diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 00000000..0086358d --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1 @@ +blank_issues_enabled: true diff --git a/.github/ISSUE_TEMPLATE/third_party_license_usage_request.yml b/.github/ISSUE_TEMPLATE/third_party_license_usage_request.yml new file mode 100644 index 00000000..b4f40538 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/third_party_license_usage_request.yml @@ -0,0 +1,30 @@ +name: 3rd Party License Request +description: File a request for usage of a 3rd party license in the Amazon ECR credential helpers project. +title: "[3rd Party License Request]: " +labels: "license-request" +body: + - type: markdown + attributes: + value: | + Thanks for taking the time to fill out this request! + + - type: textarea + id: license-request + attributes: + label: License request + value: | + License: + + - type: textarea + id: use-case + attributes: + label: Use case + description: | + Briefly describe the use case the dependency would resolve. + validations: + required: true + + - type: textarea + id: other-solutions + attributes: + label: Other solutions considered diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index cb38ccb0..3e172a66 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -26,6 +26,16 @@ jobs: git secrets --register-aws git secrets --scan-history + licensing: + runs-on: 'ubuntu-22.04' + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-go@v5 + - name: Install go-licenses + run: make get-deps + - name: Check licensing + run: make check-licenses + cross-compile: runs-on: 'ubuntu-22.04' steps: diff --git a/Makefile b/Makefile index 1844fd5d..03d0377d 100644 --- a/Makefile +++ b/Makefile @@ -117,11 +117,19 @@ gogenerate: .PHONY: get-deps get-deps: go install golang.org/x/tools/cmd/goimports@698251aaa532d49ac69d2c416b0241afb2f65ea5 + go install github.com/google/go-licenses@5348b744d0983d85713295ea08a20cca1654a45e .PHONY: licenses licenses: ./scripts/build_third_party_licenses.sh +.PHONY: check +check: check-licenses + +.PHONY: check-licenses +check-licenses: + ./scripts/check_third_party_licenses.sh + .PHONY: clean clean: - rm -rf ./bin diff --git a/scripts/check_third_party_licenses.sh b/scripts/check_third_party_licenses.sh new file mode 100755 index 00000000..078b769e --- /dev/null +++ b/scripts/check_third_party_licenses.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash + +# Copyright 2024 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). You +# may not use this file except in compliance with the License. A copy of +# the License is located at +# +# http://aws.amazon.com/apache2.0/ +# +# or in the "license" file accompanying this file. This file is +# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF +# ANY KIND, either express or implied. See the License for the specific +# language governing permissions and limitations under the License. + +set -euo pipefail + +# Normalize to working directory being root (up one level from ./scripts) +root=$( cd "$( dirname "${BASH_SOURCE[0]}" )/.." && pwd ) + +pushd "${root}/ecr-login" + +# Fail third party dependency usage if not covered by the curated set of pre-approved licenses. +# +# List was generated from guidance set forth by Amazon open source usage policies. +# +# Additional usage of third party dependencies not covered by the following licenses +# will need maintainer approval in alignment with Amazon open source usage policies. +# +# Requests can be made via https://github.com/awslabs/amazon-ecr-credential-helper/issues/new/choose +go-licenses check \ + --include_tests \ + --ignore github.com/awslabs/amazon-ecr-credential-helper \ + --allowed_licenses=Apache-2.0,BSD-3-Clause,MIT,ISC, ./... + +popd