From 540b6e60cf1aec978c90f6292976f6d4a9b3c0b6 Mon Sep 17 00:00:00 2001
From: Matteo Mortari <matteo.mortari@gmail.com>
Date: Fri, 30 Aug 2024 09:43:31 +0200
Subject: [PATCH 1/5] gha: fossa license scanning

Signed-off-by: Matteo Mortari <matteo.mortari@gmail.com>
---
 .github/workflows/fossa-license-scanning.yml | 22 ++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 .github/workflows/fossa-license-scanning.yml

diff --git a/.github/workflows/fossa-license-scanning.yml b/.github/workflows/fossa-license-scanning.yml
new file mode 100644
index 000000000..82d08c512
--- /dev/null
+++ b/.github/workflows/fossa-license-scanning.yml
@@ -0,0 +1,22 @@
+name: FOSSA License Scanning
+
+on:
+    push:
+      branches:
+        - main
+    pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout tree
+        uses: actions/checkout@v4
+
+      - name: Run FOSSA scan and upload build data
+        uses: fossa-contrib/fossa-action@v3
+        with:
+          # push-only token, intentional; see https://github.com/fossa-contrib/fossa-action?tab=readme-ov-file#push-only-api-token
+          # this also how other CNCF projects are doing e.g. https://github.com/cncf/foundation/issues/109
+          fossa-api-key: 80871bdd477c2c97f65e9822cae99d20

From cad2fe6a59eca16bf7985c28a313009435bd8959 Mon Sep 17 00:00:00 2001
From: Matteo Mortari <matteo.mortari@gmail.com>
Date: Fri, 30 Aug 2024 10:23:51 +0200
Subject: [PATCH 2/5] keep deprecated method for mount for TestContainers to
 avoid direct API dep.

Signed-off-by: Matteo Mortari <matteo.mortari@gmail.com>
---
 go.mod                                     |  2 +-
 internal/testutils/test_container_utils.go | 10 +++++++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index ca416fe37..245465be9 100644
--- a/go.mod
+++ b/go.mod
@@ -42,7 +42,7 @@ require (
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/cpuguy83/dockercfg v0.3.1 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
-	github.com/docker/docker v27.2.1+incompatible
+	github.com/docker/docker v27.2.1+incompatible // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
diff --git a/internal/testutils/test_container_utils.go b/internal/testutils/test_container_utils.go
index 0a1c21c3d..bfa6307d8 100644
--- a/internal/testutils/test_container_utils.go
+++ b/internal/testutils/test_container_utils.go
@@ -10,7 +10,6 @@ import (
 	"os/exec"
 	"testing"
 
-	"github.com/docker/docker/api/types/container"
 	"github.com/kubeflow/model-registry/internal/ml_metadata/proto"
 	testcontainers "github.com/testcontainers/testcontainers-go"
 	"github.com/testcontainers/testcontainers-go/wait"
@@ -86,8 +85,13 @@ func SetupMLMetadataTestContainer(t *testing.T) (*grpc.ClientConn, proto.Metadat
 		Env: map[string]string{
 			"METADATA_STORE_SERVER_CONFIG_FILE": "/tmp/shared/conn_config.pb",
 		},
-		HostConfigModifier: func(hc *container.HostConfig) {
-			hc.Binds = []string{wd + ":/tmp/shared"}
+		Mounts: testcontainers.ContainerMounts{
+			testcontainers.ContainerMount{
+				Source: testcontainers.GenericBindMountSource{ // nolint keep deprecated method to avoid depending directly to docker api exposed by testcontainers' HostConfigModifier
+					HostPath: wd,
+				},
+				Target: "/tmp/shared",
+			},
 		},
 		WaitingFor: wait.ForLog("Server listening on"),
 	}

From 42282a196ad8c6dfac65a10c56b1a62deeecdb90 Mon Sep 17 00:00:00 2001
From: Matteo Mortari <matteo.mortari@gmail.com>
Date: Fri, 30 Aug 2024 15:29:27 +0200
Subject: [PATCH 3/5] refactor GHA, test

Signed-off-by: Matteo Mortari <matteo.mortari@gmail.com>
---
 .github/workflows/fossa-license-scanning.yml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/fossa-license-scanning.yml b/.github/workflows/fossa-license-scanning.yml
index 82d08c512..8fd3047f8 100644
--- a/.github/workflows/fossa-license-scanning.yml
+++ b/.github/workflows/fossa-license-scanning.yml
@@ -7,9 +7,13 @@ on:
     pull_request:
 
 jobs:
-  build:
+  fossa-scan:
+    if: github.repository_owner == 'kubeflow' # FOSSA is not intended to run on forks.
     runs-on: ubuntu-latest
-
+    env:
+      # push-only token, intentional; see https://github.com/fossa-contrib/fossa-action?tab=readme-ov-file#push-only-api-token
+      # this also how other CNCF projects are doing e.g. https://github.com/cncf/foundation/issues/109
+      FOSSA_API_KEY: 80871bdd477c2c97f65e9822cae99d20 # This is a push-only token that is safe to be exposed.
     steps:
       - name: Checkout tree
         uses: actions/checkout@v4
@@ -17,6 +21,4 @@ jobs:
       - name: Run FOSSA scan and upload build data
         uses: fossa-contrib/fossa-action@v3
         with:
-          # push-only token, intentional; see https://github.com/fossa-contrib/fossa-action?tab=readme-ov-file#push-only-api-token
-          # this also how other CNCF projects are doing e.g. https://github.com/cncf/foundation/issues/109
-          fossa-api-key: 80871bdd477c2c97f65e9822cae99d20
+          fossa-api-key: ${{ env.FOSSA_API_KEY }}

From 6b92424aacc0dec9ed050cecab5a34af78164822 Mon Sep 17 00:00:00 2001
From: Matteo Mortari <matteo.mortari@gmail.com>
Date: Mon, 9 Sep 2024 19:13:03 +0200
Subject: [PATCH 4/5] avoid license text in contributing leading to false
 positives

Signed-off-by: Matteo Mortari <matteo.mortari@gmail.com>
---
 CONTRIBUTING.md | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 94bcbc8fb..d16b26fe0 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -28,11 +28,6 @@ The make command shipped with Mac OSX (at the time of writing) is a bit old:
 ```
 % make --version
 GNU Make 3.81
-Copyright (C) 2006  Free Software Foundation, Inc.
-This is free software; see the source for copying conditions.
-There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
-PARTICULAR PURPOSE.
-
 This program built for i386-apple-darwin11.3.0
 ```
 

From 6833f4bc260cab65debb9094699df2d5776e5eaa Mon Sep 17 00:00:00 2001
From: Matteo Mortari <matteo.mortari@gmail.com>
Date: Tue, 10 Sep 2024 11:11:07 +0200
Subject: [PATCH 5/5] move to use fossas/fossa-action

Signed-off-by: Matteo Mortari <matteo.mortari@gmail.com>
---
 .github/workflows/fossa-license-scanning.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/fossa-license-scanning.yml b/.github/workflows/fossa-license-scanning.yml
index 8fd3047f8..e291514cb 100644
--- a/.github/workflows/fossa-license-scanning.yml
+++ b/.github/workflows/fossa-license-scanning.yml
@@ -19,6 +19,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Run FOSSA scan and upload build data
-        uses: fossa-contrib/fossa-action@v3
+        uses: fossas/fossa-action@v1.4.0
         with:
-          fossa-api-key: ${{ env.FOSSA_API_KEY }}
+          api-key: ${{ env.FOSSA_API_KEY }}
+          project: "github.com/kubeflow/model-registry"