Skip to content

Commit

Permalink
Merge pull request #94 from liam-hq/introduce-license-finder
Browse files Browse the repository at this point in the history 
Introduce License Finder to CI
  • Loading branch information
@MH4GF
MH4GF authored Nov 29, 2024
2 parents 109a2dd + d9a41dd commit 2f94337
Show file tree
Hide file tree
Showing 4 changed files with 11,043 additions and 0 deletions.
111 changes: 111 additions & 0 deletions .github/workflows/license-frontend.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
name: License Compliance for frontend

# ## Summary
#
# This workflow runs the license_finder CLI only when it detects an update to files related to the License Finder.
# It also updates $LICENSE_REPORT and git commit.
#
# When triggered by a PR from a forked repository, $LICENSE_REPORT is not updated.
# When triggered by a push to the default branch, $LICENSE_REPORT is not updated either.

on:
push:
branches:
- main
pull_request:
merge_group:

env:
working-directory: frontend

jobs:
license_finder:
runs-on: ubuntu-latest
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
timeout-minutes: 10
env:
LICENSE_REPORT: docs/packages-license.md
steps:
- name: Check if running in a fork
id: fork-check
run: echo "is_fork=${{ github.event.pull_request.head.repo.fork }}" >> "$GITHUB_OUTPUT"
- name: Create GitHub App Token for non-fork PRs
uses: actions/create-github-app-token@v1
if: steps.fork-check.outputs.is_fork != 'true'
id: app-token
with:
app-id: ${{ vars.CI_TRIGGER_APP_ID }}
private-key: ${{ secrets.CI_TRIGGER_APP_PRIVATE_KEY }}
- name: Checkout code for non-fork PRs
if: steps.fork-check.outputs.is_fork != 'true'
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
token: ${{ steps.app-token.outputs.token }}
- name: Checkout code for forked PRs
if: steps.fork-check.outputs.is_fork == 'true'
uses: actions/checkout@v4
# To make the success of this job a prerequisite for merging into the main branch,
# set a filter here instead of on: to determine whether or not to proceed to the next step.
- name: Cache dependency files
uses: actions/cache@v4
id: cache
with:
path: |
.github/workflows/license-frontend.yml
frontend/config/dependency_decisions.yml
frontend/config/license_finder.yml
frontend/package.json
frontend/pnpm-lock.yaml
key: license-frontend-${{ runner.os }}-${{ hashFiles('.github/workflows/license-frontend.yml', 'frontend/config/dependency_decisions.yml', 'frontend/config/license_finder.yml', 'frontend/package.json', 'frontend/pnpm-lock.yaml') }}
- name: Determine if files changed
id: determine
run: |
if [ "${{ steps.cache.outputs.cache-hit }}" = 'true' ]; then
echo "files_changed=false" >> "$GITHUB_OUTPUT"
else
echo "files_changed=true" >> "$GITHUB_OUTPUT"
fi
- uses: ./.github/actions/pnpm-setup
if: steps.determine.outputs.files_changed == 'true'
with:
working-directory: ${{ env.working-directory }}
- uses: ruby/setup-ruby@v1
if: steps.determine.outputs.files_changed == 'true'
with:
ruby-version: '3.3'
- name: Install License Finder
if: steps.determine.outputs.files_changed == 'true'
run: gem install -N license_finder
- name: Run License Finder
if: steps.determine.outputs.files_changed == 'true'
run: license_finder
working-directory: ${{ env.working-directory }}

