diff --git a/.github/.grant.yml b/.github/.grant.yml index 44821c5..773eb90 100644 --- a/.github/.grant.yml +++ b/.github/.grant.yml @@ -1,13 +1,48 @@ -rules: - - pattern: "*" - name: "Block AGPL licenses" - mode: "block" - reason: "AGPL licenses are not allowed in this project" - licenses: - - "agpl" - - "agpl-1.0" - - "agpl-1.0-only" - - "agpl-1.0-or-later" - - "agpl-3.0" - - "agpl-3.0-only" - - "agpl-3.0-or-later" +require-license: false # Some packages may not have explicit licenses +require-known-license: false + +# Allow list - licenses that are permitted +allow: + # Permissive licenses + - MIT + - Apache-2.0 + - BSD-2-Clause + - BSD-3-Clause + - BSD + - BSD-License + - ISC + - ISC-License + - 0BSD + + # Python-specific licenses + - PSF-2.0 + - Python-2.0 + - Dual-License + + # Weak copyleft licenses (generally acceptable) + - LGPL + - LGPL-2.1 + - LGPL-2.1-or-later + - LGPL-3.0 + - LGPL-3.0-or-later + - MPL-2.0 + + # Other licenses + - Unlicense + - CC0-1.0 + - WTFPL + - Artistic-License + - GPL-3.0-only + +# Block list - licenses that are not allowed +block: + - AGPL-1.0 + - AGPL-1.0-only + - AGPL-1.0-or-later + - AGPL-3.0 + - AGPL-3.0-only + - AGPL-3.0-or-later + +# Ignore specific packages if needed +ignore-packages: + - "UnknownPackage:*" diff --git a/hooks/post_gen_project.py b/hooks/post_gen_project.py index d173c3a..72579aa 100755 --- a/hooks/post_gen_project.py +++ b/hooks/post_gen_project.py @@ -152,6 +152,7 @@ def notify_envrc() -> None: def notify_dockerhub_secrets() -> None: """Notify user about required Docker Hub secrets for releases.""" + # We no longer need this once https://github.com/docker/roadmap/issues/314 is available print("\n" + "=" * 70) print("IMPORTANT: Docker Hub Publishing Enabled") print("=" * 70) @@ -168,6 +169,46 @@ def notify_dockerhub_secrets() -> None: print("=" * 70 + "\n") +def opportunistically_install_zenable_tools() -> None: + """Opportunistically install zenable-mcp if uvx is available.""" + # Check if uvx is not available + if not shutil.which("uvx"): + # uvx is not available, notify the user + print("\n" + "=" * 70) + print("NOTE: Skipped configuring the Zenable AI coding guardrails") + print("=" * 70) + print("\nConfiguring the Zenable AI coding guardrails requires the uv package manager.") + print("To set this up later:") + print("\n1. Install uv via https://docs.astral.sh/uv/getting-started/installation/") + print("2. Run: uvx zenable-mcp@latest install") + print("=" * 70 + "\n") + + LOG.warning("uvx was not found in PATH, so the Zenable integrations were not installed.") + return + + # uvx is available, attempt to install zenable-mcp + LOG.debug("uvx is available in PATH, attempting to install the Zenable tools...") + try: + subprocess.run(["uvx", "zenable-mcp@latest", "install"], check=True, timeout=60) + print("\n" + "=" * 70) + print("Successfully configured the Zenable AI coding guardrails 🚀") + print("To start using it, just open the IDE of your choice, login to the MCP server, and you're all set 🤖") + print("Learn more at https://docs.zenable.io") + print("=" * 70 + "\n") + except Exception: + # Log the error but don't fail - this is opportunistic + LOG.warning("Failed to configure the Zenable AI coding guardrails") + print("\n" + "=" * 70) + print("WARNING: Failed to configure the Zenable AI coding guardrails") + print("=" * 70) + print("You can retry it later by running:") + print("\n uvx zenable-mcp@latest install") + print("\nTo report issues, please contact:") + print(" • https://zenable.io/feedback") + print(" • support@zenable.io") + print("=" * 70 + "\n") + + def run_post_gen_hook(): """Run post generation hook""" try: @@ -185,6 +226,8 @@ def run_post_gen_hook(): subprocess.run(["git", "init", "--initial-branch=main"], capture_output=True, check=True) + opportunistically_install_zenable_tools() + # This is important for testing project generation for CI if ( os.environ.get("GITHUB_ACTIONS") == "true"