checks the compatibility of the licenses

2025-02-07 00:17:07 +01:00 · 2025-02-01 23:43:35 +01:00 · 2025-02-01 23:43:35 +01:00 · 8298bf32a1
commit 8298bf32a1
parent 00e1f74f48
4 changed files with 207 additions and 4 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -64,6 +64,35 @@ jobs:
            build/reports/problems/
          retention-days: 3

+  check-licence:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
+        with:
+          java-version: "17"
+          distribution: "adopt"
+
+      - name: check the licenses for compatibility
+        run: ./gradlew clean checkLicense
+
+      - name: FAILED - check the licenses for compatibility
+        if: failure()
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: dependencies-without-allowed-license.json
+          path: |
+            build/reports/dependency-license/dependencies-without-allowed-license.json
+          retention-days: 3
+
  docker-compose-tests:
    # if: github.event_name == 'push' && github.ref == 'refs/heads/main' ||
    #     (github.event_name == 'pull_request' &&
--- a/.github/workflows/licenses-update.yml
+++ b/.github/workflows/licenses-update.yml
@ -28,7 +28,7 @@ jobs:
        with:
          app-id: ${{ secrets.GH_APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
-          
+
      - name: Check out code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

@ -40,8 +40,17 @@ jobs:

      - uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2

-      - name: Run Gradle Command
-        run: ./gradlew clean generateLicenseReport
+      - name: check the licenses for compatibility
+        run: ./gradlew clean checkLicense
+
+      - name: FAILED - check the licenses for compatibility
+        if: failure()
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        with:
+          name: dependencies-without-allowed-license.json
+          path: |
+            build/reports/dependency-license/dependencies-without-allowed-license.json
+          retention-days: 3

      - name: Move and Rename License File
        run: |
--- a/allowed-licenses.json
+++ b/allowed-licenses.json
@ -0,0 +1,164 @@
+{
+  "allowedLicenses": [
+    {
+      "moduleName": ".*",
+      "moduleLicense": "BSD License"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "The BSD License"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "BSD-2-Clause"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "BSD 2-Clause License"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "The 2-Clause BSD License"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "BSD-3-Clause"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "The BSD 3-Clause License (BSD3)"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "BSD-4 License"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "MIT"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "MIT License"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "The MIT License"
+    },
+    {
+      "moduleName": "com.github.jai-imageio:jai-imageio-core",
+      "moduleLicense": "LICENSE.txt"
+    },
+    {
+      "moduleName": "com.github.jai-imageio:jai-imageio-jpeg2000",
+      "moduleLicense": "LICENSE-JJ2000.txt, LICENSE-Sun.txt"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "Apache 2"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "Apache 2.0"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "Apache-2.0"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "Apache-2.0 License"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "Apache License 2.0"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "Apache License Version 2.0"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "Apache License, Version 2.0"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "The Apache License, Version 2.0"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "The Apache Software License, Version 2.0"
+    },
+    {
+      "moduleName": "com.nimbusds:oauth2-oidc-sdk",
+      "moduleLicense": "\"Apache License, version 2.0\";link=\"https://www.apache.org/licenses/LICENSE-2.0.html\""
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "MPL 2.0"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "UnboundID SCIM2 SDK Free Use License"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "GPL2 w/ CPE"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "GPLv2+CE"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "GNU GENERAL PUBLIC LICENSE, Version 2 + Classpath Exception"
+    },
+    {
+      "moduleName": "com.martiansoftware:jsap",
+      "moduleLicense": "LGPL"
+    },
+    {
+      "moduleName": "org.hibernate.orm:hibernate-core",
+      "moduleLicense": "GNU Library General Public License v2.1 or later"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "Eclipse Public License - v 1.0"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "Eclipse Public License v. 2.0"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "Eclipse Public License - v 2.0"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "Eclipse Public License - Version 2.0"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "Eclipse Public License, Version 2.0"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "Ubuntu Font Licence 1.0"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "Bouncy Castle Licence"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "Public Domain, per Creative Commons CC0"
+    },
+    {
+      "moduleName": ".*",
+      "moduleLicense": "The W3C License"
+    }
+  ]
+}
--- a/build.gradle
+++ b/build.gradle
@ -41,6 +41,7 @@ repositories {

 licenseReport {
    renderers = [new JsonReportRenderer()]
+    allowedLicensesFile = new File("$projectDir/allowed-licenses.json")
 }

 sourceSets {
@ -366,7 +367,7 @@ dependencies {
        exclude group: "commons-logging", module: "commons-logging"
    }
    implementation "org.apache.pdfbox:preflight:$pdfboxVersion"
-    
+

    implementation ("org.apache.pdfbox:xmpbox:$pdfboxVersion") {
        exclude group: "commons-logging", module: "commons-logging"