Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add LICENSE AGPL-3.0 and Check Go Dependency Licenses (GHA) #60

Merged
merged 5 commits into from
Jan 17, 2024
Merged

Add LICENSE AGPL-3.0 and Check Go Dependency Licenses (GHA) #60

merged 5 commits into from
Jan 17, 2024

Conversation

Al2Klimov
Copy link
Member

By utilizing the neat go-licenses[0] tool, scanning the cached Go dependencies against an allow list of licenses, which is currently leaned from Icinga DB, works quite like a charm.

This, however, only includes Go code and produces warnings for (transitive) included Go Assembly code[1]. If we are planning to include other non-Go artefacts in the future, those also might need to be identified - REUSE[2] might help there.

Closes #139.

[0] https://github.com/google/go-licenses
[1] google/go-licenses#120
[2] https://reuse.software/

@Al2Klimov Al2Klimov self-assigned this Jan 16, 2024
@cla-bot cla-bot bot added the cla/signed CLA is signed by all contributors of a PR label Jan 16, 2024
@Al2Klimov Al2Klimov changed the title GitHub Actions: Check Go Dependency Licenses Add LICENSE AGPL-3.0 and Check Go Dependency Licenses (GHA) Jan 16, 2024
@Al2Klimov Al2Klimov force-pushed the check_license branch 2 times, most recently from 2019cd9 to dad193c Compare January 16, 2024 11:09
@Al2Klimov Al2Klimov removed their assignment Jan 16, 2024
@Al2Klimov Al2Klimov requested a review from lippserd January 16, 2024 11:12
oxzi and others added 5 commits January 16, 2024 14:42
@oxzi @Al2Klimov
GitHub Actions: Check Go Dependency Licenses
26d9519 
By utilizing the neat go-licenses[0] tool, scanning the cached Go
dependencies against an allow list of licenses, which is currently
leaned from Icinga DB, works quite like a charm.

This, however, only includes Go code and produces warnings for
(transitive) included Go Assembly code[1]. If we are planning to include
other non-Go artefacts in the future, those also might need to be
identified - REUSE[2] might help there.

[0] https://github.com/google/go-licenses
[1] google/go-licenses#120
[2] https://reuse.software/

(cherry picked from commit 10d5b1b09f6ab81734a24c5a32bd63a1138750c0)
@Al2Klimov
GHA: compliance: correct own Go mod path
def02b6
@Al2Klimov
Add LICENSE, AGPL-3.0
063cf2f
@Al2Klimov
GHA: compliance: allow ISC license
5dfead1
@Al2Klimov
GHA: compliance: sort licenses alphabetically
5dd1741
@lippserd lippserd merged commit d6344a9 into main Jan 17, 2024
9 checks passed
@lippserd lippserd deleted the check_license branch January 17, 2024 08:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lippserd lippserd Awaiting requested review from lippserd

Assignees
No one assigned
Labels
cla/signed CLA is signed by all contributors of a PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Al2Klimov @lippserd @oxzi