CI: add job for checking licenses from dependencies

The check is implemented using wwhrd [1] and the allowed licenses are listed on the `.wwhrd.yml` file. 1. https://github.com/frapposelli/wwhrd
trento-project · Jan 27, 2022 · 8ecdbd4 · 8ecdbd4
1 parent 8d2d02b
commit 8ecdbd4
Show file tree

Hide file tree

Showing 4 changed files with 90 additions and 57 deletions.
diff --git a/.github/workflows/ci-cd.yaml b/.github/workflows/ci-cd.yaml
@@ -3,9 +3,9 @@ concurrency: ci-${{ github.ref }}
 on:
   push:
     tags-ignore:
-      - '*'
+      - "*"
     branches:
-      - 'main'
+      - "main"
   pull_request:
   release:
     types: [published]
@@ -66,7 +66,7 @@ jobs:
         run: make fmt-check
       - name: frontend lint and coding style check
         run: make web-check
-    
+
   test-checks:
     runs-on: ubuntu-20.04
     steps:
@@ -88,6 +88,16 @@ jobs:
       - name: trento checks ID sanity test
         run: python3 hack/id_checker.py
 
+  check-licenses:
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-go@v2
+        with:
+          go-version: 1.16
+      - name: Run check
+        run: make check-licenses
+
   test-e2e:
     needs: build-static-binary
     runs-on: ubuntu-20.04
@@ -289,10 +299,10 @@ jobs:
         with:
           name: trento-binaries
           path: |
-                  build/trento-amd64.tgz
-                  build/trento-arm64.tgz
-                  build/trento-ppc64le.tgz
-                  build/trento-s390x.tgz
+            build/trento-amd64.tgz
+            build/trento-arm64.tgz
+            build/trento-ppc64le.tgz
+            build/trento-s390x.tgz
 
   release-rolling:
     needs: [test-binary, test-checks, test-e2e]
@@ -330,8 +340,14 @@ jobs:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
   deploy-server:
-    runs-on: [ self-hosted, trento-gh-runner ]
-    needs: [ smoke-test-container-images, build-and-push-container-images, test-helm-charts, release-rolling ]
+    runs-on: [self-hosted, trento-gh-runner]
+    needs:
+      [
+        smoke-test-container-images,
+        build-and-push-container-images,
+        test-helm-charts,
+        release-rolling,
+      ]
     if: (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'workflow_dispatch'
     environment: AZURE_DEMO
     env:
@@ -352,8 +368,8 @@ jobs:
         run: ssh "$TRENTO_USER@$TRENTO_SERVER_HOST" "TRENTO_REPO_OWNER=$TRENTO_REPO_OWNER sudo --preserve-env=PATH,TRENTO_REPO_OWNER bash -s" -- < ./install-server.sh -r -p ~/.ssh/id_rsa
 
   deploy-agents:
-    runs-on: [ self-hosted, trento-gh-runner ]
-    needs: [ deploy-server ]
+    runs-on: [self-hosted, trento-gh-runner]
+    needs: [deploy-server]
     if: github.ref_name == 'main'
     environment: AZURE_DEMO
     env:
@@ -379,36 +395,36 @@ jobs:
     container:
       image: ghcr.io/trento-project/continuous-delivery:master
       env:
-        GITHUB_OAUTH_TOKEN:  ${{ secrets.GITHUB_TOKEN }}
+        GITHUB_OAUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
-    - uses: actions/checkout@v2
-      with:
-        fetch-depth: 0
-    - name: configure OSC
-    # OSC credentials must be configured beforehand as the HOME variables cannot be changed from /github/home
-    # that is used to run osc commands
-      run: |
-        /scripts/init_osc_creds.sh
-        mkdir -p $HOME/.config/osc
-        cp /root/.config/osc/oscrc $HOME/.config/osc
-    - name: Prepare trento.changes file
-    # The .changes file is updated only in release creation. This current task should be improved
-    # in order to add the current rolling release notes
-      if: github.event_name == 'release'
-      run: |
-        osc checkout $OBS_PROJECT trento trento.changes
-        mv trento.changes $FOLDER
-        VERSION=$(./hack/get_version_from_git.sh)
-        TAG=$(echo $VERSION | cut -f1 -d+)
-        hack/gh_release_to_obs_changeset.py $REPOSITORY -a shap-staff@suse.de -t $TAG -f $FOLDER/trento.changes
-    - name: prepare _service file
-      run: |
-        VERSION=$(./hack/get_version_from_git.sh)
-        sed -i 's~%%REVISION%%~${{ github.sha }}~' $FOLDER/_service && \
-        sed -i 's~%%REPOSITORY%%~${{ github.repository }}~' $FOLDER/_service && \
-        sed -i 's~%%VERSION%%~'"${VERSION}"'~' $FOLDER/_service
-    - name: commit changes into OBS
-      run: cp $FOLDER/_service . && /scripts/upload.sh
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: configure OSC
+        # OSC credentials must be configured beforehand as the HOME variables cannot be changed from /github/home
+        # that is used to run osc commands
+        run: |
+          /scripts/init_osc_creds.sh
+          mkdir -p $HOME/.config/osc
+          cp /root/.config/osc/oscrc $HOME/.config/osc
+      - name: Prepare trento.changes file
+        # The .changes file is updated only in release creation. This current task should be improved
+        # in order to add the current rolling release notes
+        if: github.event_name == 'release'
+        run: |
+          osc checkout $OBS_PROJECT trento trento.changes
+          mv trento.changes $FOLDER
+          VERSION=$(./hack/get_version_from_git.sh)
+          TAG=$(echo $VERSION | cut -f1 -d+)
+          hack/gh_release_to_obs_changeset.py $REPOSITORY -a shap-staff@suse.de -t $TAG -f $FOLDER/trento.changes
+      - name: prepare _service file
+        run: |
+          VERSION=$(./hack/get_version_from_git.sh)
+          sed -i 's~%%REVISION%%~${{ github.sha }}~' $FOLDER/_service && \
+          sed -i 's~%%REPOSITORY%%~${{ github.repository }}~' $FOLDER/_service && \
+          sed -i 's~%%VERSION%%~'"${VERSION}"'~' $FOLDER/_service
+      - name: commit changes into OBS
+        run: cp $FOLDER/_service . && /scripts/upload.sh
 
