ci: add license checker #3
Conversation
📝 WalkthroughWalkthroughAdds a new GitHub Actions workflow Sequence Diagram(s)sequenceDiagram
participant Dev as Developer
participant GH as GitHub
participant WF as Workflow: Check Licenses
participant Runner as Runner (ubuntu-latest)
participant Repo as Repository
participant Setup as Base Setup Action
participant jlpm as jlpm
participant Tool as license-checker-rseidelsohn
Dev->>GH: Push to main / Open PR
GH->>WF: Trigger workflow (concurrency group enforces cancel)
WF->>Runner: Start job check_licenses
Runner->>Repo: actions/checkout
Runner->>Setup: Run base setup action
Runner->>jlpm: Execute `jlpm check-licenses`
jlpm->>Tool: Invoke license-checker-rseidelsohn
Tool-->>Runner: Return results (success/failure)
Runner-->>GH: Report job status
Possibly related PRs
Pre-merge checks❌ Failed checks (2 warnings)
✅ Passed checks (3 passed)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (2)
.github/workflows/check-licenses.yml(1 hunks)package.json(3 hunks)
🧰 Additional context used
🪛 YAMLlint (1.37.1)
.github/workflows/check-licenses.yml
[warning] 2-2: truthy value should be one of [false, true]
(truthy)
[error] 23-23: too many blank lines (1 > 0)
(empty-lines)
There was a problem hiding this comment.
Actionable comments posted: 2
♻️ Duplicate comments (1)
package.json (1)
39-39: Fix Windows quoting in the script. The single-quoted allow-list breaks undercmd.exe, so Windows contributors can’t run the check. Switch to escaped double quotes.- "check-licenses": "license-checker-rseidelsohn --onlyAllow 'MIT;Apache-2.0;BSD-2-Clause;BSD-3-Clause;ISC;0BSD;CC0-1.0;Python-2.0;CC-BY-3.0;CC-BY-4.0;Unlicense;BlueOak-1.0.0;(MIT OR Apache-2.0);(MIT AND BSD-3-Clause);(Apache-2.0 OR MIT);(BSD-2-Clause OR MIT OR Apache-2.0);(MIT OR CC0-1.0);(MIT AND CC-BY-3.0);(Unlicense OR Apache-2.0)'", + "check-licenses": "license-checker-rseidelsohn --onlyAllow \"MIT;Apache-2.0;BSD-2-Clause;BSD-3-Clause;ISC;0BSD;CC0-1.0;Python-2.0;CC-BY-3.0;CC-BY-4.0;Unlicense;BlueOak-1.0.0;(MIT OR Apache-2.0);(MIT AND BSD-3-Clause);(Apache-2.0 OR MIT);(BSD-2-Clause OR MIT OR Apache-2.0);(MIT OR CC0-1.0);(MIT AND CC-BY-3.0);(Unlicense OR Apache-2.0)\"",
📜 Review details
Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (2)
.github/workflows/check-licenses.yml(1 hunks)package.json(2 hunks)
🧰 Additional context used
🪛 YAMLlint (1.37.1)
.github/workflows/check-licenses.yml
[warning] 2-2: truthy value should be one of [false, true]
(truthy)
[error] 24-24: too many blank lines (1 > 0)
(empty-lines)
There was a problem hiding this comment.
Actionable comments posted: 3
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
package.json (1)
14-14: License mismatch with OSS-110 (Apache 2.0).Project declares BSD-3-Clause; linked issue requires Apache-2.0. Update package metadata and add a LICENSE file.
Apply:
- "license": "BSD-3-Clause", + "license": "Apache-2.0",Also add an Apache-2.0 LICENSE file (and NOTICE if needed). I can draft it.
♻️ Duplicate comments (2)
.github/workflows/check-licenses.yml (1)
21-22: Remove extra blank line between steps.- - name: Base Setup - uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 - + - name: Base Setup + uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1As per static analysis hints.
package.json (1)
39-39: Fix Windows quoting and pin tool; avoid npx.Use escaped double quotes (cmd.exe), and add license-checker-rseidelsohn as a devDependency to avoid network drift; invoke the local binary.
