constellation/hack/check-licenses.sh

#!/usr/bin/env bash

# Compare licenses of Go dependencies against a whitelist.

set -euo pipefail
shopt -s inherit_errexit

not_allowed() {
  echo "license not allowed for package: ${line}"
  err=1
}

go mod download

go-licenses csv ./... | {
while read -r line; do

  pkg=${line%%,*}
  lic=${line##*,}

  case ${lic} in
    Apache-2.0|BSD-2-Clause|BSD-3-Clause|ISC|MIT)
      ;;

    MPL-2.0)
      case ${pkg} in
        github.com/talos-systems/talos/pkg/machinery/config/encoder)
          ;;
        github.com/letsencrypt/boulder)
          ;;
        github.com/hashicorp/*)
          ;;
        *)
          not_allowed
          ;;
      esac
      ;;

    AGPL-3.0)
      case ${pkg} in
        github.com/edgelesssys/constellation/v2)
          ;;
        *)
          not_allowed
          ;;
      esac
      ;;

    Unknown)
      case ${pkg} in
        *)
          not_allowed
          ;;
      esac
      ;;

    *)
      echo "unknown license: ${line}"
      err=1
      ;;
  esac

done
exit "${err}"
}
Use env to find bash in shebang (#225) 2022-10-10 08:21:17 -04:00			`#!/usr/bin/env bash`
check licenses (#297) * AB#2222 check licenses of dependencies * AB#2222 check-licenses: use setup-go 2022-07-26 05:49:13 -04:00
			`# Compare licenses of Go dependencies against a whitelist.`

Fix shellcheck warnings Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2022-11-10 04:28:35 -05:00			`set -euo pipefail`
			`shopt -s inherit_errexit`
check licenses (#297) * AB#2222 check licenses of dependencies * AB#2222 check-licenses: use setup-go 2022-07-26 05:49:13 -04:00
			`not_allowed() {`
Fix shellcheck warnings Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2022-11-10 04:28:35 -05:00			`echo "license not allowed for package: ${line}"`
check licenses (#297) * AB#2222 check licenses of dependencies * AB#2222 check-licenses: use setup-go 2022-07-26 05:49:13 -04:00			`err=1`
			`}`

			`go mod download`

			`go-licenses csv ./... \| {`
Fix shellcheck warnings Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2022-11-10 04:28:35 -05:00			`while read -r line; do`
check licenses (#297) * AB#2222 check licenses of dependencies * AB#2222 check-licenses: use setup-go 2022-07-26 05:49:13 -04:00
			`pkg=${line%%,*}`
			`lic=${line##*,}`

Fix shellcheck warnings Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2022-11-10 04:28:35 -05:00			`case ${lic} in`
check licenses (#297) * AB#2222 check licenses of dependencies * AB#2222 check-licenses: use setup-go 2022-07-26 05:49:13 -04:00			`Apache-2.0\|BSD-2-Clause\|BSD-3-Clause\|ISC\|MIT)`
			`;;`

			`MPL-2.0)`
Fix shellcheck warnings Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2022-11-10 04:28:35 -05:00			`case ${pkg} in`
check licenses (#297) * AB#2222 check licenses of dependencies * AB#2222 check-licenses: use setup-go 2022-07-26 05:49:13 -04:00			`github.com/talos-systems/talos/pkg/machinery/config/encoder)`
			`;;`
AB#2159 Feat/cli/fetch measurements (#301) Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-08-01 03:37:05 -04:00			`github.com/letsencrypt/boulder)`
			`;;`
Use terraform in CLI to create QEMU cluster (#172) * Use terraform in CLI to create QEMU cluster * Dont allow qemu creation on os/arch other than linux/amd64 * Allow usage of --name flag for QEMU resources Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-09-26 09:52:31 -04:00			`github.com/hashicorp/*)`
			`;;`
check licenses (#297) * AB#2222 check licenses of dependencies * AB#2222 check-licenses: use setup-go 2022-07-26 05:49:13 -04:00			`*)`
			`not_allowed`
			`;;`
			`esac`
			`;;`

we are fine to use AGPL-3.0 (#384) Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-08-19 09:57:01 -04:00			`AGPL-3.0)`
Fix shellcheck warnings Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2022-11-10 04:28:35 -05:00			`case ${pkg} in`
Update check-licenses.sh to use constellation/v2 2022-09-21 09:40:02 -04:00			`github.com/edgelesssys/constellation/v2)`
check licenses (#297) * AB#2222 check licenses of dependencies * AB#2222 check-licenses: use setup-go 2022-07-26 05:49:13 -04:00			`;;`
			`*)`
			`not_allowed`
			`;;`
			`esac`
			`;;`

we are fine to use AGPL-3.0 (#384) Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-08-19 09:57:01 -04:00			`Unknown)`
Fix shellcheck warnings Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2022-11-10 04:28:35 -05:00			`case ${pkg} in`
we are fine to use AGPL-3.0 (#384) Signed-off-by: Fabian Kammel <fk@edgeless.systems> 2022-08-19 09:57:01 -04:00			`*)`
			`not_allowed`
			`;;`
			`esac`
			`;;`

check licenses (#297) * AB#2222 check licenses of dependencies * AB#2222 check-licenses: use setup-go 2022-07-26 05:49:13 -04:00			`*)`
Fix shellcheck warnings Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2022-11-10 04:28:35 -05:00			`echo "unknown license: ${line}"`
check licenses (#297) * AB#2222 check licenses of dependencies * AB#2222 check-licenses: use setup-go 2022-07-26 05:49:13 -04:00			`err=1`
			`;;`
			`esac`

			`done`
Fix shellcheck warnings Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2022-11-10 04:28:35 -05:00			`exit "${err}"`
check licenses (#297) * AB#2222 check licenses of dependencies * AB#2222 check-licenses: use setup-go 2022-07-26 05:49:13 -04:00			`}`