From b500ae452098f62aa8806eec830c807f98e2aca8 Mon Sep 17 00:00:00 2001 From: Mathias Hall-Andersen Date: Sun, 22 Sep 2024 18:45:43 +0000 Subject: [PATCH] CI: Check licenses of all dependencies (#17) * ci: check licenses of dependencies * ci: license, check --all-features --- .github/workflows/develop.yml | 5 +++++ .github/workflows/master.yml | 5 +++++ channel/Cargo.toml | 1 + commitment_scheme/Cargo.toml | 7 ++++--- felt/Cargo.toml | 1 + fri/Cargo.toml | 1 + license.py | 19 +++++++++++++++++++ poseidon/Cargo.toml | 1 + randomness/Cargo.toml | 1 + 9 files changed, 38 insertions(+), 3 deletions(-) create mode 100644 license.py diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml index fed2177..538bf21 100644 --- a/.github/workflows/develop.yml +++ b/.github/workflows/develop.yml @@ -19,6 +19,11 @@ jobs: targets: wasm32-unknown-unknown components: rustfmt, clippy + - name: Run the license check + run: | + cargo install cargo-license + cargo license --gitlab --all-features | python3 license.py + - name: Run cargo test run: cargo test --all-features diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml index beee7c9..f09ce35 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/master.yml @@ -19,6 +19,11 @@ jobs: targets: wasm32-unknown-unknown components: rustfmt, clippy + - name: Run the license check + run: | + cargo install cargo-license + cargo license --gitlab --all-features | python3 license.py + - name: Run cargo test run: cargo test --all-features diff --git a/channel/Cargo.toml b/channel/Cargo.toml index 1610fce..cb7eb93 100644 --- a/channel/Cargo.toml +++ b/channel/Cargo.toml @@ -2,6 +2,7 @@ name = "channel" version = "0.1.0" edition = "2021" +license = "MIT" [dependencies] ark-ff.workspace = true diff --git a/commitment_scheme/Cargo.toml b/commitment_scheme/Cargo.toml index 07102af..e583f0b 100644 --- a/commitment_scheme/Cargo.toml +++ b/commitment_scheme/Cargo.toml @@ -2,6 +2,7 @@ name = "commitment_scheme" version = "0.1.0" edition = "2021" +license = "MIT" [dependencies] ark-ff.workspace = true @@ -10,10 +11,10 @@ sha3.workspace = true poseidon = { path = "../poseidon" } felt = { path = "../felt" } channel = { path = "../channel" } -randomness ={ path = "../randomness" } +randomness = { path = "../randomness" } anyhow.workspace = true num-bigint.workspace = true [dev-dependencies] -hex.workspace = true -rand.workspace = true \ No newline at end of file +hex.workspace = true +rand.workspace = true diff --git a/felt/Cargo.toml b/felt/Cargo.toml index 96e1a57..5951ae0 100644 --- a/felt/Cargo.toml +++ b/felt/Cargo.toml @@ -2,6 +2,7 @@ name = "felt" version = "0.1.0" edition = "2021" +license = "MIT" [dependencies] ark-ff.workspace = true diff --git a/fri/Cargo.toml b/fri/Cargo.toml index af91045..7a0eabf 100644 --- a/fri/Cargo.toml +++ b/fri/Cargo.toml @@ -2,6 +2,7 @@ name = "fri" version = "0.1.0" edition = "2021" +license = "MIT" [dependencies] ark-ff.workspace = true diff --git a/license.py b/license.py new file mode 100644 index 0000000..41418b5 --- /dev/null +++ b/license.py @@ -0,0 +1,19 @@ +import sys +import json + +# check the license before adding it here: +# we want to avoid viral licenses like GPL +ALLOWED = { + "Unlicense", + "MIT", + "Apache-2.0", + "BSL-1.0", + "Unicode-DFS-2016", + "BSD-3-Clause", +} + +licenses = json.loads(sys.stdin.read()) + +for dep in licenses["dependencies"]: + print(f'{dep["name"]}-{dep["version"]}: {", ".join(dep["licenses"])}') + assert len(set(dep["licenses"]).intersection(ALLOWED)) > 0, dep diff --git a/poseidon/Cargo.toml b/poseidon/Cargo.toml index f90089c..7d807e5 100644 --- a/poseidon/Cargo.toml +++ b/poseidon/Cargo.toml @@ -2,6 +2,7 @@ name = "poseidon" version = "0.1.0" edition = "2021" +license = "MIT" [dependencies] ark-ff.workspace = true diff --git a/randomness/Cargo.toml b/randomness/Cargo.toml index 3289244..0f0ebf3 100644 --- a/randomness/Cargo.toml +++ b/randomness/Cargo.toml @@ -2,6 +2,7 @@ name = "randomness" version = "0.1.0" edition = "2021" +license = "MIT" [dependencies] ark-ff.workspace = true