Setup FOSSA as part of CI (#7999)

* Setup FOSSA as part of CI

* Add comments and links to FOSSA docs on script

.fossa.yml

@@ -0,0 +1,38 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Generated by FOSSA CLI (https://github.com/fossas/fossa-cli)
+# Visit https://fossa.com to learn more
+
+version: 2
+cli:
+  server: https://app.fossa.com
+  fetcher: custom
+analyze:
+  modules:
+  - name: assets
+    type: npm
+    target: superset/assets
+    path: superset/assets
+  - name: docs
+    type: pip
+    target: docs
+    path: docs
+  - name: .
+    type: pip
+    target: .
+    path: .

.travis.yml

@@ -16,6 +16,13 @@
 #
 jobs:
   include:
+    - language: python
+      python: 3.6
+      env:
+        - TOXENV=fossa
+      install:
+        - pip install --upgrade pip
+        - pip install tox
     - language: python
       python: 3.6
       env:

scripts/fossa.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# This is the recommended way to install FOSSA's cli per the docs:
+# https://docs.fossa.com/docs/travisci#section-add-fossa-steps-to-travisyml
+curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install.sh | sudo bash
+
+# This key is a push-only API key, also recommended for public projects
+# https://docs.fossa.com/docs/api-reference#section-push-only-api-token
+FOSSA_API_KEY="f72e93645bdfeab94bd227c7bbdda4ef" fossa

tox.ini

@@ -124,6 +124,12 @@ whitelist_externals =
     {toxinidir}/scripts/check_license.sh
 deps =
 
+[testenv:fossa]
+commands =
+    {toxinidir}/scripts/fossa.sh
+passenv = *
+deps =
+
 [testenv:py36-mysql]
 deps =
     -rrequirements.txt
@@ -145,6 +151,7 @@ deps =
 
 [tox]
 envlist =
+    fossa
     black
     cypress-dashboard
     cypress-explore