mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
92 lines
1.6 KiB
Bash
92 lines
1.6 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
# Compare licenses of Go dependencies against a whitelist.
|
|
|
|
###### script header ######
|
|
|
|
lib=$(realpath @@BASE_LIB@@) || exit 1
|
|
stat "${lib}" >> /dev/null || exit 1
|
|
|
|
# shellcheck source=../sh/lib.bash
|
|
if ! source "${lib}"; then
|
|
echo "Error: could not find import"
|
|
exit 1
|
|
fi
|
|
|
|
go=$(realpath @@GO@@)
|
|
stat "${go}" >> /dev/null
|
|
golicenses=$(realpath @@GO_LICENSES@@)
|
|
stat "${golicenses}" >> /dev/null
|
|
|
|
cd "${BUILD_WORKSPACE_DIRECTORY}"
|
|
|
|
###### script body ######
|
|
|
|
not_allowed() {
|
|
echo "license not allowed for package: ${line}"
|
|
err=1
|
|
}
|
|
|
|
${go} mod download
|
|
|
|
err=0
|
|
|
|
PATH="$(dirname "${go}"):${PATH}" \
|
|
GOROOT=$(${go} env GOROOT) \
|
|
GOPATH=$(${go} env GOPATH) \
|
|
GOCACHE=$(${go} env GOCACHE) \
|
|
${golicenses} csv ./... | {
|
|
while read -r line; do
|
|
|
|
pkg=${line%%,*}
|
|
lic=${line##*,}
|
|
|
|
case ${lic} in
|
|
Apache-2.0 | BSD-2-Clause | BSD-3-Clause | ISC | MIT) ;;
|
|
|
|
MPL-2.0)
|
|
case ${pkg} in
|
|
github.com/siderolabs/talos/pkg/machinery/config/encoder) ;;
|
|
|
|
github.com/letsencrypt/boulder) ;;
|
|
|
|
github.com/hashicorp/*) ;;
|
|
|
|
*)
|
|
not_allowed
|
|
;;
|
|
esac
|
|
;;
|
|
|
|
AGPL-3.0)
|
|
case ${pkg} in
|
|
github.com/edgelesssys/constellation/v2) ;;
|
|
|
|
github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/v2/api/v1alpha1) ;;
|
|
|
|
*)
|
|
not_allowed
|
|
;;
|
|
esac
|
|
;;
|
|
|
|
Unknown)
|
|
case ${pkg} in
|
|
github.com/edgelesssys/go-tdx-qpl/*) ;;
|
|
|
|
*)
|
|
not_allowed
|
|
;;
|
|
esac
|
|
;;
|
|
|
|
*)
|
|
echo "unknown license: ${line}"
|
|
err=1
|
|
;;
|
|
esac
|
|
|
|
done
|
|
exit "${err}"
|
|
}
|