From 1faee57261c8c3539bad732fd876c0b59f9f7ce3 Mon Sep 17 00:00:00 2001 From: javierbrea Date: Tue, 4 Feb 2025 09:46:41 +0100 Subject: [PATCH 1/9] chore: Upgrade check-license-compliance action --- .github/check-license-compliance.config.yml | 16 ---------------- .github/workflows/open-source-checks.yml | 2 +- CHANGELOG.md | 6 ++++++ package.json | 2 +- .../.github/check-license-compliance.config.yml | 15 --------------- .../.github/workflows/open-source-checks.yml | 2 +- 6 files changed, 9 insertions(+), 34 deletions(-) diff --git a/.github/check-license-compliance.config.yml b/.github/check-license-compliance.config.yml index 56c6334..fa7c448 100644 --- a/.github/check-license-compliance.config.yml +++ b/.github/check-license-compliance.config.yml @@ -19,19 +19,3 @@ licenses: - CC BY-SA 4.0 - CC-BY-3.0 - CC0-1.0 - forbidden: - - AGPL-3.0 - - GPL-2.0 - - GPL-3.0 -allowWarnings: true -# Options passed directly to the license-checker package -licenseCheckerOptions: - # Global options are applied to all types of checks - global: - excludePrivatePackages: true - excludePackages: "@cspell/dict-en-common-misspellings@2.0.7" - # You can also specify options for each type of check. They extend the global options - # warning: - # excludePrivatePackages: false - # forbidden: - # excludePrivatePackages: false diff --git a/.github/workflows/open-source-checks.yml b/.github/workflows/open-source-checks.yml index eede2f0..0c6c513 100644 --- a/.github/workflows/open-source-checks.yml +++ b/.github/workflows/open-source-checks.yml @@ -43,7 +43,7 @@ jobs: npm-token: ${{ secrets.NPM_TOKEN_XCUT }} - name: Check License Compliance - uses: Telefonica/check-license-compliance/.github/actions/check-and-comment@v1 + uses: Telefonica/check-license-compliance/.github/actions/check-and-comment@v2 with: config-file: .github/check-license-compliance.config.yml env: diff --git a/CHANGELOG.md b/CHANGELOG.md index 9198bba..4f194fb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 #### Deprecated #### Removed +## [1.1.0] - 2025-02-04 + +### Changed + +* feat: Bump `check-license-compliance` to v2. Update the action configuration accordingly + ## [1.0.1] - 2025-01-21 ### Changed diff --git a/package.json b/package.json index 4c4bd8e..248a850 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@tid-xcut/opensource-scaffold", - "version": "1.0.1", + "version": "1.1.0", "type": "module", "description": "Scaffolding for open source projects. A CLI tool to create open source repositories tools and resources", "packageManager": "pnpm@9.4.0", diff --git a/templates/.github/check-license-compliance.config.yml b/templates/.github/check-license-compliance.config.yml index be05d18..4eaec69 100644 --- a/templates/.github/check-license-compliance.config.yml +++ b/templates/.github/check-license-compliance.config.yml @@ -19,18 +19,3 @@ licenses: - CC BY-SA 4.0 - CC-BY-3.0 - CC0-1.0 - forbidden: - - AGPL-3.0 - - GPL-2.0 - - GPL-3.0 -allowWarnings: true -# Options passed directly to the license-checker package -licenseCheckerOptions: - # Global options are applied to all types of checks - global: - excludePrivatePackages: true - # You can also specify options for each type of check. They extend the global options - # warning: - # excludePrivatePackages: false - # forbidden: - # excludePrivatePackages: false diff --git a/templates/.github/workflows/open-source-checks.yml b/templates/.github/workflows/open-source-checks.yml index cba3ef9..fd15964 100644 --- a/templates/.github/workflows/open-source-checks.yml +++ b/templates/.github/workflows/open-source-checks.yml @@ -40,7 +40,7 @@ jobs: # TODO: Add step to install dependencies here - name: Check License Compliance - uses: Telefonica/check-license-compliance/.github/actions/check-and-comment@v1 + uses: Telefonica/check-license-compliance/.github/actions/check-and-comment@v2 with: config-file: .github/check-license-compliance.config.yml env: From 65aa4c491487531fd510f6072a28397ba74bb6d0 Mon Sep 17 00:00:00 2001 From: javierbrea Date: Tue, 4 Feb 2025 10:07:22 +0100 Subject: [PATCH 2/9] chore: Exclude cspell package with unknown license --- .github/check-license-compliance.config.