Merge pull request #2043 from cardano-foundation/MET-1694-Create-Lice…

…nce-Checker-add-to-CI-CD-Pipeline-for-cf-explorer-frontend Met 1694 create licence checker add to ci cd pipeline for cf explorer frontend
cardano-foundation · Oct 5, 2023 · 8101261 · 8101261
2 parents e25005c + 463c3d2
commit 8101261
Show file tree

Hide file tree

Showing 6 changed files with 163 additions and 3 deletions.
diff --git a/.github/workflows/e2e_tests.yaml b/.github/workflows/e2e_tests.yaml
@@ -1,9 +1,9 @@
 name: Run Explorer e2e Tests
 on:
   push:
-  
+
   pull_request:
-  
+
   workflow_dispatch:
 
 jobs:

diff --git a/.github/workflows/license-checker.yml b/.github/workflows/license-checker.yml
@@ -0,0 +1,42 @@
+name: License Checker
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+  pull_request:
+    types: [opened, synchronize]
+  workflow_dispatch:
+
+jobs:
+  license-checker:
+    permissions:
+      contents: read
+      packages: write
+    runs-on: self-hosted
+    if: |
+      "contains(github.event.head_commit.message, 'release-please--branches--main')" ||
+      ${{ github.event_name == 'pull_request' }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: 🫡 Setup node
+        uses: actions/setup-node@v1
+        with:
+          node-version: 16
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.2"
+          bundler-cache: true
+
+      - name: Install license_finder
+        run: |
+          gem install license_finder
+
+      - name: Check licenses
+        run: |
+          ./tools/license-checker.sh
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -6,7 +6,7 @@ on:
       - main
       - develop
   pull_request:
-    types: [ opened, synchronize ]
+    types: [opened, synchronize]
   workflow_dispatch:
 
 env:

diff --git a/tools/license-checker.sh b/tools/license-checker.sh
@@ -0,0 +1,101 @@
+LICENSES_FILE=tools/licenses.txt
+WHITELIST_PACKAGES_FILE=tools/whitelist-packages.txt
+
+function print_warning {
+    if [ ${#WARNING_DEPENDENCIES[@]} -gt 0 ]; then
+        echo "[!] WARNING: Some packages are not safe:"
+        for DEPENDENCIES in "${WARNING_DEPENDENCIES[@]}"; do
+            echo "$DEPENDENCIES"
+        done
+    fi
+}
+
+WHITELIST_PACKAGES_ARRAY=()
+
+APPROVED_LICENSES_ARRAY=()
+while read line || [ -n "$line" ]; do
+    APPROVED_LICENSES_ARRAY+=("^$line$")
+done <$LICENSES_FILE
+
+WHITELIST_PACKAGES_ARRAY=()
+WARNING_WHITELIST_PACKAGES_ARRAY=()
+
+while read line || [ -n "$line" ]; do
+    if [[ "$line" =~ ^\! ]]; then
+        WARNING_WHITELIST_PACKAGES_ARRAY+=("^${line:1}$")
+        continue
+    fi
+    WHITELIST_PACKAGES_ARRAY+=("^$line$")
+done <$WHITELIST_PACKAGES_FILE
+
+APPROVED_LICENSES_REGEX=$(
+    IFS="|"
+    echo "${APPROVED_LICENSES_ARRAY[*]}"
+)
+
+WHITELIST_PACKAGES_REGEX=$(
+    IFS="|"
+    echo "${WHITELIST_PACKAGES_ARRAY[*]}"
+)
+
+WARNING_WHITELIST_PACKAGES_REGEX=$(
+    IFS="|"
+    echo "${WARNING_WHITELIST_PACKAGES_ARRAY[*]}"
+)
+
+REJECTED_DEPENDENCIES=()
+WARNING_DEPENDENCIES=()
+
+LICENSES=$(license_finder report | tail -n +2)
+
+IFS=$'\n' read -rd '' -a DEPENDENCIES <<<"$LICENSES"
+
+for DEPENDENCY in "${DEPENDENCIES[@]}"; do
+
+    DEPENDENCY_NAME=$(echo "$DEPENDENCY" | cut -d ',' -f 1 | xargs)
+    DEPENDENCY_VERSION=$(echo "$DEPENDENCY" | cut -d ',' -f 2 | xargs)
+    DEPENDENCY_LICENSES=$(echo "$DEPENDENCY" | cut -d ',' -f 3- | tr -d '"' | xargs)
+
+    if [[ "$DEPENDENCY_NAME" =~ $WHITELIST_PACKAGES_REGEX ]]; then
+        continue
+    fi
+
+    if [[ "$DEPENDENCY_NAME" =~ $WARNING_WHITELIST_PACKAGES_REGEX ]]; then
+        WARNING_DEPENDENCIES+=("$DEPENDENCY")
+        continue
+    fi
+
+    IFS=$',' read -rd '' -a SPLITTED_DEPENDENCY_LICENSES <<<"$DEPENDENCY_LICENSES"
+
+    HAVE_REJECTED_DEPENDENCY=0
+    LICENSES_WITH_STATUS=()
+
+    for DEPENDENCY_LICENSE in "${SPLITTED_DEPENDENCY_LICENSES[@]}"; do
+        DEPENDENCY_LICENSE=$(echo "$DEPENDENCY_LICENSE" | xargs)
+        if [[ ! "$DEPENDENCY_LICENSE" =~ $APPROVED_LICENSES_REGEX ]]; then
+            HAVE_REJECTED_DEPENDENCY=1
+            LICENSES_WITH_STATUS+=("[!] $DEPENDENCY_LICENSE")
+        fi
+    done
+
+    if [ $HAVE_REJECTED_DEPENDENCY -eq 1 ]; then
+        JOINED_NEW_DEPENDENCY_LICENSE=$(
+            IFS=", "
+            echo "${LICENSES_WITH_STATUS[*]}"
+        )
+        REJECTED_DEPENDENCIES+=("$DEPENDENCY_NAME, $DEPENDENCY_VERSION, $JOINED_NEW_DEPENDENCY_LICENSE")
+    fi
+done
+
+if [ ${#REJECTED_DEPENDENCIES[@]} -gt 0 ]; then
+    echo "[!] ERROR: Some packages are not approved:"
+    for DEPENDENCY in "${REJECTED_DEPENDENCIES[@]}"; do
+        echo "$DEPENDENCY"
+    done
+    print_warning
+    exit 1
+else
+    echo "[+] All packages are approved"
+    print_warning
+    exit 0
+fi
diff --git a/tools/licenses.txt b/tools/licenses.txt
@@ -0,0 +1,13 @@
+MIT
+Apache 2.0
+BSD
+MPL 2.0
+EPL 2.0
+EDL 1.0
+Eclipse Public License v2.0
+BSD License 3
+ISC
+BSD Zero Clause License
+Mozilla Public License 2.0
+New BSD
+Simplified BSD
diff --git a/tools/whitelist-packages.txt b/tools/whitelist-packages.txt
@@ -0,0 +1,4 @@
+@typescript-eslint/parser
+!react-use
+redux-devtools-extension
+string-format