09ad779f..8ac226e3f 100644
--- a/scripts/fetch_requirement_licences.py
+++ b/scripts/fetch_requirement_licences.py
@@ -49,7 +49,7 @@ log = logging.getLogger(__name__)
 class FetchLicenses:
     destination_path = f'{config.project_root}/docs/licenses/python/'
 
-    license_file_names = [
+    file_names = [
         'LICENSE',
         'LICENSE.txt',
         'LICENSE.rst',
@@ -61,82 +61,16 @@ class FetchLicenses:
         'LICENCE.md'
     ]
 
-    def main(self, argv):
-        parser = argparse.ArgumentParser(description=__doc__,
-                                         formatter_class=AzulArgumentHelpFormatter)
-        parser.add_argument('--package', '-p',
-                            help='Optionally specify one or more packages to '
-                                 'download from. If not specified, licenses from '
-                                 'all Python dependencies will be downloaded.',
-                            nargs='+',
-                            metavar='PACKAGE',
-                            )
-        parser.add_argument('--debug',
-                            action='store_true',
-                            help='Log debugging information')
-        args = parser.parse_args(argv)
-
-        packages = []
-        failures = []
-
-        if args.package:
-            packages = [p for p in args.package]
-        else:
-            with open(f'{config.project_root}/requirements.all.txt', 'r') as f:
-                packages = [p.split('==')[0] for p in f.readlines()]
-
-        for package in packages:
-            if package:
-                pypi_url = f'https://pypi.org/pypi/{package}'
-                response = self.get_response(f'{pypi_url}/json')
-                assert isinstance(response, HTTPResponse)
-                found = False
-                if response.status == 200:
-                    urls = json.loads(response.data)['info']['project_urls']
-                    if urls:
-                        if args.debug:
-                            log.debug('%s urls: %s', package, urls)
-                        for url in self.github_urls(urls.values()):
-                            url_raw = furl(url)
-                            if len(url_raw.path.segments) > 2:
-                                if url_raw.path.segments[2] in ('blob', 'tree'):
-                                    url_raw.path.segments[2] = 'raw'
-                            else:
-                                url_raw.path.segments.extend(['raw', 'HEAD'])
-                            url_blob = url_raw.copy()
-                            url_blob.path.segments[2] = 'blob'
-                            for filename in self.license_file_names:
-                                response = self.get_response(f'{url_raw}/{filename}')
-                                assert isinstance(response, HTTPResponse)
-                                if response.status == 200:
-                                    if args.debug:
-                                        log.debug('Found %s/%s', url_raw, filename)
-                                    file_path = f'{self.destination_path}{package}.txt'
-                                    with open(file_path, 'wb') as f:
-                                        f.write(f'{url_blob}/{filename}\n\n'.encode('ascii'))
-                                        f.write(response.data)
-                                    log.info('%s... SUCCESS', package)
-                                    found = True
-                                    break
-                            if found:
-                                break
-                if not found:
-                    failures.append(package)
-                    log.info('%s... FAIL (%s)', package, pypi_url)
-
-        if failures:
-            log.error('Failed to fetch licenses for packages: %s', failures)
-
     @cached_property
     def http(self) -> HttpClient:
         return http_client()
 
-    def get_response(self, url: str) -> HTTPResponse:
+    def fetch(self, url: str) -> HTTPResponse:
         while True:
             response = self.http.request('GET', url)
             if response.status in [301, 302]:
                 url = response.get_redirect_location()
-                retry_after = response.headers.get('Retry-After')
+                retry_after = response.headers.fetch('Retry-After')
                 if retry_after is not None:
                     print('Sleeping %.3fs to honor Retry-After property' % retry_after)
                     time.sleep(retry_after)
@@ -155,13 +89,10 @@ class FetchLicenses:
                 url_.path.segments.pop()
             if url_.netloc == 'github.com' and url_.path.segments:
                 last_segment = url_.path.segments[-1]
-                # Remove '.git' from URL
-                # https://github.com/USER/PACKAGE.git
+                # REVIEW: Consider removing comments expressible with code
                 if last_segment.endswith('.git'):
-                    url_.path.segments[-1] = last_segment[:-4]
-                # Remove README file from path
-                # https://github.com/USER/README.md
-                elif last_segment.endswith('.md') or last_segment.endswith('.rst'):
+                    url_.path.segments[-1] = last_segment.removesuffix('.git')
+                elif last_segment.startswith('README'):
                     url_.path.segments.pop()
                 # Remove extra segment from path
                 # https://github.com/USER/PACKAGE/issues
@@ -176,6 +107,81 @@ class FetchLicenses:
         return sorted(urls_)
 
