Skip to content

Commit

Permalink
Add template workflow to check the license file
Browse files Browse the repository at this point in the history 
Whenever one of the recognized license file names are modified in the repository, the workflow runs to check whether the
license can be recognized and whether it is of the expected type.

GitHub has a useful automated license detection system that determines the license type used by a repository, and
surfaces that information in the repository home page, the search web interface, and the GitHub API. This license
detection system requires that the license be defined by a dedicated file with one of several standardized filenames and
paths.

GitHub's license detection system uses the popular licensee tool, so this file also serves to define the license type
for any other usages of licensee, as well as to human readers of the file.

For this reason, and to ensure it remains a valid legal instrument, it's important that there be no non-standard
modifications to the license file or collisions with other supported licence files. This workflow ensures that any
changes which would change the license type or which license file is used by the detection are caught automatically.
  • Loading branch information
@per1234
per1234 committed Jun 16, 2021
1 parent bfd34ba commit 32da0ef
Show file tree
Hide file tree
Showing 4 changed files with 207 additions and 6 deletions.
15 changes: 9 additions & 6 deletions .github/workflows/check-license.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,19 +47,22 @@ jobs:

- name: Check license file
run: |
EXIT_STATUS=0
# See: https://github.com/licensee/licensee
LICENSEE_OUTPUT="$(licensee detect --json --confidence=100)"
DETECTED_LICENSE_FILE="$(echo "$LICENSEE_OUTPUT" | jq .matched_files[0].filename | tr --delete '\r')"
echo "Detected license file: $DETECTED_LICENSE_FILE"
if [ "$DETECTED_LICENSE_FILE" != "\"$EXPECTED_LICENSE_FILENAME\"" ]; then
echo "ERROR: detected license file doesn't match expected: $EXPECTED_LICENSE_FILENAME"
exit 1
if [ "$DETECTED_LICENSE_FILE" != "\"${EXPECTED_LICENSE_FILENAME}\"" ]; then
echo "::error file=${DETECTED_LICENSE_FILE}::detected license file $DETECTED_LICENSE_FILE doesn't match expected: $EXPECTED_LICENSE_FILENAME"
EXIT_STATUS=1
fi
DETECTED_LICENSE_TYPE="$(echo "$LICENSEE_OUTPUT" | jq .matched_files[0].matched_license | tr --delete '\r')"
echo "Detected license type: $DETECTED_LICENSE_TYPE"
if [ "$DETECTED_LICENSE_TYPE" != "\"$EXPECTED_LICENSE_TYPE\"" ]; then
echo "ERROR: detected license type doesn't match expected $EXPECTED_LICENSE_TYPE"
exit 1
if [ "$DETECTED_LICENSE_TYPE" != "\"${EXPECTED_LICENSE_TYPE}\"" ]; then
echo "::error file=${DETECTED_LICENSE_FILE}::detected license type $DETECTED_LICENSE_TYPE doesn't match expected \"${EXPECTED_LICENSE_TYPE}\""
EXIT_STATUS=1
fi
exit $EXIT_STATUS
60 changes: 60 additions & 0 deletions workflow-templates/check-license.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
# "Check License" workflow

Workflow file: [check-license.yml](check-license.yml)

Check whether the repository's license file is recognizable by GitHub's [automated license detection system](https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/licensing-a-repository#detecting-a-license) and whether it is recognized as the correct type. In order to be detected (and to ensure it remains a valid legal instrument), the license text must not be modified. GitHub supports multiple license filenames, so it's also possible that the license type could be inadvertently changed by the addition of a file to the repository.

Please always use the exact license text from the links at https://choosealicense.com/appendix/

## Readme badge

Markdown badge:

```markdown
[![Check License status](https://github.com/REPO_OWNER/REPO_NAME/actions/workflows/check-license.yml/badge.svg)](https://github.com/REPO_OWNER/REPO_NAME/actions/workflows/check-license.yml)
```

Replace the `REPO_OWNER` and `REPO_NAME` placeholders in the URLs with the final repository owner and name ([example](https://raw.githubusercontent.com/arduino-libraries/ArduinoIoTCloud/master/README.md)).

