fix(ci): add missing licenses (#1253)

teutonet · Nov 22, 2024 · dc06e17 · dc06e17
1 parent 169aeba
commit dc06e17
Showing 1 changed file with 34 additions and 7 deletions.
diff --git a/.github/scripts/scan-for-licenses.sh b/.github/scripts/scan-for-licenses.sh
@@ -8,19 +8,49 @@ set -o pipefail
 
 WHITELIST=(
   "AGPL-3.0" # We're not writing software 🤷
+  "AGPL-3.0-only"
+  "AGPL-3.0-or-later"
   "CC-BY-SA-3.0"
+  "CDDL-1.0"
+  "CDDL-1.1"
+  "EPL-1.0"
+  "EPL-2.0"
   "CPL-1.0"
   "GPL-1.0"
+  "GPL-1.0-only"
+  "GPL-1.0-or-later"
+  "GPLv2"
+  "GPLv2+"
+  "GPLv2 with exceptions"
+  "GPLv3+"
   "GPL-2.0"
+  "GPL-2.0-only"
+  "GPL-2.0-or-later"
   "GPL-2.0-with-autoconf-exception"
+  "GPL-2.0-with-autoconf-exception+"
   "GPL-2.0-with-bison-exception"
+  "GPL-2.0-with-bison-exception+"
+  "GPL-2.0-with-classpath-exception"
   "GPL-3.0"
+  "GPL-3.0-only"
+  "GPL-3.0-or-later"
+  "GPL-3.0-with-autoconf-exception+"
   "GPL-3.0-with-autoconf-exception"
+  "LGPLv2"
+  "LGPLv2+"
   "LGPL-2.0"
+  "LGPL-2.0-only"
+  "LGPL-2.0-or-later"
   "LGPL-2.1"
+  "LGPL-2.1-only"
+  "LGPL-2.1-or-later"
+  "LGPLv3+"
   "LGPL-3.0"
+  "LGPL-3.0-only"
+  "LGPL-3.0-or-later"
   "MPL-1.1"
   "MPL-2.0"
+  "MPLv2.0"
   "Ruby"
   "Sleepycat"
   "WTFPL"
@@ -34,17 +64,17 @@ function scanLicenses() {
   local unacceptedLicenses=()
   local unacceptedLicense
   licenseMap="$(yq -r '.annotations["artifacthub.io/images"]' "$chart/Chart.yaml" | yq -r '.[] | .image' |
-    parallel -k trivy image {} --severity HIGH,CRITICAL,MEDIUM -f json --scanners license --license-full --quiet  |
+    parallel -k trivy image {} --severity HIGH,CRITICAL,MEDIUM -f json --scanners license --license-full --quiet |
     jq -s -r "$licenseConversionJq")"
-  mapfile -t unacceptedLicenses < <(<<<"$licenseMap" jq -r --argjson acceptedLicenses "[\"$(echo -n "${WHITELIST[@]}" | tr " " \\n |
+  mapfile -t unacceptedLicenses < <(jq <<<"$licenseMap" -r --argjson acceptedLicenses "[\"$(echo -n "${WHITELIST[@]}" | tr " " \\n |
     paste -sd '@' | sed 's#@#","#g')\"]" '(keys-$acceptedLicenses)[]')
   if [[ "${#unacceptedLicenses[@]}" -gt 0 ]]; then
     echo "found ${#unacceptedLicenses[@]} untrusted images in '$chart', please fix;" >&2
     for unacceptedLicense in "${unacceptedLicenses[@]}"; do
       echo "license $unacceptedLicense has not been accepted and is used in the following images:" >&2
-      for image in $(<<<"$licenseMap" jq -r --arg unacceptedLicense "$unacceptedLicense" '.[$unacceptedLicense] | keys[]'); do
+      for image in $(jq <<<"$licenseMap" -r --arg unacceptedLicense "$unacceptedLicense" '.[$unacceptedLicense] | keys[]'); do
         echo "  > $image:" >&2
-        for packageOrFile in $(<<<"$licenseMap" jq -r --arg unacceptedLicense "$unacceptedLicense" --arg image "$image" '.[$unacceptedLicense][$image][]'); do
+        for packageOrFile in $(jq <<<"$licenseMap" -r --arg unacceptedLicense "$unacceptedLicense" --arg image "$image" '.[$unacceptedLicense][$image][]'); do
           echo "      - $packageOrFile" >&2
         done
       done
@@ -66,6 +96,3 @@ else
   done
   exit "$result"
 fi
-
-
-