check licenses (#297)

* AB#2222 check licenses of dependencies

* AB#2222 check-licenses: use setup-go
This commit is contained in:
Thomas Tendyck 2022-07-26 11:49:13 +02:00 committed by GitHub
parent db79784045
commit aa0a07592b
5 changed files with 79 additions and 0 deletions

24
.github/workflows/check-licenses.yml vendored Normal file
View File

@ -0,0 +1,24 @@
name: Check licenses
on:
push:
branches: [main]
pull_request:
jobs:
check:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- name: Install Go
uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
with:
go-version: "1.18"
cache: true
- name: Install go-licenses
run: go install github.com/google/go-licenses@latest
- name: Check licenses
run: hack/check-licenses.sh

View File

@ -25,6 +25,7 @@ jobs:
uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
with:
go-version: "1.18"
cache: true
- name: Install Dependencies
run: sudo apt-get update && sudo apt-get install -y pkg-config libcryptsetup12 libcryptsetup-dev cmake

View File

@ -33,6 +33,7 @@ jobs:
uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
with:
go-version: "1.18"
cache: true
- name: golangci-lint
uses: golangci/golangci-lint-action@537aa1903e5d359d0b27dbc19ddd22c5087f3fbc

View File

@ -26,6 +26,7 @@ jobs:
uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
with:
go-version: 1.18
cache: true
- name: Install Dependencies
run: sudo apt-get update && sudo apt-get install -y pkg-config libcryptsetup12 libcryptsetup-dev cmake libvirt-dev

52
hack/check-licenses.sh Executable file
View File

@ -0,0 +1,52 @@
#!/bin/bash
# Compare licenses of Go dependencies against a whitelist.
set -e -o pipefail
not_allowed() {
echo "license not allowed for package: $line"
err=1
}
go mod download
go-licenses csv ./... | {
while read line; do
pkg=${line%%,*}
lic=${line##*,}
case $lic in
Apache-2.0|BSD-2-Clause|BSD-3-Clause|ISC|MIT)
;;
MPL-2.0)
case $pkg in
github.com/talos-systems/talos/pkg/machinery/config/encoder)
;;
*)
not_allowed
;;
esac
;;
Unknown)
case $pkg in
github.com/edgelesssys/constellation/*)
;;
*)
not_allowed
;;
esac
;;
*)
echo "unknown license: $line"
err=1
;;
esac
done
exit $err
}