Skip to content

Commit

Permalink
NEW Check that all dependency licenses are permissive
Browse files Browse the repository at this point in the history
  • Loading branch information
emteknetnz committed Dec 17, 2024
1 parent 752055a commit 717aca7
Showing 1 changed file with 34 additions and 0 deletions.
34 changes: 34 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,14 @@ runs:
echo "Running yarn lint"
yarn run lint
fi
# Validate licenses of all dependencies are permissive
echo "Checking licenses of all dependencies"
npm install -g license-checker
# A list of allowed software licesnses that are permissive - see https://spdx.org/licenses/ for a list of SPDX identifiers
# IMPORTANT! If this is updated also update the same variable in the "Run PHP linting" step
SPDX_ALLOWED_DELIMITED="MIT;MIT-0;ISC;0BSD;BSD-2-Clause;BSD-3-Clause;Apache-2.0;Python-2.0;CC0-1.0;CC-BY-3.0;CC-BY-4.0;Public Domain;Unlicense"
license-checker --production --unknown --out /dev/null --onlyAllow "$SPDX_ALLOWED_DELIMITED"
# If we get to this point, everything was successful
echo "Passed"
- name: "Run PHP linting"
Expand All @@ -302,6 +310,32 @@ runs:
echo "Running PHPStan"
vendor/bin/phpstan analyse
fi
# Validate licenses of all dependencies are permissive
echo "Checking licenses of all dependencies"
composer global require madewithlove/license-checker
COMPOSER_GLOBAL_HOME=$(composer -q -n config --global home)
# A list of allowed software licesnses that are permissive - see https://spdx.org/licenses/ for a list of SPDX identifiers
# IMPORTANT! If this is updated also update the same variable in the "Run JS tests" step
SPDX_ALLOWED_DELIMITED="MIT;MIT-0;ISC;0BSD;BSD-2-Clause;BSD-3-Clause;Apache-2.0;Python-2.0;CC0-1.0;CC-BY-3.0;CC-BY-4.0;Public Domain;Unlicense"
# Translate " " to "__" (and back again later) for any SPDX that has a space in it, such as "Public Domain"
# Otherwise the bash for loop will split on the space
SPDX_ALLOWED_LIST=$(echo $SPDX_ALLOWED_DELIMITED | tr " " "__" | tr ";" "\n")
SPDX_USED_LIST=$($COMPOSER_GLOBAL_HOME/vendor/bin/license-checker --no-dev used)
for SPDX_USED in $SPDX_USED_LIST; do
IS_ALLOWED=0
for SPDX_ALLOWED in $SPDX_ALLOWED_LIST; do
SPDX_ALLOWED=$(echo $SPDX_ALLOWED | tr "__" " ")
if [[ $SPDX_USED == $SPDX_ALLOWED ]]; then
IS_ALLOWED=1
break
fi
done
if [[ $IS_ALLOWED == 0 ]]; then
echo "License $SPDX_USED found in composer dependecies is not allowed"
exit 1
fi
done
# If we get to this point, everything was successful
echo "Passed"
- name: "Run PHP coverage"
Expand Down

0 comments on commit 717aca7

Please sign in to comment.