diff --git a/.github/scripts/scan-for-licenses.sh b/.github/scripts/scan-for-licenses.sh index dfeef117a..c42a6ce5a 100755 --- a/.github/scripts/scan-for-licenses.sh +++ b/.github/scripts/scan-for-licenses.sh @@ -8,19 +8,49 @@ set -o pipefail WHITELIST=( "AGPL-3.0" # We're not writing software 🤷 + "AGPL-3.0-only" + "AGPL-3.0-or-later" "CC-BY-SA-3.0" + "CDDL-1.0" + "CDDL-1.1" + "EPL-1.0" + "EPL-2.0" "CPL-1.0" "GPL-1.0" + "GPL-1.0-only" + "GPL-1.0-or-later" + "GPLv2" + "GPLv2+" + "GPLv2 with exceptions" + "GPLv3+" "GPL-2.0" + "GPL-2.0-only" + "GPL-2.0-or-later" "GPL-2.0-with-autoconf-exception" + "GPL-2.0-with-autoconf-exception+" "GPL-2.0-with-bison-exception" + "GPL-2.0-with-bison-exception+" + "GPL-2.0-with-classpath-exception" "GPL-3.0" + "GPL-3.0-only" + "GPL-3.0-or-later" + "GPL-3.0-with-autoconf-exception+" "GPL-3.0-with-autoconf-exception" + "LGPLv2" + "LGPLv2+" "LGPL-2.0" + "LGPL-2.0-only" + "LGPL-2.0-or-later" "LGPL-2.1" + "LGPL-2.1-only" + "LGPL-2.1-or-later" + "LGPLv3+" "LGPL-3.0" + "LGPL-3.0-only" + "LGPL-3.0-or-later" "MPL-1.1" "MPL-2.0" + "MPLv2.0" "Ruby" "Sleepycat" "WTFPL" @@ -34,17 +64,17 @@ function scanLicenses() { local unacceptedLicenses=() local unacceptedLicense licenseMap="$(yq -r '.annotations["artifacthub.io/images"]' "$chart/Chart.yaml" | yq -r '.[] | .image' | - parallel -k trivy image {} --severity HIGH,CRITICAL,MEDIUM -f json --scanners license --license-full --quiet | + parallel -k trivy image {} --severity HIGH,CRITICAL,MEDIUM -f json --scanners license --license-full --quiet | jq -s -r "$licenseConversionJq")" - mapfile -t unacceptedLicenses < <(<<<"$licenseMap" jq -r --argjson acceptedLicenses "[\"$(echo -n "${WHITELIST[@]}" | tr " " \\n | + mapfile -t unacceptedLicenses < <(jq <<<"$licenseMap" -r --argjson acceptedLicenses "[\"$(echo -n "${WHITELIST[@]}" | tr " " \\n | paste -sd '@' | sed 's#@#","#g')\"]" '(keys-$acceptedLicenses)[]') if [[ "${#unacceptedLicenses[@]}" -gt 0 ]]; then echo "found ${#unacceptedLicenses[@]} untrusted images in '$chart', please fix;" >&2 for unacceptedLicense in "${unacceptedLicenses[@]}"; do echo "license $unacceptedLicense has not been accepted and is used in the following images:" >&2 - for image in $(<<<"$licenseMap" jq -r --arg unacceptedLicense "$unacceptedLicense" '.[$unacceptedLicense] | keys[]'); do + for image in $(jq <<<"$licenseMap" -r --arg unacceptedLicense "$unacceptedLicense" '.[$unacceptedLicense] | keys[]'); do echo " > $image:" >&2 - for packageOrFile in $(<<<"$licenseMap" jq -r --arg unacceptedLicense "$unacceptedLicense" --arg image "$image" '.[$unacceptedLicense][$image][]'); do + for packageOrFile in $(jq <<<"$licenseMap" -r --arg unacceptedLicense "$unacceptedLicense" --arg image "$image" '.[$unacceptedLicense][$image][]'); do echo " - $packageOrFile" >&2 done done @@ -66,6 +96,3 @@ else done exit "$result" fi - - -