Skip to content

Commit

Permalink
chore: deprecate fossa in favor of liccheck to validate python licens…
Browse files Browse the repository at this point in the history
…es (apache#31515)
  • Loading branch information
mistercrunch authored Dec 19, 2024
1 parent e788b85 commit 88cde72
Show file tree
Hide file tree
Showing 3 changed files with 65 additions and 1 deletion.
1 change: 1 addition & 0 deletions .asf.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ github:
- cypress-matrix (3, chrome)
- cypress-matrix (4, chrome)
- cypress-matrix (5, chrome)
- dependency-review
- frontend-build
- pre-commit (current)
- pre-commit (next)
Expand Down
32 changes: 31 additions & 1 deletion .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,18 @@
# Source repository: https://github.com/actions/dependency-review-action
# Public documentation: https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review#dependency-review-enforcement
name: "Dependency Review"
on: [pull_request]
on:
push:
branches:
- "master"
- "[0-9].[0-9]*"
pull_request:
types: [synchronize, opened, reopened, ready_for_review]

# cancel previous workflow jobs for PRs
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
cancel-in-progress: true

permissions:
contents: read
Expand Down Expand Up @@ -33,3 +44,22 @@ jobs:
# pkg:npm/[email protected]
# selecting BSD-3-Clause licensing terms for node-forge to ensure compatibility with Apache
allow-dependencies-licenses: pkg:npm/[email protected], pkg:npm/applitools/core, pkg:npm/applitools/core-base, pkg:npm/applitools/css-tree, pkg:npm/applitools/ec-client, pkg:npm/applitools/eg-socks5-proxy-server, pkg:npm/applitools/eyes, pkg:npm/applitools/eyes-cypress, pkg:npm/applitools/nml-client, pkg:npm/applitools/tunnel-client, pkg:npm/applitools/utils, pkg:npm/[email protected], pkg:npm/rgbcolor, pkg:npm/[email protected]

python-dependency-liccheck:
runs-on: ubuntu-22.04
steps:
- name: "Checkout Repository"
uses: actions/checkout@v4

- name: Setup Python
uses: ./.github/actions/setup-backend/

- name: "Set up liccheck"
run: |
pip install liccheck
- name: "Run liccheck"
run: |
# run the checks
liccheck -R output.txt
# Print the report
cat output.txt
33 changes: 33 additions & 0 deletions pyproject.toml
Original file line number Diff line number Diff line change
Expand Up @@ -360,3 +360,36 @@ docstring-code-format = false
# This only has an effect when the `docstring-code-format` setting is
# enabled.
docstring-code-line-length = "dynamic"

[tool.liccheck]
requirement_txt_file = "requirements/base.txt"
authorized_licenses = [
"academic free license (afl)",
"apache license 2.0",
"apache software",
"apache software, bsd",
"bsd",
"isc license (iscl)",
"isc license",
"mit",
"mozilla public license 2.0 (mpl 2.0)",
"osi approved",
"osi approved",
"python software foundation",
"the unlicense (unlicense)",
"the unlicense",
]
[tool.liccheck.authorized_packages]
# --------------------------------------------------------------
# These are ok, checked manually
# Seems ok, might need legal review
# https://github.com/urschrei/pypolyline/blob/master/LICENSE.md
polyline = "2"
# Apache 2.0 https://github.com/hkwi/python-geohash
python-geohash = "0"
# --------------------------------------------------------------

# TODO REMOVE THESE DEPS FROM CODEBASE
func-timeout = "4" # AGPL
paramiko = "3" # GPL
pyxlsb = "1" # GPL

0 comments on commit 88cde72

Please sign in to comment.