check hashicorp: Add hashicorp whitelist (#279)

Signed-off-by: Or Shoval <oshoval@redhat.com>
k8snetworkplumbingwg · Oct 3, 2023 · 96fc174 · 96fc174
1 parent 0ed76c9
commit 96fc174
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 0 deletions.
diff --git a/.github/workflows/check_hashicorp_modules.yaml b/.github/workflows/check_hashicorp_modules.yaml
@@ -0,0 +1,10 @@
+name: Check HashiCorp Modules
+on: [push, pull_request]
+jobs:
+  check_modules:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+    - name: Run script
+      run: ./hack/check_hashicorp.sh
diff --git a/hack/check_hashicorp.sh b/hack/check_hashicorp.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+allowed_hashicorp_modules=(
+    "github.com/hashicorp/errwrap"
+    "github.com/hashicorp/go-multierror"
+    "github.com/hashicorp/hcl"
+)
+
+error_found=false
+while read -r line; do
+    if ! [[ " ${allowed_hashicorp_modules[*]} " == *" $line "* ]]; then
+        echo "found non allowlisted hashicorp module: $line"
+        error_found=true
+    fi
+done < <(grep -i hashicorp go.mod | grep -o 'github.com/[^ ]*')
+
+if [[ $error_found == true ]]; then
+    echo "Non allowlisted hashicorp modules found, exiting with an error."
+    echo "HashiCorp adapted BSL, which we cant use on our projects."
+    echo "Please review the licensing, and either add it to the list if it isn't BSL,"
+    echo "or use a different library."
+    exit 1
+fi
+echo "All included hashicorp modules are allowlisted"