[feature] Add license and package_info to bazel generator

[peakschris]

What is your suggestion?

Bazel's sbom generator (rules_license) requires that package build files contain a number of declarations to teach bazel about name, package url, license, etc. Could conan's bazel generator include this information in the build files that it generates?

Here is an example for the poco build file:

load("@rules_license//rules:package_info.bzl", "package_info")
load("@rules_license//rules:license.bzl", "license")

package(
    default_package_metadata = [":license", ":package_info"],
    default_visibility = ["//visibility:public"]
)

license(
    name = "license",
    license_kinds = [
        "@rules_license//licenses/spdx:BSL-1.0",
    ],
    # reference to the license filename inside the conan artifact
    license_text = ["LICENSE"],
)

package_info(
    name = "package_info",
    package_name = "poco",
    package_url = None,
    package_version = "{version}",
    purl = "pkg:conan/pocoproject/poco@{version}",
)

If we can agree on an approach, I could possibly contribute a PR

Have you read the CONTRIBUTING guide?

• I've read the CONTRIBUTING guide

[peakschris]

@aiuto fyi

[franramirez688]

Hi @peakschris

Thanks for suggesting this! I have no objection to adding this.
Would you want to contribute with a PR? I can help with that for sure 😁

[uilianries]

Hello @peakschris,

Thank you for your suggestion and for your patience while we reviewed it.
After carefully evaluating your request to include rules_license in the BazelDeps Conan generator, and discussing it with @franramirez688, we’ve decided not to proceed with this feature at this time. Below are the key reasons behind our decision:

• Still under discussion: Not only you, but there is a whole community interest in SBOM support, the issue Produce an SBOM for Bazel bazelbuild/bazel#16331 and discussion What is status and timeline of SBOM work? bazelbuild/bazel#22966 demonstrates it. However, these threads indicate that the development of SBOM-related features in Bazel is still incomplete and lacks stability. Additionally, the main developer behind these efforts is no longer active in the project. The BazelCon 2024 demonstrated many open ideas still under discussion.

• The rules_license is not stable: While rules_license has a tagged 1.0.0 release, but its README explicitly states that the project is in "active initial development" and subject to significant changes. This instability could lead to breaking changes that would impact Conan users, requiring frequent updates to both Conan and their Bazel configurations.

Sorry for refusing your feature request, and I hope these points are clear enough to explain our motivation behind of this decision.

---

While we’re not going to integrate this feature into the BazelDeps generator for now, we want to emphasize that SBOM support is an important topic for us. Regardless of any specific generator, we are actively working on enabling Conan to generate SBOMs. You can follow our progress in the PR #17559 and related issues by searching for "SBOM" in the Conan repository for more discussions.

Please, feel free to shared your specific SBOM use case, as your feedback could help shape this ongoing work.

Thank you again for your suggestion, and please don’t hesitate to share any further thoughts or ideas.

Cheers!