Create THIRD-PARTY-NOTICES.txt

[rajapandi1234]

Summary by CodeRabbit

• Documentation
  • Added third-party notices documenting all included packages, their licenses, and versions. Full license texts are available in the repository's license directory.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

A THIRD-PARTY-NOTICES.txt file was added to document third-party software dependencies, including Apache Maven Dependency Plugin, mosip/kattu GitHub Actions Workflows, and artifactory-ref-impl, with their respective licenses and attributions.

Changes

Cohort / File(s)	Summary
Third-Party Licensing Documentation THIRD-PARTY-NOTICES.txt	Added file documenting third-party packages with license information (Apache 2.0, MIT, MPL-2.0), versions, homepages, and reference to full license texts in the license/ directory.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

📜 A notice added with care so fine,
Third-party thanks in every line,
Apache, MIT, and MPL's name,
Proper credit—that's the game! 🐰✨

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Create THIRD-PARTY-NOTICES.txt' directly and accurately reflects the main change - adding a new file to document third-party packages and their licenses.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

Fix all issues with AI Agents 🤖

In @THIRD-PARTY-NOTICES.txt:
- Line 40: The line in THIRD-PARTY-NOTICES.txt referencing the non-existent
"license/" directory is incorrect; either create a "license/" directory
containing the full license texts and add the corresponding files, or
remove/replace that sentence with an accurate reference (for example point to
the actual directory where license files live or simply state that full licenses
are included inline or available from upstream); update the sentence on line 40
accordingly so the document no longer points to a missing path.
- Line 37: Update the homepage URL in THIRD-PARTY-NOTICES.txt by replacing the
incorrect URL "https://github.com/Rakshithasai123/artifactory-ref-impl" with the
official MOSIP repository URL "https://github.com/mosip/artifactory-ref-impl" so
the notice points to the authoritative project location.
- Line 15: Update the license string for the mosip/kattu workflow entries in
THIRD-PARTY-NOTICES.txt from "MIT License (Inferred from project’s official
repository)" to "CC0-1.0 (Creative Commons Zero v1.0 Universal)" for the three
workflow items corresponding to chart-lint-publish.yml, docker-build.yml, and
tag.yml; locate each workflow entry by its filename label in the notices file
and replace the license declaration text accordingly so all three entries
reflect CC0-1.0.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 548e83b and f6bffff.

📒 Files selected for processing (1)

• THIRD-PARTY-NOTICES.txt

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

cat THIRD-PARTY-NOTICES.txt

Repository: mosip/artifactory-ref-impl

Length of output: 2105

---

🌐 Web query:

mosip/kattu repository LICENSE file GitHub

💡 Result:

I couldn't find a repository named mosip/kattu on GitHub. The mosip GitHub organization lists its repositories (and notes most core modules use the Mozilla Public License 2.0). See the MOSIP org page. [1]

If you intended a different repo name or a fork/individual account, tell me the exact repo URL or owner and I can look it up. [1]: https://github.com/mosip

---

🌐 Web query:

kattu GitHub repository

💡 Result:

The kattu repository is on GitHub at techgaun/kattu — a small Node.js CLI that "runs commands quietly unless the command fails." [1] It’s also published on npm/Skypack. [2]

Sources:
[1] GitHub — techgaun/kattu.
[2] Skypack (npm package page for kattu).

---

🏁 Script executed:

#!/bin/bash
# Search for any references to mosip/kattu or just kattu in common locations
echo "Checking MOSIP GitHub org repositories..."
curl -s https://api.github.com/orgs/mosip/repos?per_page=100 | grep -i "kattu" || echo "No kattu found in MOSIP org repos"

echo -e "\n\nSearching for 'kattu' repository across GitHub..."
# Try direct API search
curl -s "https://api.github.com/search/repositories?q=kattu+org:mosip" | head -50

Repository: mosip/artifactory-ref-impl

Length of output: 6128

---

🏁 Script executed:

#!/bin/bash
# Fetch the LICENSE file from mosip/kattu
echo "Checking mosip/kattu LICENSE file:"
curl -s https://raw.githubusercontent.com/mosip/kattu/master/LICENSE | head -20

# Also check common license locations
echo -e "\n\nChecking for LICENSE.txt:"
curl -s https://raw.githubusercontent.com/mosip/kattu/master/LICENSE.txt | head -20

# Check if it's in a licenses directory
echo -e "\n\nChecking repository structure:"
curl -s https://api.github.com/repos/mosip/kattu/license | jq '.license'

Repository: mosip/artifactory-ref-impl

Length of output: 1202

---

Correct the license declarations for mosip/kattu workflows to CC0-1.0.

