diff options
| -rw-r--r-- | .github/workflows/go.yml | 3 | ||||
| -rw-r--r-- | .lichen.yaml | 21 | ||||
| -rw-r--r-- | Makefile | 4 |
3 files changed, 28 insertions, 0 deletions
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 8d41852c..7ef010f1 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -56,3 +56,6 @@ jobs: - name: Check Security (vulnerable dependencies and insecure practices) run: make secure + + - name: Check that all included packages have acceptable OSS licenses + run: make lint diff --git a/.lichen.yaml b/.lichen.yaml new file mode 100644 index 00000000..6f2bbb01 --- /dev/null +++ b/.lichen.yaml @@ -0,0 +1,21 @@ +--- +# Configuration for the Lichen software license scanner. The list below +# represents the licenses that are currently compiled into the git-bug +# binary (with the exception of the GPL license which is git-bug's own +# license and is therefore compatible.) Licenses can be added to the +# "allow" list using the official identifiers from the SPDX License +# List which can be found at https://spdx.org/licenses/. +# +# The Lichen configuration file format allows overrides (for packages +# where the license can't be automatically discovered) and exceptions +# (to allow disallowed licenses for certain packages). The format for +# this file can be found at https://github.com/uw-labs/lichen#config. + +allow: +- "Apache-2.0" +- "BSD-2-Clause" +- "BSD-3-Clause" +- "GPL-3.0-or-later" +- "ISC" +- "MIT" +- "MPL-2.0" @@ -41,6 +41,10 @@ secure-vulnerabilities: go install golang.org/x/vuln/cmd/govulncheck@latest govulncheck ./... +legal: build + go install github.com/uw-labs/lichen@latest + lichen --config=.lichen.yaml ./git-bug + test: go test -v -bench=. ./... |