check licenses (#297)

* AB#2222 check licenses of dependencies * AB#2222 check-licenses: use setup-go
2024-10-01 01:36:09 -04:00 · 2022-07-26 11:49:13 +02:00 · 2022-07-26 11:49:13 +02:00 · aa0a07592b
commit aa0a07592b
parent db79784045
5 changed files with 79 additions and 0 deletions
--- a/.github/workflows/check-licenses.yml
+++ b/.github/workflows/check-licenses.yml
@ -0,0 +1,24 @@
+name: Check licenses
+on:
+  push:
+    branches: [main]
+  pull_request:
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+
+      - name: Install Go
+        uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
+        with:
+          go-version: "1.18"
+          cache: true
+
+      - name: Install go-licenses
+        run: go install github.com/google/go-licenses@latest
+
+      - name: Check licenses
+        run: hack/check-licenses.sh
--- a/.github/workflows/test-integration.yml
+++ b/.github/workflows/test-integration.yml
@ -25,6 +25,7 @@ jobs:
        uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
        with:
          go-version: "1.18"
+          cache: true

      - name: Install Dependencies
        run: sudo apt-get update && sudo apt-get install -y pkg-config libcryptsetup12 libcryptsetup-dev cmake
--- a/.github/workflows/test-lint.yml
+++ b/.github/workflows/test-lint.yml
@ -33,6 +33,7 @@ jobs:
        uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
        with:
          go-version: "1.18"
+          cache: true

      - name: golangci-lint
        uses: golangci/golangci-lint-action@537aa1903e5d359d0b27dbc19ddd22c5087f3fbc
--- a/.github/workflows/test-unittest.yml
+++ b/.github/workflows/test-unittest.yml
@ -26,6 +26,7 @@ jobs:
        uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
        with:
          go-version: 1.18
+          cache: true

      - name: Install Dependencies
        run: sudo apt-get update && sudo apt-get install -y pkg-config libcryptsetup12 libcryptsetup-dev cmake libvirt-dev
--- a/hack/check-licenses.sh
+++ b/hack/check-licenses.sh
@ -0,0 +1,52 @@
+#!/bin/bash
+
+# Compare licenses of Go dependencies against a whitelist.
+
+set -e -o pipefail
+
+not_allowed() {
+  echo "license not allowed for package: $line"
+  err=1
+}
+
+go mod download
+
+go-licenses csv ./... | {
+while read line; do
+
+  pkg=${line%%,*}
+  lic=${line##*,}
+
+  case $lic in
+    Apache-2.0|BSD-2-Clause|BSD-3-Clause|ISC|MIT)
+      ;;
+
+    MPL-2.0)
+      case $pkg in
+        github.com/talos-systems/talos/pkg/machinery/config/encoder)
+          ;;
+        *)
+          not_allowed
+          ;;
+      esac
+      ;;
+
+    Unknown)
+      case $pkg in
+        github.com/edgelesssys/constellation/*)
+          ;;
+        *)
+          not_allowed
+          ;;
+      esac
+      ;;
+
+    *)
+      echo "unknown license: $line"
+      err=1
+      ;;
+  esac
+
+done
+exit $err
+}