The mosip/kattu repository uses CC0-1.0 (Creative Commons Zero v1.0 Universal), not MIT License. Update all three workflow entries (chart-lint-publish.yml, docker-build.yml, and tag.yml) in THIRD-PARTY-NOTICES.txt to reflect the correct license.

Also applies to: lines 22, 29

🤖 Prompt for AI Agents

In @THIRD-PARTY-NOTICES.txt around line 15, Update the license string for the
mosip/kattu workflow entries in THIRD-PARTY-NOTICES.txt from "MIT License
(Inferred from project’s official repository)" to "CC0-1.0 (Creative Commons
Zero v1.0 Universal)" for the three workflow items corresponding to
chart-lint-publish.yml, docker-build.yml, and tag.yml; locate each workflow
entry by its filename label in the notices file and replace the license
declaration text accordingly so all three entries reflect CC0-1.0.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, let's check if THIRD-PARTY-NOTICES.txt exists and read its content
if [ -f "THIRD-PARTY-NOTICES.txt" ]; then
    echo "=== THIRD-PARTY-NOTICES.txt content ==="
    cat -n THIRD-PARTY-NOTICES.txt
else
    echo "THIRD-PARTY-NOTICES.txt not found at root"
    find . -name "THIRD-PARTY-NOTICES.txt" -type f
fi

Repository: mosip/artifactory-ref-impl

Length of output: 2425

---

🏁 Script executed:

# Check for repository metadata and configuration files
echo "=== Repository context ==="
if [ -f ".git/config" ]; then
    echo "Git remote origin:"
    git config --get remote.origin.url
fi

# Check for any README or documentation about the repository
if [ -f "README.md" ]; then
    echo -e "\n=== README.md (first 50 lines) ==="
    head -50 README.md
fi

Repository: mosip/artifactory-ref-impl

Length of output: 950

---

🏁 Script executed:

# Check git history to understand the source of this file
echo "=== Git log for THIRD-PARTY-NOTICES.txt ==="
git log --oneline --follow THIRD-PARTY-NOTICES.txt 2>/dev/null | head -10

Repository: mosip/artifactory-ref-impl

Length of output: 152

---

Update the homepage URL to reference the official MOSIP organization repository.

Line 37 currently points to https://github.com/Rakshithasai123/artifactory-ref-impl, but this project is hosted under the official MOSIP organization at https://github.com/mosip/artifactory-ref-impl. Update the homepage URL to reference the correct authoritative repository.

🤖 Prompt for AI Agents

In @THIRD-PARTY-NOTICES.txt around line 37, Update the homepage URL in
THIRD-PARTY-NOTICES.txt by replacing the incorrect URL
"https://github.com/Rakshithasai123/artifactory-ref-impl" with the official
MOSIP repository URL "https://github.com/mosip/artifactory-ref-impl" so the
notice points to the authoritative project location.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify license directory and contents
if [ -d "license/" ]; then
  echo "✓ license/ directory exists"
  echo "Contents:"
  find license/ -type f \( -name "*.txt" -o -name "LICENSE*" -o -name "*.md" \) | sort
  echo ""
  echo "Total license files:"
  find license/ -type f | wc -l
else
  echo "✗ license/ directory not found in repository root"
  echo ""
  echo "Searching for similar directories:"
  find . -maxdepth 3 -type d -iname "*license*" 2>/dev/null | sort
fi

Repository: mosip/artifactory-ref-impl

Length of output: 155

---

Remove or correct the reference to the non-existent license/ directory.

The license/ directory referenced on line 40 does not exist in the repository. Either create the directory with the corresponding license files or remove the reference to maintain accuracy of the documentation. This is a compliance issue—the file should only reference directories and files that are actually available to users.

🤖 Prompt for AI Agents

In @THIRD-PARTY-NOTICES.txt around line 40, The line in THIRD-PARTY-NOTICES.txt
referencing the non-existent "license/" directory is incorrect; either create a
"license/" directory containing the full license texts and add the corresponding
files, or remove/replace that sentence with an accurate reference (for example
point to the actual directory where license files live or simply state that full
licenses are included inline or available from upstream); update the sentence on
line 40 accordingly so the document no longer points to a missing path.