constellation/bazel/ci/golicenses.sh.in
2023-05-23 13:44:56 +02:00

92 lines
1.6 KiB
Bash

#!/usr/bin/env bash
# Compare licenses of Go dependencies against a whitelist.
###### script header ######
lib=$(realpath @@BASE_LIB@@) || exit 1
stat "${lib}" >> /dev/null || exit 1
# shellcheck source=../sh/lib.bash
if ! source "${lib}"; then
echo "Error: could not find import"
exit 1
fi
go=$(realpath @@GO@@)
stat "${go}" >> /dev/null
golicenses=$(realpath @@GO_LICENSES@@)
stat "${golicenses}" >> /dev/null
cd "${BUILD_WORKSPACE_DIRECTORY}"
###### script body ######
not_allowed() {
echo "license not allowed for package: ${line}"
err=1
}
${go} mod download
err=0
PATH="$(dirname "${go}"):${PATH}" \
GOROOT=$(${go} env GOROOT) \
GOPATH=$(${go} env GOPATH) \
GOCACHE=$(${go} env GOCACHE) \
${golicenses} csv ./... | {
while read -r line; do
pkg=${line%%,*}
lic=${line##*,}
case ${lic} in
Apache-2.0 | BSD-2-Clause | BSD-3-Clause | ISC | MIT) ;;
MPL-2.0)
case ${pkg} in
github.com/siderolabs/talos/pkg/machinery/config/encoder) ;;
github.com/letsencrypt/boulder) ;;
github.com/hashicorp/*) ;;
*)
not_allowed
;;
esac
;;
AGPL-3.0)
case ${pkg} in
github.com/edgelesssys/constellation/v2) ;;
github.com/edgelesssys/constellation/v2/operators/constellation-node-operator/v2/api/v1alpha1) ;;
*)
not_allowed
;;
esac
;;
Unknown)
case ${pkg} in
github.com/edgelesssys/go-tdx-qpl/*) ;;
*)
not_allowed
;;
esac
;;
*)
echo "unknown license: ${line}"
err=1
;;
esac
done
exit "${err}"
}