Mirrors/Stirling-PDF
Mirrors/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Frooodle/Stirling-PDF.git synced 2025-02-07 00:17:07 +01:00
Code Issues Packages Projects Releases Wiki Activity

checks the compatibility of the licenses (#2844)

Browse Source 
# Description of Changes

### What was changed
- An **automated license check** was integrated into the CI/CD workflow
(`build.yml` and `licenses-update.yml`).
- A new file, `allowed-licenses.json`, was added to explicitly define
the permitted licenses.
- The **Gradle build process** was updated to run `checkLicense` and
detect any non-compliant licenses.

### Why the change was made
- **Improved license compliance** to ensure only compatible licenses are
used.
- **Automated license validation** within the CI/CD workflow to detect
potential incompatibilities early.
- **Legal risk mitigation** by excluding problematic licenses like
**GPL-2.0 (without Classpath Exception)**.

### Any challenges encountered
- The **allowed license list had to be manually curated** to ensure all
relevant open-source libraries were covered.
- Some dependencies use **slightly different license names** (e.g.,
`"Apache License, Version 2.0"` vs. `"Apache-2.0"`), which needed to be
handled in the validation process.

---

## Checklist

### General

- [x] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [x] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md)
(if applicable)
- [x] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md)
(if applicable)
- [x] I have performed a self-review of my own code
- [x] My changes generate no new warnings

### Documentation

- [x] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)

### UI Changes (if applicable)

- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)

### Testing (if applicable)

- [x] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing)
for more details.
This commit is contained in:
Ludy 2025-02-03 11:13:02 +01:00 committed by GitHub
parent 4a7df3fd3f
commit 9e8c16f313
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 207 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
.github/workflows/build.yml vendored
View File

@ -64,6 +64,35 @@ jobs:
build/reports/problems/
retention-days: 3
check-licence:
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Set up JDK 17
uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12 # v4.7.0
with:
java-version: "17"
distribution: "adopt"
- name: check the licenses for compatibility
run: ./gradlew clean checkLicense
- name: FAILED - check the licenses for compatibility
if: failure()
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: dependencies-without-allowed-license.json
path: |
build/reports/dependency-license/dependencies-without-allowed-license.json
retention-days: 3
docker-compose-tests:
# if: github.event_name == 'push' && github.ref == 'refs/heads/main' ||
# (github.event_name == 'pull_request' &&

13
.github/workflows/licenses-update.yml vendored
View File

@ -40,8 +40,17 @@ jobs:
- uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2
- name: Run Gradle Command
run: ./gradlew clean generateLicenseReport
- name: check the licenses for compatibility
run: ./gradlew clean checkLicense
- name: FAILED - check the licenses for compatibility
if: failure()
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
with:
name: dependencies-without-allowed-license.json
path: |
build/reports/dependency-license/dependencies-without-allowed-license.json
retention-days: 3
- name: Move and Rename License File
run: |

164
allowed-licenses.json Normal file
View File

@ -0,0 +1,164 @@
{
"allowedLicenses": [
{
"moduleName": ".*",
"moduleLicense": "BSD License"
},
{
"moduleName": ".*",
"moduleLicense": "The BSD License"
},
{
"moduleName": ".*",
"moduleLicense": "BSD-2-Clause"
},
{
"moduleName": ".*",
"moduleLicense": "BSD 2-Clause License"
},
{
"moduleName": ".*",
"moduleLicense": "The 2-Clause BSD License"
},
{
"moduleName": ".*",
"moduleLicense": "BSD-3-Clause"
},
{
"moduleName": ".*",
"moduleLicense": "The BSD 3-Clause License (BSD3)"
},
{
"moduleName": ".*",
"moduleLicense": "BSD-4 License"
},
{
"moduleName": ".*",
"moduleLicense": "MIT"
},
{
"moduleName": ".*",
"moduleLicense": "MIT License"
},
{
"moduleName": ".*",
"moduleLicense": "The MIT License"
},
{
"moduleName": "com.github.jai-imageio:jai-imageio-core",
"moduleLicense": "LICENSE.txt"
},
{
"moduleName": "com.github.jai-imageio:jai-imageio-jpeg2000",
"moduleLicense": "LICENSE-JJ2000.txt, LICENSE-Sun.txt"
},
{
"moduleName": ".*",
"moduleLicense": "Apache 2"
},
{
"moduleName": ".*",
"moduleLicense": "Apache 2.0"
},
{
"moduleName": ".*",
"moduleLicense": "Apache-2.0"
},
{
"moduleName": ".*",
"moduleLicense": "Apache-2.0 License"
},
{
"moduleName": ".*",
"moduleLicense": "Apache License 2.0"
},
{
"moduleName": ".*",
"moduleLicense": "Apache License Version 2.0"
},
{
"moduleName": ".*",
"moduleLicense": "Apache License, Version 2.0"
},
{
"moduleName": ".*",
"moduleLicense": "The Apache License, Version 2.0"
},
{
"moduleName": ".*",
"moduleLicense": "The Apache Software License, Version 2.0"
},
{
"moduleName": "com.nimbusds:oauth2-oidc-sdk",
"moduleLicense": "\"Apache License, version 2.0\";link=\"https://www.apache.org/licenses/LICENSE-2.0.html\""
},
{
"moduleName": ".*",
"moduleLicense": "MPL 2.0"
},
{
"moduleName": ".*",
"moduleLicense": "UnboundID SCIM2 SDK Free Use License"
},
{
"moduleName": ".*",
"moduleLicense": "GPL2 w/ CPE"
},
{
"moduleName": ".*",
"moduleLicense": "GPLv2+CE"
},
{
"moduleName": ".*",
"moduleLicense": "GNU GENERAL PUBLIC LICENSE, Version 2 + Classpath Exception"
},
{
"moduleName": "com.martiansoftware:jsap",
"moduleLicense": "LGPL"
},
{
"moduleName": "org.hibernate.orm:hibernate-core",
"moduleLicense": "GNU Library General Public License v2.1 or later"
},
{
"moduleName": ".*",
"moduleLicense": "COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0"
},
{
"moduleName": ".*",
"moduleLicense": "Eclipse Public License - v 1.0"
},
{
"moduleName": ".*",
"moduleLicense": "Eclipse Public License v. 2.0"
},
{
"moduleName": ".*",
"moduleLicense": "Eclipse Public License - v 2.0"
},
{
"moduleName": ".*",
"moduleLicense": "Eclipse Public License - Version 2.0"
},
{
"moduleName": ".*",
"moduleLicense": "Eclipse Public License, Version 2.0"
},
{
"moduleName": ".*",
"moduleLicense": "Ubuntu Font Licence 1.0"
},
{
"moduleName": ".*",
"moduleLicense": "Bouncy Castle Licence"
},
{
"moduleName": ".*",
"moduleLicense": "Public Domain, per Creative Commons CC0"
},
{
"moduleName": ".*",
"moduleLicense": "The W3C License"
}
]
}

1
build.gradle
View File

@ -41,6 +41,7 @@ repositories {
licenseReport {
renderers = [new JsonReportRenderer()]
allowedLicensesFile = new File("$projectDir/allowed-licenses.json")
}
sourceSets {