   obs-submit:
     needs: obs-commit
@@ -417,19 +433,19 @@ jobs:
     container:
       image: ghcr.io/trento-project/continuous-delivery:master
     steps:
-    - uses: actions/checkout@v2
-      with:
-        fetch-depth: 0
-    - name: configure OSC
-      run: |
-        /scripts/init_osc_creds.sh
-        mkdir -p $HOME/.config/osc
-        cp /root/.config/osc/oscrc $HOME/.config/osc
-    - name: prepare _service file
-      run: |
-        VERSION=$(./hack/get_version_from_git.sh)
-        sed -i 's~%%REVISION%%~${{ github.sha }}~' $FOLDER/_service && \
-        sed -i 's~%%REPOSITORY%%~${{ github.repository }}~' $FOLDER/_service && \
-        sed -i 's~%%VERSION%%~'"${VERSION}"'~' $FOLDER/_service
-    - name: submit package
-      run: cp $FOLDER/_service . && /scripts/submit.sh
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: configure OSC
+        run: |
+          /scripts/init_osc_creds.sh
+          mkdir -p $HOME/.config/osc
+          cp /root/.config/osc/oscrc $HOME/.config/osc
+      - name: prepare _service file
+        run: |
+          VERSION=$(./hack/get_version_from_git.sh)
+          sed -i 's~%%REVISION%%~${{ github.sha }}~' $FOLDER/_service && \
+          sed -i 's~%%REPOSITORY%%~${{ github.repository }}~' $FOLDER/_service && \
+          sed -i 's~%%VERSION%%~'"${VERSION}"'~' $FOLDER/_service
+      - name: submit package
+        run: cp $FOLDER/_service . && /scripts/submit.sh
diff --git a/.gitignore b/.gitignore
@@ -5,4 +5,5 @@
 /packaging/helm/trento-server/charts/*.tgz
 /hack/helm/trento-dev/charts/*.tgz
 /test/e2e/cypress/videos
-/test/e2e/cypress/screenshots/
+/test/e2e/cypress/screenshots/
+/vendor
diff --git a/.wwhrd.yaml b/.wwhrd.yaml
@@ -0,0 +1,7 @@
+allowlist:
+  - Apache-2.0
+  - BSD-2-Clause
+  - BSD-3-Clause
+  - ISC
+  - MIT
+  - MPL-2.0
diff --git a/Makefile b/Makefile
@@ -148,3 +148,12 @@ web/frontend/assets/images:
 .PHONY: helm-lint
 helm-lint:
 	docker run --rm -ti --name trento-chart-test -w /workdir -v $(shell pwd):/workdir quay.io/helmpack/chart-testing:v3.4.0 ct lint
+
+.PHONY: install-wwhrd
+install-wwhrd:
+	which wwhrd || go install github.com/frapposelli/wwhrd@latest
+
+.PHONY: check-licenses
+check-licenses: install-wwhrd
+	go mod vendor
+	wwhrd check -q -f .wwhrd.yaml