Add license scan report and status

[fossabot]

Your FOSSA integration was successful! Attached in this PR is a badge and license report to track scan status in your README.

Below are docs for integrating FOSSA license checks into your CI:

• CircleCI
• TravisCI
• Jenkins
• Other

[kmesh-bot]

Welcome @fossabot! It looks like this is your first PR to kmesh-net/waypoint 🎉

[gemini-code-assist]

Summary of Changes

Hello @fossabot, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces FOSSA license scanning integration for better compliance tracking and updates the project's Envoy dependency to a specific fork. Additionally, it enhances the existing Zipkin tracing within the Mixer HTTP filter to provide more detailed service context in the generated traces.

Highlights

• FOSSA Integration: Integrated FOSSA license scanning by adding status badges to the README.md file, providing a visual indicator of the project's license compliance status.
• Envoy Dependency Update: Updated the WORKSPACE configuration to point to a different Envoy git repository fork (amalgam8/envoy) and a new commit hash, indicating a change in the specific Envoy version or variant being used.
• Envoy Build Artifacts: Added new SHA256 checksum files for envoy-alpha and envoy-debug tarballs, likely corresponding to the updated Envoy dependency.
• Zipkin Tracing Enhancement: Enhanced the Mixer HTTP filter (http_filter.cc) to include updateSpan logic. This new functionality aims to enrich Zipkin traces by dynamically setting source and destination service names based on information obtained after the Mixer check call.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[kmesh-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign hzxuzhonghu for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gemini-code-assist]

Code Review

This pull request, apparently created by the FOSSA tool, introduces a license scan badge and report. However, it also includes several other significant changes that are not described. The Envoy dependency is switched to a fork, and new tracing-related code is added to the mixer HTTP filter. This new tracing code appears to be incomplete and likely contains bugs. Additionally, there are some minor formatting issues in the README.

[gemini-code-assist]

The implementation of updateSpan appears to be a placeholder and is incorrect.

1. Incorrect calls: The calls to span.setSourceService() and span.setDestinationService() are made without arguments, while the inline comments (//need source service name.) indicate they are required. This will likely cause a build failure or a runtime bug, breaking tracing functionality. The function's purpose is to use data from Mixer's response, but the implementation does not extract or use any such data.
2. Tight Coupling: The use of dynamic_cast to Tracing::ZipkinSpan tightly couples this code to a specific tracing implementation. Consider extending the Tracing::Span interface to make this more generic and maintainable.

This is a critical issue that needs to be addressed before merging.

[gemini-code-assist]

This change switches the envoy dependency from the official lyft/envoy repository to the amalgam8/envoy fork. This is a major change that should be clearly explained in the pull request description. Using a fork can introduce risks related to maintenance, security, and falling behind the upstream project. Please add a comment to the git_repository rule or update the PR description to justify why this fork is necessary.

[gemini-code-assist]

This extra blank line is unnecessary. A single blank line is sufficient to separate sections in Markdown.

[gemini-code-assist]

The file is missing a final newline character. It's a common convention and good practice to end files with a newline. Some tools and systems might not process the last line correctly if it's missing.