# Commit the License Finder report as docs/packages-license.md
- name: Generate license report
if: |
steps.fork-check.outputs.is_fork != 'true'
&& steps.determine.outputs.files_changed == 'true'
&& github.ref_name != github.event.repository.default_branch
run: |
mkdir -p "$(dirname "$LICENSE_REPORT")"
license_finder report --format=markdown | tail -n +2 > "$LICENSE_REPORT"
working-directory: ${{ env.working-directory }}
- name: Commit license report and push
if: |
steps.fork-check.outputs.is_fork != 'true'
&& steps.determine.outputs.files_changed == 'true'
&& github.ref_name != github.event.repository.default_branch
run: |
git config user.name 'github-actions[bot]'
git config user.email 'github-actions[bot]@users.noreply.github.com'
git add "$LICENSE_REPORT"
git commit -m "Update $LICENSE_REPORT"
git push origin "$BRANCH_NAME"
env:
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
BRANCH_NAME: ${{ github.event.pull_request.head.ref }}
working-directory: ${{ env.working-directory }}
97 changes: 97 additions & 0 deletions frontend/config/dependency_decisions.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
---
- - :permit
- MIT
- :who: OSPO @masutaka
:why: Compatible with Apache-2.0 license. See https://opensource.org/license/MIT
:versions: []
:when: 2024-11-22 08:47:26.167960000 Z
- - :permit
- Apache 2.0
- :who: OSPO @masutaka
:why: Compatible with Apache-2.0 license. See https://opensource.org/license/apache-2-0
:versions: []
:when: 2024-11-22 08:49:11.117254000 Z
- - :permit
- ISC
- :who: OSPO @masutaka
:why: Compatible with Apache-2.0 license. See https://opensource.org/license/isc-license-txt
:versions: []
:when: 2024-11-22 08:51:11.110071000 Z
- - :permit
- BSD 0-Clause
- :who: OSPO @masutaka
:why: Compatible with Apache-2.0 license. See https://opensource.org/license/0BSD
:versions: []
:when: 2024-11-28 07:37:37.471617000 Z
- - :permit
- BSD 2-Clause
- :who: OSPO @masutaka
:why: Compatible with Apache-2.0 license. See https://opensource.org/license/BSD-2-Clause
:versions: []
:when: 2024-11-28 07:38:25.201366000 Z
- - :permit
- BSD 3-Clause
- :who: OSPO @masutaka
:why: Compatible with Apache-2.0 license. See https://opensource.org/license/BSD-3-Clause
:versions: []
:when: 2024-11-28 07:39:06.925601000 Z
- - :permit
- BlueOak-1.0.0
- :who: OSPO @masutaka
:why: Compatible with Apache-2.0 license. See https://opensource.org/license/blue-oak-model-license
:versions: []
:when: 2024-11-28 07:42:02.017807000 Z
- - :permit
- The Unlicense
- :who: OSPO @masutaka
:why: Compatible with Apache-2.0 license. See https://opensource.org/license/Unlicense
:versions: []
:when: 2024-11-28 07:44:45.338620000 Z
- - :permit
- CC-BY-4.0
- :who: OSPO @masutaka
:why: Compatible with Apache-2.0 license. See https://creativecommons.org/licenses/by/4.0/
:versions: []
:when: 2024-11-28 07:45:51.500569000 Z
- - :approve
- argparse
- :who: OSPO @masutaka
:why: Python 2.0 license is compatible with Apache-2.0. But License Finder does
not support the name "Python-2.0". See https://github.com/pivotal/LicenseFinder/pull/1053
:versions:
- 2.0.1
:when: 2024-11-28 08:54:56.971593000 Z
- - :approve
- jsonify
- :who: OSPO @masutaka
:why: Public Domain is compatible with Apache-2.0. But it is not a software license.
See https://github.com/liam-hq/liam/issues/111
:versions:
- 0.0.1
:when: 2024-11-29 03:35:11.884802000 Z
- - :permit
- LGPL-3.0-or-later
- :who: OSPO @masutaka
:why: Compatible with Apache-2.0 license. See https://opensource.org/license/LGPL-3.0
:versions: []
:when: 2024-11-29 08:54:34.886267000 Z
- - :permit
- CC0 1.0 Universal
- :who: OSPO @masutaka
:why: Compatible with Apache-2.0 license. See https://creativecommons.org/publicdomain/zero/1.0/
:versions: []
:when: 2024-11-29 08:56:44.903744000 Z
- - :approve
- spawndamnit
- :who: OSPO @masutaka
:why: Its license is MIT, but it is mis-detected as a "SEE LICENSE IN LICENSE"
license. See https://github.com/jamiebuilds/spawndamnit/pull/11
:versions:
- 3.0.1
:when: 2024-11-29 09:06:33.106701000 Z
- - :permit
- Mozilla Public License 2.0
- :who: OSPO @masutaka
:why: Compatible with Apache-2.0 license. See https://opensource.org/license/mpl-2-0
:versions: []
:when: 2024-11-29 09:12:22.146432000 Z
4 changes: 4 additions & 0 deletions frontend/config/license_finder.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
decisions_file: 'config/dependency_decisions.yml'
enabled_package_managers:
- pnpm
Loading

0 comments on commit 2f94337

Please sign in to comment.