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/check-license-compliance.config.yml b/.github/check-license-compliance.config.yml index fa7c448..47f1ccb 100644 --- a/.github/check-license-compliance.config.yml +++ b/.github/check-license-compliance.config.yml @@ -19,3 +19,5 @@ licenses: - CC BY-SA 4.0 - CC-BY-3.0 - CC0-1.0 +excludePackages: + - "@cspell/dict-en-common-misspellings@2.0.7" From 5f3edfcb3d619ae99c7281c496c7bd6c241c6198 Mon Sep 17 00:00:00 2001 From: javierbrea Date: Tue, 4 Feb 2025 10:12:16 +0100 Subject: [PATCH 3/9] chore: Ignore wrongly licensed package --- .github/check-license-compliance.config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/check-license-compliance.config.yml b/.github/check-license-compliance.config.yml index 47f1ccb..0e02903 100644 --- a/.github/check-license-compliance.config.yml +++ b/.github/check-license-compliance.config.yml @@ -16,8 +16,8 @@ licenses: - CC-BY-4.0 - Python-2.0 - BlueOak-1.0.0 - - CC BY-SA 4.0 - CC-BY-3.0 - CC0-1.0 excludePackages: + # The following package is wrongly licensed as "CC BY-SA 4.0", so it is marked as unknown. It should be "CC-BY-SA-4.0". - "@cspell/dict-en-common-misspellings@2.0.7" From 97156a158c3e16085564c77fd587e85e0a87a96e Mon Sep 17 00:00:00 2001 From: javierbrea Date: Tue, 4 Feb 2025 10:18:07 +0100 Subject: [PATCH 4/9] chore: Warn about BSD license. Remove CC BY-SA 4.0 --- .github/check-license-compliance.config.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/check-license-compliance.config.yml b/.github/check-license-compliance.config.yml index 0e02903..442e47d 100644 --- a/.github/check-license-compliance.config.yml +++ b/.github/check-license-compliance.config.yml @@ -18,6 +18,8 @@ licenses: - BlueOak-1.0.0 - CC-BY-3.0 - CC0-1.0 -excludePackages: - # The following package is wrongly licensed as "CC BY-SA 4.0", so it is marked as unknown. It should be "CC-BY-SA-4.0". - - "@cspell/dict-en-common-misspellings@2.0.7" + # @cspell/dict-en-common-misspellings@2.0.7 package has "CC BY-SA 4.0" license, which is not a valid SPDX identifier + # - CC BY-SA 4.0 + # babel-plugin-transform-import-meta@2.2.1 package has "BSD" license, which is not a valid SPDX identifier + - BSD +log: debug From 37328b80dbccfe292ed5001b84e2d60cb7394d18 Mon Sep 17 00:00:00 2001 From: javierbrea Date: Tue, 4 Feb 2025 10:23:43 +0100 Subject: [PATCH 5/9] chore: Debug action --- .github/workflows/open-source-checks.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/open-source-checks.yml b/.github/workflows/open-source-checks.yml index 0c6c513..693a056 100644 --- a/.github/workflows/open-source-checks.yml +++ b/.github/workflows/open-source-checks.yml @@ -46,6 +46,7 @@ jobs: uses: Telefonica/check-license-compliance/.github/actions/check-and-comment@v2 with: config-file: .github/check-license-compliance.config.yml + log: debug env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From f0e204277ac8283a1b9698c3229e65dba84037d7 Mon Sep 17 00:00:00 2001 From: javierbrea Date: Tue, 4 Feb 2025 11:16:44 +0100 Subject: [PATCH 6/9] chore: Ignore @babel/plugin-transform-import-meta --- .github/check-license-compliance.config.