---

Asciidoc badge:

```adoc
image:https://github.com/{repository-owner}/{repository-name}/actions/workflows/check-license.yml/badge.svg["Check License status", link="https://github.com/{repository-owner}/{repository-name}/actions/workflows/check-license.yml"]
```

Define the `{repository-owner}` and `{repository-name}` attributes and use them throughout the readme ([example](https://raw.githubusercontent.com/arduino-libraries/WiFiNINA/master/README.adoc)).

## Commit message

```
Add CI workflow to check the license file

Whenever one of the recognized license file names are modified in the repository, the workflow runs to check whether the
license can be recognized and whether it is of the expected type.

GitHub has a useful automated license detection system that determines the license type used by a repository, and
surfaces that information in the repository home page, the search web interface, and the GitHub API. This license
detection system requires that the license be defined by a dedicated file with one of several standardized filenames and
paths.

GitHub's license detection system uses the popular licensee tool, so this file also serves to define the license type
for any other usages of licensee, as well as to human readers of the file.

For this reason, and to ensure it remains a valid legal instrument, it's important that there be no non-standard
modifications to the license file or collisions with other supported licence files. This workflow ensures that any
changes which would change the license type or which license file is used by the detection are caught automatically.
```
## PR message
```markdown
Whenever one of the recognized license file names are modified in the repository, the workflow runs [licensee](https://github.com/licensee/licensee) to check whether the license can be recognized and whether it is of the expected type.
GitHub has a useful [automated license detection system](https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/licensing-a-repository#detecting-a-license) that determines the license type used by a repository, and surfaces that information in the repository home page, the search web interface, and the GitHub API. This license detection system requires that the license be defined by a dedicated file with one of several standardized filenames and paths.
GitHub's license detection system uses the popular licensee tool, so this file also serves to define the license type for any other usages of licensee, as well as to human readers of the file.
For this reason, and to ensure it remains a valid legal instrument, it's important that there be no non-standard modifications to the license file or collisions with other supported licence files. This workflow ensures that any changes which would change the license type or which license file is used by the detection are caught automatically.
```
69 changes: 69 additions & 0 deletions workflow-templates/check-license.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-license.md
name: Check License

env:
# TODO: Define the project's license file name here:
EXPECTED_LICENSE_FILENAME: LICENSE.txt
# SPDX identifier: https://spdx.org/licenses/
# TODO: Define the project's license type here
EXPECTED_LICENSE_TYPE: AGPL-3.0

# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows
on:
push:
paths:
- ".github/workflows/check-license.ya?ml"
# See: https://github.com/licensee/licensee/blob/master/docs/what-we-look-at.md#detecting-the-license-file
- "[cC][oO][pP][yY][iI][nN][gG]*"
- "[cC][oO][pP][yY][rR][iI][gG][hH][tH]*"
- "[lL][iI][cC][eE][nN][cCsS][eE]*"
- "[oO][fF][lL]*"
- "[pP][aA][tT][eE][nN][tT][sS]*"
pull_request:
paths:
- ".github/workflows/check-license.ya?ml"
- "[cC][oO][pP][yY][iI][nN][gG]*"
- "[cC][oO][pP][yY][rR][iI][gG][hH][tH]*"
- "[lL][iI][cC][eE][nN][cCsS][eE]*"
- "[oO][fF][lL]*"
- "[pP][aA][tT][eE][nN][tT][sS]*"
workflow_dispatch:
repository_dispatch:

jobs:
check-license:
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v2

- name: Install Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: ruby # Install latest version

