Description
Add a CI workflow to verify that all Python dependencies comply with an approved license allowlist.
Source of Inspiration
The OpenCTI main repository already has such a workflow:
https://github.com/OpenCTI-Platform/opencti/blob/master/.github/workflows/ci-license-check.yml
It uses license-checker-rseidelsohn (Node.js) with an allowlist of approved licenses. We need the Python equivalent for this repository.
Suggested Implementation
- Tooling:
pip-licenses with --allow-only flag (fails if any dependency uses an unlisted license)
- Trigger:
workflow_call (reusable workflow)
- Scope: Verify all Python dependencies declared in requirements files
Suggested Allowlist
Same as OpenCTI plus Python-specific additions:
0BSD, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause
CC-BY-3.0, CC-BY-4.0, CC0-1.0, Hippocratic-2.1
ISC, LGPL-3.0, MIT, OFL-1.1
Python-2.0, PSF-2.0, MPL-2.0
Unlicense
Description
Add a CI workflow to verify that all Python dependencies comply with an approved license allowlist.
Source of Inspiration
The OpenCTI main repository already has such a workflow:
https://github.com/OpenCTI-Platform/opencti/blob/master/.github/workflows/ci-license-check.yml
It uses
license-checker-rseidelsohn(Node.js) with an allowlist of approved licenses. We need the Python equivalent for this repository.Suggested Implementation
pip-licenseswith--allow-onlyflag (fails if any dependency uses an unlisted license)workflow_call(reusable workflow)Suggested Allowlist
Same as OpenCTI plus Python-specific additions:
0BSD,Apache-2.0,BlueOak-1.0.0,BSD-2-Clause,BSD-3-ClauseCC-BY-3.0,CC-BY-4.0,CC0-1.0,Hippocratic-2.1ISC,LGPL-3.0,MIT,OFL-1.1Python-2.0,PSF-2.0,MPL-2.0Unlicense