Add a license-checking job

This uses https://github.com/uw-labs/lichen, which is closer to our requirements for CNCF validation than https://github.com/mitchellh/golicense and performs validation using local information. The references for the Allowlist and the approved exceptions are described in the lichen configuration file. Fixes: submariner-io#801 Signed-off-by: Stephen Kitt <skitt@redhat.com>
skitt · May 21, 2021 · 6de0ff7 · 6de0ff7
1 parent ca6d02e
commit 6de0ff7
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 3 deletions.
diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
@@ -46,6 +46,16 @@ jobs:
       - name: Check License Headers
         uses: kt3k/license_checker@v1.0.6
 
+  licenses:
+    name: Dependency Licenses
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out the repository
+        uses: actions/checkout@v2
+
+      - name: Check the licenses
+        run: make licensecheck
+
   markdown-link-check:
     name: Markdown Links (modified files)
     runs-on: ubuntu-latest

diff --git a/.lichen.yaml b/.lichen.yaml
@@ -0,0 +1,26 @@
+# Licenses other than Apache-2.0 are governed by
+# https://github.com/cncf/foundation/blob/master/allowed-third-party-license-policy.md#approved-licenses-for-allowlist
+# Note that Allowlist also requires that projects were created
+# on GitHub at least 12 months prior and have at least 10 stars
+# or 10 forks
+allow:
+  - "Apache-2.0"
+  - "BSD-2-Clause"
+  - "BSD-2-Clause-FreeBSD"
+  - "BSD-3-Clause"
+  - "MIT"
+  - "ISC"
+  - "Python-2.0"
+  - "PostgreSQL"
+  - "X11"
+  - "Zlib"
+
+override:
+  - path: "github.com/rdegges/go-ipify"
+    licenses: ["Unlicense"]
+
+# https://github.com/cncf/foundation/tree/master/license-exceptions
+exceptions:
+  licenseNotPermitted:
+    - path: "github.com/hashicorp/golang-lru"
+      licenses: ["MPL-2.0"]
diff --git a/Dockerfile.dapper b/Dockerfile.dapper
@@ -11,7 +11,8 @@ ENV PROTOC_VERSION=3.15.5
 RUN curl -LO https://github.com/protocolbuffers/protobuf/releases/download/v3.15.5/protoc-${PROTOC_VERSION}-linux-x86_64.zip && \
     unzip protoc-${PROTOC_VERSION}-linux-x86_64.zip -d /usr/local && \
     rm -f protoc-${PROTOC_VERSION}-linux-x86_64.zip && \
-    GO111MODULE=off go get google.golang.org/protobuf/cmd/protoc-gen-go
+    GO111MODULE=off go get google.golang.org/protobuf/cmd/protoc-gen-go && \
+    GO111MODULE=off go get github.com/uw-labs/lichen
 
 WORKDIR ${DAPPER_SOURCE}
 

diff --git a/Makefile b/Makefile
@@ -81,16 +81,21 @@ comma := ,
 # so "make images ARCHES=arm" will build a linux/arm/v7 image
 ARCHES ?= amd64
 BINARIES = submariner-gateway submariner-route-agent submariner-globalnet submariner-networkplugin-syncer
+ARCH_BINARIES := $(foreach arch,$(subst $(comma),$(space),$(ARCHES)),$(foreach binary,$(BINARIES),bin/linux/$(call gotodockerarch,$(arch))/$(binary)))
 IMAGES_ARGS = --platform $(subst $(space),$(comma),$(foreach arch,$(subst $(comma),$(space),$(ARCHES)),linux/$(call gotodockerarch,$(arch))))
 
-build: $(foreach arch,$(subst $(comma),$(space),$(ARCHES)),$(foreach binary,$(BINARIES),bin/linux/$(call gotodockerarch,$(arch))/$(binary)))
+build: $(ARCH_BINARIES)
+
+licensecheck: BUILD_ARGS=--debug
+licensecheck: $(ARCH_BINARIES)
+	lichen -c .lichen.yaml $(ARCH_BINARIES)
 
 ci: validate unit build images
 
 $(TARGETS): vendor/modules.txt
 	./scripts/$@
 
-.PHONY: $(TARGETS) build ci images unit validate
+.PHONY: $(TARGETS) build ci images unit validate licensecheck
 
 else