-
Notifications
You must be signed in to change notification settings - Fork 3
61 lines (54 loc) · 2.02 KB
/
check-licenses.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
name: "Check licenses"
on:
workflow_call:
# Required for aws-actions/configure-aws-credentials using OIDC, assume role
permissions:
id-token: write
contents: read
jobs:
check:
name: check
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup Go, tools and caching
uses: ./.github/actions/go-setup
with:
build-type: check-licenses
cache-s3-bucket: ${{ vars.CACHE_S3_BUCKET }}
#####################
### License Types ###
#####################
# Forbidden (Non Commercial)
# https://github.com/google/licenseclassifier/blob/842c0d70d7027215932deb13801890992c9ba364/license_type.go#L323
# Licenses that are forbidden to be used.
#
# Restricted
# https://github.com/google/licenseclassifier/blob/842c0d70d7027215932deb13801890992c9ba364/license_type.go#L176
# Licenses in this category require mandatory source
# distribution if we ship a product that includes third-party code
# protected by such a license.
#
# Reciprocal, Notice, Permissive, Unencumbered
# Packages with these licenses are safe to use.
# Some of them restrict changes,
# but this is not an issue when we use them as libraries without changes.
- name: Run license checker
# Ignored:
# - github.com/eliukblau/pixterm, license detection failed (Reciprocal - MPL-2.0)
run: |
go-licenses check ./... --disallowed_types forbidden,restricted,unknown \
--ignore github.com/eliukblau/pixterm
shell: bash
- name: Save licenses report
if: always()
run: mkdir -p /tmp/go-licenses; go-licenses csv > /tmp/go-licenses/go-licenses.csv ./...
shell: bash
- name: Upload artifacts
if: always()
uses: actions/upload-artifact@v4
with:
name: go-licenses
path: /tmp/go-licenses/go-licenses.csv
if-no-files-found: error