CI: add job for checking licenses from dependencies

[flaviodsr]

The check is implemented using wwhrd [1] and the allowed
licenses are listed on the .wwhrd.yml file.

1. https://github.com/frapposelli/wwhrd

Fix: #349

[dottorblaster]

LGTM

[arbulu89]

Hey @flaviodsr ,
So comments worth checking.
As a side note, if you don't have your golang bin directory in your path the wwhrd execution fails

[arbulu89]

Can we rename the file to have yaml extension rather than yml, as we already have files with the 2nd extesion

[flaviodsr]

done.

[arbulu89]

We don't really need to run this in 2 steps, right?
check-licenses already depend on install-wwhrd, so calling the 2nd would call the 1st by default

[flaviodsr]

you are right, I just thought that in case of failure of the install it would be more clear having a step specifically doing that.

Anyways, I have removed the step.

[arbulu89]

I don't know that much about golang dependencies, but I wonder if there is some option to define this dependency as a development dependency

[flaviodsr]

I am not aware of such option. Did some research and could not find it either.

[dottorblaster]

I would ask @fabriziosestito since he is the lord of that pattern but I think we can actually declare wwhrd in the tools/tools.go file having it fetched inside deps

[flaviodsr]

@arbulu89 thanks for the review.

Regarding the golang bin directory, do you have a suggestion on how to fix that? I could add $GOPATH/bin to the path of the binary, however there is also the case where it is not defined which defaults to $HOME/go/bin. Not sure if it would be worthy going over all the options.