Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add dependency license check to GitHub Actions #1151

Merged
merged 16 commits into from
Nov 6, 2023
Merged

Add dependency license check to GitHub Actions #1151

merged 16 commits into from
Nov 6, 2023

Conversation

Jonas-Sander
Copy link
Collaborator

@Jonas-Sander Jonas-Sander commented Nov 4, 2023
edited
Loading

Check that all packages we use have licenses that we are allowed / we want to use via package:license_checker.

(Unfortunately every new local lib package will have to be added to the licenses_config.yaml manually.)

If it fails the output will list all packages with a non-permitted license.
See this example where I removed the BSD-3-Clause license from permittedLicenses:

 ┌─────────────────────────────────────────────────────────┐
│                             Package Name  License       │
├─────────────────────────────────────────────────────────┤
│                         flutter_markdown  BSD-3-Clause  │
│                              built_value  BSD-3-Clause  │
│                               characters  BSD-3-Clause  │
│                             checked_yaml  BSD-3-Clause  │
│                          cloud_firestore  BSD-3-Clause  │
└─────────────────────────────────────────────────────────┘

Closes #23

@github-actions github-actions bot added the ci/cd label Nov 4, 2023
@Jonas-Sander Jonas-Sander marked this pull request as ready for review November 5, 2023 20:51
nilsreichardt
nilsreichardt approved these changes Nov 6, 2023
View reviewed changes
Copy link
Member

@nilsreichardt nilsreichardt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

(Unfortunately every new local lib package will have to be added to the licenses_config.yaml manually.)

We can later add a command to our CLI that checks if each package we use is mentioned in licenses_config.yaml. This command can then be included in our GitHub checks.

@Jonas-Sander
Copy link
Collaborator Author

LGTM

(Unfortunately every new local lib package will have to be added to the licenses_config.yaml manually.)

We can later add a command to our CLI that checks if each package we use is mentioned in licenses_config.yaml. This command can then be included in our GitHub checks.

This isn't necessary, the pipeline will fail if we don't add it to the file. I just meant that adding it manually still has to be done for each new package (it isn't automated).

@Jonas-Sander Jonas-Sander added this pull request to the merge queue Nov 6, 2023
@nilsreichardt
Copy link
Member

This isn't necessary, the pipeline will fail if we don't add it to the file. I just meant that adding it manually still has to be done for each new package (it isn't automated).

Ah nice, this shouldn't be a big problem 👍

Merged via the queue into main with commit b441d82 Nov 6, 2023
21 checks passed
@Jonas-Sander Jonas-Sander deleted the dependency-license-check branch November 6, 2023 14:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nilsreichardt nilsreichardt nilsreichardt approved these changes

Assignees
No one assigned
Labels
ci/cd
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add CI enforced License check of dependencies if we open-source
2 participants
@Jonas-Sander @nilsreichardt