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/check-license-compliance.config.yml b/.github/check-license-compliance.config.yml index 442e47d..4ed5953 100644 --- a/.github/check-license-compliance.config.yml +++ b/.github/check-license-compliance.config.yml @@ -18,8 +18,7 @@ licenses: - BlueOak-1.0.0 - CC-BY-3.0 - CC0-1.0 - # @cspell/dict-en-common-misspellings@2.0.7 package has "CC BY-SA 4.0" license, which is not a valid SPDX identifier - # - CC BY-SA 4.0 - # babel-plugin-transform-import-meta@2.2.1 package has "BSD" license, which is not a valid SPDX identifier - - BSD log: debug +excludePackages: + # The following packages have a license that is not a valid SPDX identifier + - '@babel/plugin-transform-import-meta@2.2.1' # BSD From 21e134e602020a1459b8fda480a36ab05e8dce17 Mon Sep 17 00:00:00 2001 From: javierbrea Date: Tue, 4 Feb 2025 11:18:00 +0100 Subject: [PATCH 7/9] fix: Fix package name --- .github/check-license-compliance.config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/check-license-compliance.config.yml b/.github/check-license-compliance.config.yml index 4ed5953..5e9c4f5 100644 --- a/.github/check-license-compliance.config.yml +++ b/.github/check-license-compliance.config.yml @@ -21,4 +21,4 @@ licenses: log: debug excludePackages: # The following packages have a license that is not a valid SPDX identifier - - '@babel/plugin-transform-import-meta@2.2.1' # BSD + - 'babel-plugin-transform-import-meta@2.2.1' # BSD From 78ebc4c5dd404190b38d046cae743560bace96ca Mon Sep 17 00:00:00 2001 From: javierbrea Date: Tue, 4 Feb 2025 11:19:01 +0100 Subject: [PATCH 8/9] chore: Remove not valid SPDX identifiers --- .github/check-license-compliance.config.yml | 2 -- templates/.github/check-license-compliance.config.yml | 2 -- 2 files changed, 4 deletions(-) diff --git a/.github/check-license-compliance.config.yml b/.github/check-license-compliance.config.yml index 5e9c4f5..a0340ef 100644 --- a/.github/check-license-compliance.config.yml +++ b/.github/check-license-compliance.config.yml @@ -5,9 +5,7 @@ licenses: allowed: - Apache-2.0 - MIT - - BSD - ISC - - (MIT AND CC-BY-3.0) warning: - LGPL-3.0 - LGPL-2.0 diff --git a/templates/.github/check-license-compliance.config.yml b/templates/.github/check-license-compliance.config.yml index 4eaec69..65d5122 100644 --- a/templates/.github/check-license-compliance.config.yml +++ b/templates/.github/check-license-compliance.config.yml @@ -5,9 +5,7 @@ licenses: allowed: - Apache-2.0 - MIT - - BSD - ISC - - (MIT AND CC-BY-3.0) warning: - LGPL-3.0 - LGPL-2.0 From 944a327c071e78df9bcba48d93688c13ef1ee2b6 Mon Sep 17 00:00:00 2001 From: javierbrea Date: Tue, 4 Feb 2025 11:20:59 +0100 Subject: [PATCH 9/9] chore: Remove not valid SPDX identifiers --- .github/check-license-compliance.config.yml | 1 + templates/.github/check-license-compliance.config.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/check-license-compliance.config.yml b/.github/check-license-compliance.config.yml index a0340ef..d0ff035 100644 --- a/.github/check-license-compliance.config.yml +++ b/.github/check-license-compliance.config.yml @@ -5,6 +5,7 @@ licenses: allowed: - Apache-2.0 - MIT + - BSD - ISC warning: - LGPL-3.0 diff --git a/templates/.github/check-license-compliance.config.yml b/templates/.github/check-license-compliance.config.yml index 65d5122..113f824 100644 --- a/templates/.github/check-license-compliance.config.yml +++ b/templates/.github/check-license-compliance.config.yml @@ -5,6 +5,7 @@ licenses: allowed: - Apache-2.0 - MIT + - BSD - ISC warning: - LGPL-3.0