From 11c5ff5f8e5ac88775274646b94368161ee0adbf Mon Sep 17 00:00:00 2001 From: Penar Musaraj Date: Tue, 26 Apr 2022 14:09:42 -0400 Subject: [PATCH] DEV: Add CI job that audits dependency licenses (#16568) --- .github/workflows/licenses.yml | 73 ++++++++++++++++++++++++++++++++++ .gitignore | 3 ++ .licensed.yml | 44 ++++++++++++++++++-- .licensee.json | 17 ++++++++ 4 files changed, 133 insertions(+), 4 deletions(-) create mode 100644 .github/workflows/licenses.yml create mode 100644 .licensee.json diff --git a/.github/workflows/licenses.yml b/.github/workflows/licenses.yml new file mode 100644 index 00000000000..72abb7b6c9d --- /dev/null +++ b/.github/workflows/licenses.yml @@ -0,0 +1,73 @@ +name: Licenses + +on: + pull_request: + push: + branches: + - master + - main + +jobs: + build: + name: run + runs-on: ubuntu-latest + container: discourse/discourse_test:release + timeout-minutes: 30 + + steps: + - uses: actions/checkout@master + with: + fetch-depth: 1 + + - name: Setup Git + run: | + git config --global user.email "ci@ci.invalid" + git config --global user.name "Discourse CI" + + - name: Bundler cache + uses: actions/cache@v2 + with: + path: vendor/bundle + key: ${{ runner.os }}-gem-${{ hashFiles('**/Gemfile.lock') }} + restore-keys: | + ${{ runner.os }}-gem- + + - name: Setup gems + run: | + bundle config --local path vendor/bundle + bundle config --local deployment true + bundle config --local without development + bundle install --jobs 4 + bundle clean + + - name: Setup licensed + run: | + gem install licensed + + - name: Get yarn cache directory + id: yarn-cache-dir + run: echo "::set-output name=dir::$(yarn cache dir)" + + - name: Yarn cache + uses: actions/cache@v2 + id: yarn-cache + with: + path: ${{ steps.yarn-cache-dir.outputs.dir }} + key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }} + restore-keys: | + ${{ runner.os }}-yarn- + + - name: Check RubyGems Licenses + if: ${{ always() }} + run: | + licensed cache + licensed status + + - name: Yarn install + run: yarn install + + - name: Check Yarn Licenses + if: ${{ always() }} + run: | + yarn add licensee + yarn exec licensee -- --errors-only diff --git a/.gitignore b/.gitignore index 83b52f4bb73..11f40d38b65 100644 --- a/.gitignore +++ b/.gitignore @@ -59,3 +59,6 @@ yarn-error.log # Generated API documentation files openapi/* + +# Cached License Data Files +/.licenses diff --git a/.licensed.yml b/.licensed.yml index 9bc70408810..178118521fd 100644 --- a/.licensed.yml +++ b/.licensed.yml @@ -1,12 +1,48 @@ sources: - yarn: true bundler: true allowed: - - mit + - 0bsd - apache-2.0 - bsd-2-clause - bsd-3-clause - cc0-1.0 - isc - - other - - none \ No newline at end of file + - mit + - ruby + +ignored: + bundler: + - rchardet # Ruby terms + +reviewed: + bundler: + - activerecord # MIT + - coderay # MIT + - concurrent-ruby # MIT + - css_parser # MIT + - excon # MIT + - faraday-em_http # MIT + - faraday-em_synchrony # MIT + - faraday-excon # MIT + - faraday-httpclient # MIT + - faraday-patron # MIT + - faraday-net_http # MIT + - faraday-rack # MIT + - highline # GPL-2.0 OR Ruby terms + - htmlentities # MIT + - image_size # MIT + - json # Ruby terms + - jwt # MIT + - kgio # LGPL-2.1+ + - logstash-event # Apache-2.0 + - omniauth # MIT + - openssl # Ruby terms + - pg # Ruby terms + - r2 # Apache-2.0 (Twitter) + - racc # Ruby terms + - raindrops # LGPL-2.1+ + - rubyzip # Ruby terms + - sidekiq # LGPL (Sidekiq) + - tilt + - unf # BSD-2-Clause + - unicorn \ No newline at end of file diff --git a/.licensee.json b/.licensee.json new file mode 100644 index 00000000000..6fe0d279c89 --- /dev/null +++ b/.licensee.json @@ -0,0 +1,17 @@ +{ + "licenses": { + "blueOak": "bronze", + "spdx": [ + "CC0-1.0", + "CC-BY-3.0", + "CC-BY-4.0", + "Apache-2.0 WITH LLVM-exception" + ] + }, + "packages": { + "@fortawesome/fontawesome-free": "*", + "ember-template-lint-plugin-discourse": "*", + "squoosh": "2.0.0" + }, + "corrections": true +} \ No newline at end of file