Skip to content

Commit

Permalink
ci: run licensecheck to auto-audit our dependencies
Browse files Browse the repository at this point in the history
  • Loading branch information
joanise committed Dec 18, 2024
1 parent 6d5e347 commit a7cecdb
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 5 deletions.
11 changes: 7 additions & 4 deletions .github/workflows/tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,10 +38,13 @@ jobs:
- name: Make sure pre-commit hooks pass
uses: pre-commit/[email protected]

- name: Minimalist license check
run: |
# Legal check: make sure we don't have or introduce GPL dependencies
if pip-licenses | grep -v 'Artistic License' | grep -v LGPL | grep GNU; then echo 'Please avoid introducing *GPL dependencies'; false; fi
- name: Automated license checking
# Make sure we don't have or introduce dependencies with incompatible licenses.
# Exclusions where auto detection and analysis do not work:
# - pympi-ling is MIT, but not auto-detected. https://github.com/dopefishh/pympi
# - text-unidecode is Artistic License or GPL (at our choice): MIT is
# compatible with the former. https://github.com/kmike/text-unidecode/
run: licensecheck --zero --ignore-packages pympi-ling text-unidecode

- uses: codecov/codecov-action@v4
with:
Expand Down
2 changes: 1 addition & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ api = [
ci = [
"readalongs[api]",
"coverage",
"pip-licenses",
"licencecheck",
]

all = [
Expand Down

0 comments on commit a7cecdb

Please sign in to comment.