From a7cecdbf820b6277e9384e5b2bb56fdd795032ad Mon Sep 17 00:00:00 2001 From: Eric Joanis Date: Wed, 18 Dec 2024 09:51:13 -0500 Subject: [PATCH] ci: run licensecheck to auto-audit our dependencies --- .github/workflows/tests.yml | 11 +++++++---- pyproject.toml | 2 +- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 1872fa4b..468faf3c 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -38,10 +38,13 @@ jobs: - name: Make sure pre-commit hooks pass uses: pre-commit/action@v3.0.1 - - name: Minimalist license check - run: | - # Legal check: make sure we don't have or introduce GPL dependencies - if pip-licenses | grep -v 'Artistic License' | grep -v LGPL | grep GNU; then echo 'Please avoid introducing *GPL dependencies'; false; fi + - name: Automated license checking + # Make sure we don't have or introduce dependencies with incompatible licenses. + # Exclusions where auto detection and analysis do not work: + # - pympi-ling is MIT, but not auto-detected. https://github.com/dopefishh/pympi + # - text-unidecode is Artistic License or GPL (at our choice): MIT is + # compatible with the former. https://github.com/kmike/text-unidecode/ + run: licensecheck --zero --ignore-packages pympi-ling text-unidecode - uses: codecov/codecov-action@v4 with: diff --git a/pyproject.toml b/pyproject.toml index 4ba04a96..fa7b2ad3 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -73,7 +73,7 @@ api = [ ci = [ "readalongs[api]", "coverage", - "pip-licenses", + "licencecheck", ] all = [