DEV: Add CI job that audits dependency licenses (#16568)

2022-04-26 14:09:42 -04:00 · 2022-04-26 14:09:42 -04:00 · 11c5ff5f8e
parent 5e34ce1282
commit 11c5ff5f8e
4 changed files with 133 additions and 4 deletions
--- a/.github/workflows/licenses.yml
+++ b/.github/workflows/licenses.yml
@ -0,0 +1,73 @@
+name: Licenses
+
+on:
+  pull_request:
+  push:
+    branches:
+      - master
+      - main
+
+jobs:
+  build:
+    name: run
+    runs-on: ubuntu-latest
+    container: discourse/discourse_test:release
+    timeout-minutes: 30
+
+    steps:
+      - uses: actions/checkout@master
+        with:
+          fetch-depth: 1
+
+      - name: Setup Git
+        run: |
+          git config --global user.email "ci@ci.invalid"
+          git config --global user.name "Discourse CI"
+
+      - name: Bundler cache
+        uses: actions/cache@v2
+        with:
+          path: vendor/bundle
+          key: ${{ runner.os }}-gem-${{ hashFiles('**/Gemfile.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-gem-
+
+      - name: Setup gems
+        run: |
+          bundle config --local path vendor/bundle
+          bundle config --local deployment true
+          bundle config --local without development
+          bundle install --jobs 4
+          bundle clean
+
+      - name: Setup licensed
+        run: |
+          gem install licensed
+
+      - name: Get yarn cache directory
+        id: yarn-cache-dir
+        run: echo "::set-output name=dir::$(yarn cache dir)"
+
+      - name: Yarn cache
+        uses: actions/cache@v2
+        id: yarn-cache
+        with:
+          path: ${{ steps.yarn-cache-dir.outputs.dir }}
+          key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-yarn-
+
+      - name: Check RubyGems Licenses
+        if: ${{ always() }}
+        run: |
+          licensed cache
+          licensed status
+
+      - name: Yarn install
+        run: yarn install
+
+      - name: Check Yarn Licenses
+        if: ${{ always() }}
+        run: |
+          yarn add licensee
+          yarn exec licensee -- --errors-only
--- a/.gitignore
+++ b/.gitignore
@ -59,3 +59,6 @@ yarn-error.log

 # Generated API documentation files
 openapi/*
+
+# Cached License Data Files
+/.licenses
--- a/.licensed.yml
+++ b/.licensed.yml
@ -1,12 +1,48 @@
 sources:
-  yarn: true
  bundler: true
 allowed:
-  - mit
+  - 0bsd
  - apache-2.0
  - bsd-2-clause
  - bsd-3-clause
  - cc0-1.0
  - isc
-  - other
-  - none  
+  - mit
+  - ruby
+
+ignored:
+  bundler:
+    - rchardet # Ruby terms
+
+reviewed:
+  bundler:
+    - activerecord # MIT
+    - coderay # MIT
+    - concurrent-ruby # MIT
+    - css_parser # MIT
+    - excon # MIT
+    - faraday-em_http # MIT
+    - faraday-em_synchrony # MIT
+    - faraday-excon # MIT
+    - faraday-httpclient # MIT
+    - faraday-patron # MIT
+    - faraday-net_http # MIT
+    - faraday-rack # MIT
+    - highline # GPL-2.0 OR Ruby terms
+    - htmlentities # MIT
+    - image_size # MIT
+    - json # Ruby terms
+    - jwt # MIT
+    - kgio # LGPL-2.1+
+    - logstash-event # Apache-2.0
+    - omniauth # MIT
+    - openssl # Ruby terms
+    - pg # Ruby terms
+    - r2 # Apache-2.0 (Twitter)
+    - racc # Ruby terms
+    - raindrops # LGPL-2.1+
+    - rubyzip # Ruby terms
+    - sidekiq # LGPL (Sidekiq)
+    - tilt
+    - unf # BSD-2-Clause
+    - unicorn
--- a/.licensee.json
+++ b/.licensee.json
@ -0,0 +1,17 @@
+{
+  "licenses": {
+    "blueOak": "bronze",
+    "spdx": [
+      "CC0-1.0",
+      "CC-BY-3.0",
+      "CC-BY-4.0",
+      "Apache-2.0 WITH LLVM-exception"
+    ]
+  },
+  "packages": {
+    "@fortawesome/fontawesome-free": "*",
+    "ember-template-lint-plugin-discourse": "*",
+    "squoosh": "2.0.0"
+  },
+  "corrections": true
+}