- name: Install licensee
run: gem install licensee

- name: Check license file
run: |
EXIT_STATUS=0
# See: https://github.com/licensee/licensee
LICENSEE_OUTPUT="$(licensee detect --json --confidence=100)"
DETECTED_LICENSE_FILE="$(echo "$LICENSEE_OUTPUT" | jq .matched_files[0].filename | tr --delete '\r')"
echo "Detected license file: $DETECTED_LICENSE_FILE"
if [ "$DETECTED_LICENSE_FILE" != "\"${EXPECTED_LICENSE_FILENAME}\"" ]; then
echo "::error file=${DETECTED_LICENSE_FILE}::detected license file $DETECTED_LICENSE_FILE doesn't match expected: $EXPECTED_LICENSE_FILENAME"
EXIT_STATUS=1
fi
DETECTED_LICENSE_TYPE="$(echo "$LICENSEE_OUTPUT" | jq .matched_files[0].matched_license | tr --delete '\r')"
echo "Detected license type: $DETECTED_LICENSE_TYPE"
if [ "$DETECTED_LICENSE_TYPE" != "\"${EXPECTED_LICENSE_TYPE}\"" ]; then
echo "::error file=${DETECTED_LICENSE_FILE}::detected license type $DETECTED_LICENSE_TYPE doesn't match expected \"${EXPECTED_LICENSE_TYPE}\""
EXIT_STATUS=1
fi
exit $EXIT_STATUS
69 changes: 69 additions & 0 deletions workflow-templates/dependabot/workflow-template-copies/.github/workflows/check-license.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-license.md
name: Check License

env:
# TODO: Define the project's license file name here:
EXPECTED_LICENSE_FILENAME: LICENSE.txt
# SPDX identifier: https://spdx.org/licenses/
# TODO: Define the project's license type here
EXPECTED_LICENSE_TYPE: AGPL-3.0

# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows
on:
push:
paths:
- ".github/workflows/check-license.ya?ml"
# See: https://github.com/licensee/licensee/blob/master/docs/what-we-look-at.md#detecting-the-license-file
- "[cC][oO][pP][yY][iI][nN][gG]*"
- "[cC][oO][pP][yY][rR][iI][gG][hH][tH]*"
- "[lL][iI][cC][eE][nN][cCsS][eE]*"
- "[oO][fF][lL]*"
- "[pP][aA][tT][eE][nN][tT][sS]*"
pull_request:
paths:
- ".github/workflows/check-license.ya?ml"
- "[cC][oO][pP][yY][iI][nN][gG]*"
- "[cC][oO][pP][yY][rR][iI][gG][hH][tH]*"
- "[lL][iI][cC][eE][nN][cCsS][eE]*"
- "[oO][fF][lL]*"
- "[pP][aA][tT][eE][nN][tT][sS]*"
workflow_dispatch:
repository_dispatch:

jobs:
check-license:
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v2

- name: Install Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: ruby # Install latest version

- name: Install licensee
run: gem install licensee

- name: Check license file
run: |
EXIT_STATUS=0
# See: https://github.com/licensee/licensee
LICENSEE_OUTPUT="$(licensee detect --json --confidence=100)"
DETECTED_LICENSE_FILE="$(echo "$LICENSEE_OUTPUT" | jq .matched_files[0].filename | tr --delete '\r')"
echo "Detected license file: $DETECTED_LICENSE_FILE"
if [ "$DETECTED_LICENSE_FILE" != "\"${EXPECTED_LICENSE_FILENAME}\"" ]; then
echo "::error file=${DETECTED_LICENSE_FILE}::detected license file $DETECTED_LICENSE_FILE doesn't match expected: $EXPECTED_LICENSE_FILENAME"
EXIT_STATUS=1
fi
DETECTED_LICENSE_TYPE="$(echo "$LICENSEE_OUTPUT" | jq .matched_files[0].matched_license | tr --delete '\r')"
echo "Detected license type: $DETECTED_LICENSE_TYPE"
if [ "$DETECTED_LICENSE_TYPE" != "\"${EXPECTED_LICENSE_TYPE}\"" ]; then
echo "::error file=${DETECTED_LICENSE_FILE}::detected license type $DETECTED_LICENSE_TYPE doesn't match expected \"${EXPECTED_LICENSE_TYPE}\""
EXIT_STATUS=1
fi
exit $EXIT_STATUS

0 comments on commit 32da0ef

Please sign in to comment.