 
+def main(argv):
+    # REVIEW: Code structure is difficult to follow in the first commit. Consider
+    # breaking it up to  make it more transparent. Separating the fixes from
+    # modifications/alterations may help.
+    # Also, why not continue using main() and the defining the script's business
+    # logic in it, like in other scripts? It seems you've been introducing a
+    # slightly different invocation pattern in some of these scripts.
+    #
+    parser = argparse.ArgumentParser(description=__doc__,
+                                     formatter_class=AzulArgumentHelpFormatter)
+    parser.add_argument('--package', '-p',
+                        help='Optionally specify one or more packages to '
+                             'download from. If not specified, licenses from '
+                             'all Python dependencies will be downloaded.',
+                        nargs='+',
+                        metavar='PACKAGE',
+                        )
+    parser.add_argument('--debug',
+                        action='store_true',
+                        help='Log debugging information')
+    args = parser.parse_args(argv)
+
+    packages = []
+    failures = []
+
+    if args.package:
+        packages = [p for p in args.package]
+    else:
+        with open(f'{config.project_root}/requirements.all.txt', 'r') as f:
+            packages = [p.split('==')[0] for p in f.readlines()]
+
+    licenses = FetchLicenses()
+    for package in packages:
+        if package:
+            pypi_url = f'https://pypi.org/pypi/{package}'
+            response = licenses.fetch(f'{pypi_url}/json')
+            assert isinstance(response, HTTPResponse)
+            found = False
+            if response.status == 200:
+                urls = json.loads(response.data)['info']['project_urls']
+                if urls:
+                    if args.debug:
+                        log.debug('%s urls: %s', package, urls)
+                    for url in licenses.github_urls(urls.values()):
+                        url_raw = furl(url)
+                        if len(url_raw.path.segments) > 2:
+                            if url_raw.path.segments[2] in ('blob', 'tree'):
+                                url_raw.path.segments[2] = 'raw'
+                        else:
+                            url_raw.path.segments.extend(['raw', 'HEAD'])
+                        url_blob = url_raw.copy()
+                        url_blob.path.segments[2] = 'blob'
+                        for filename in licenses.file_names:
+                            response = licenses.fetch(f'{url_raw}/{filename}')
+                            assert isinstance(response, HTTPResponse)
+                            if response.status == 200:
+                                if args.debug:
+                                    log.debug('Found %s/%s', url_raw, filename)
+                                file_path = f'{licenses.destination_path}{package}.txt'
+                                with open(file_path, 'wb') as f:
+                                    f.write(f'{url_blob}/{filename}\n\n'.encode('ascii'))
+                                    f.write(response.data)
+                                log.info('%s... SUCCESS', package)
+                                found = True
+                                break
+                        if found:
+                            break
+            if not found:
+                failures.append(package)
+                log.info('%s... FAIL (%s)', package, pypi_url)
+
+    if failures:
+        log.error('Failed to fetch licenses for packages: %s', failures)
+
+
 if __name__ == '__main__':
     configure_script_logging(log)
-    FetchLicenses().main(sys.argv[1:])
+    main(sys.argv[1:])

[dsotirho-ucsc]

7701_IT_2026-01-23.txt

[achave11-ucsc]

LGTM ✅

Note, the class abstraction of your previous version was also good, but the business logic of the script (the main() method) didn't seem appropriate to the class.

[hannes-ucsc]

If you allow this side effect of importing the script, you may as well not have the if __name__ … stanza at the bottom.

You may need to define a Main class and make this and attribute thereof. There is plenty of precedent for this technique.

[dsotirho-ucsc]

7701_IT_2026-01-27.txt

[hannes-ucsc]

Security design review

• Security design review completed; this PR does not …
  • … affect authentication; for example:
    • OAuth 2.0 with the application (API or Swagger UI)
    • Authentication of developers with Google Cloud APIs
    • Authentication of developers with AWS APIs
    • Authentication with a GitLab instance in the system
    • Password and 2FA authentication with GitHub
    • API access token authentication with GitHub
    • Authentication with Terra
  • … affect the permissions of internal users like access to
    • Cloud resources on AWS and GCP
    • GitLab repositories, projects and groups, administration
    • an EC2 instance via SSH
    • GitHub issues, pull requests, commits, commit statuses, wikis, repositories, organizations
  • … affect the permissions of external users like access to
    • TDR snapshots
  • … affect permissions of service or bot accounts
    • Cloud resources on AWS and GCP
  • … affect audit logging in the system, like
    • adding, removing or changing a log message that represents an auditable event
    • changing the routing of log messages through the system
  • … affect monitoring of the system
  • … introduce a new software dependency like
    • Python packages on PYPI
    • Command-line utilities
    • Docker images
    • Terraform providers
  • … add an interface that exposes sensitive or confidential data at the security boundary
  • … affect the encryption of data at rest
  • … require persistence of sensitive or confidential data that might require encryption at rest
  • … require unencrypted transmission of data within the security boundary
  • … affect the network security layer; for example by
    • modifying, adding or removing firewall rules
    • modifying, adding or removing security groups
    • changing or adding a port a service, proxy or load balancer listens on
• Documentation on any unchecked boxes is provided in comments below