Script:
- "check-licenses": "npx license-checker-rseidelsohn --onlyAllow 'MIT;Apache-2.0;BSD-2-Clause;BSD-3-Clause;ISC;0BSD;CC0-1.0;Python-2.0;CC-BY-3.0;CC-BY-4.0;Unlicense;BlueOak-1.0.0;(MIT OR Apache-2.0);(MIT AND BSD-3-Clause);(Apache-2.0 OR MIT);(BSD-2-Clause OR MIT OR Apache-2.0);(MIT OR CC0-1.0);(MIT AND CC-BY-3.0);(Unlicense OR Apache-2.0)'", + "check-licenses": "license-checker-rseidelsohn --onlyAllow \"MIT;Apache-2.0;BSD-2-Clause;BSD-3-Clause;ISC;0BSD;CC0-1.0;Python-2.0;CC-BY-3.0;CC-BY-4.0;Unlicense;BlueOak-1.0.0;(MIT OR Apache-2.0);(MIT AND BSD-3-Clause);(Apache-2.0 OR MIT);(BSD-2-Clause OR MIT OR Apache-2.0);(MIT OR CC0-1.0);(MIT AND CC-BY-3.0);(Unlicense OR Apache-2.0)\"",Then add devDependency (pick a pinned version):
"devDependencies": { "...": "...", "license-checker-rseidelsohn": "x.y.z" }Verify with:
yarn dlx license-checker-rseidelsohn --version
📜 Review details
Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (2)
.github/workflows/check-licenses.yml(1 hunks)package.json(1 hunks)
🧰 Additional context used
🪛 YAMLlint (1.37.1)
.github/workflows/check-licenses.yml
[warning] 2-2: truthy value should be one of [false, true]
(truthy)
[error] 24-24: too many blank lines (1 > 0)
(empty-lines)
| @@ -0,0 +1,24 @@ | |||
| name: Check Licenses | |||
| on: | |||
There was a problem hiding this comment.
Quote “on” to satisfy yamllint.
-on:
+'on':As per static analysis hints.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| on: | |
| 'on': |
🧰 Tools
🪛 YAMLlint (1.37.1)
[warning] 2-2: truthy value should be one of [false, true]
(truthy)
🤖 Prompt for AI Agents
.github/workflows/check-licenses.yml around line 2: the top-level YAML key on is
unquoted and flagged by yamllint; update that line to quote the key (replace on:
with "on":) so the file uses a quoted key, then run a quick yamllint check to
confirm the warning is resolved.
| push: | ||
| branches: ["main"] | ||
| pull_request: | ||
| branches: ["*"] |
There was a problem hiding this comment.
Wildcard will miss branch names with slashes.
For pull_request, "*" won’t match branches like feature/foo. Use "**" or drop the filter.
- pull_request:
- branches: ["*"]
+ pull_request:
+ branches: ["**"]🤖 Prompt for AI Agents
.github/workflows/check-licenses.yml around line 6: the branches filter uses "*"
which does not match branch names containing slashes (e.g., feature/foo); update
the filter to use "**" (branches: ["**"]) or remove the branches filter entirely
so pull_request triggers run for all branches with slashes, and commit the
change to the workflow file.
| uses: jupyterlab/maintainer-tools/.github/actions/base-setup@v1 | ||
|
|
||
| - name: Check Licenses | ||
| run: yarn check-licenses |
There was a problem hiding this comment.
🧹 Nitpick | 🔵 Trivial
Use jlpm for consistency with repo tooling.
Most scripts use jlpm; align here.
- run: yarn check-licenses
+ run: jlpm check-licenses📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| run: yarn check-licenses | |
| run: jlpm check-licenses |
🤖 Prompt for AI Agents
.github/workflows/check-licenses.yml around line 23: the workflow runs the
license check with "yarn check-licenses" but the repo uses jlpm for package
script execution; update the step to use "jlpm check-licenses" instead of "yarn
check-licenses" so the workflow uses the same package manager wrapper as the
rest of the project.
Fixes: OSS-110 https://linear.app/deepnote/issue/OSS-110/add-a-license
Summary by CodeRabbit