Git Product home page Git Product logo

mikaelvesavuori / license-compliance-action Goto Github PK

View Code? Open in Web Editor NEW
6.0 2.0 1.0 23 KB

License compliance for Node applications made ultra easy. Provide it a string of licenses or fetch licenses dynamically from an online source.

Home Page: https://github.com/marketplace/actions/license-compliance

License: MIT License

Shell 100.00%
automated-security-testing compliance-automation license-checker license-compliance node nodejs security-tools

license-compliance-action's Introduction

license-compliance GitHub Action

License compliance for Node applications made ultra easy. Provide it a string of licenses or fetch licenses dynamically from an online source.

Uses license-compliance to check if open source packages you are using for production builds have allowed licenses.

Note that you will need to have a package.json file present for this action to run (else it will exit gracefully). The action will install all dependencies before checking, so that the licenses can be accessed.

Setup and usage

There really is not that much to setup! However, if you want your licenses living somewhere else, you will need to provide a service that accepts GET requests. The response must not be deeper than one level (if it is nested, use nested_field explained below).

A hot tip is to use a basic service like Mockachino to serve them, at least as a start. An object that matches the defaults would look like:

{
  "licenseString": "MIT;ISC;0BSD;BSD-2-Clause;BSD-3-Clause;Apache-2.0"
}

Optional input arguments

allow_licenses

A list of allowed licenses. It will default to the very open and generous set of MIT;ISC;0BSD;BSD-2-Clause;BSD-3-Clause;Apache-2.0.

nested_field

If pointing the allow_licenses input to an URL, use this to indicate whether the response will be in a single-level-nested object, such as under allowedLicenses.

exclude_pattern

An exclusion pattern, such as /^@the-project/;some-package.

Example of how to use this action in a workflow

Minimal use-case where you want to just get going with the defaults:

on: [push]

jobs:
  main:
    runs-on: ubuntu-latest
    steps:
      - name: License compliance check
        uses: mikaelvesavuori/license-compliance-action@v1

If you want a more dynamic setup with the allowed licenses residing somewhere else, then you can do:

on: [push]

jobs:
  main:
    runs-on: ubuntu-latest
    steps:
      - name: License compliance check
        uses: mikaelvesavuori/license-compliance-action@v1
        with:
          allow_licenses: "https://www.mockachino.com/{{YOUR_RANDOM_STRING}}/licenses"
          nested_field: "licenseString"

Testing and development

To test it locally while developing you will perhaps need to have some non-compliant packages to ensure the script breaks at the right time. Assuming you are not allowing AGPL you can install for example (random package here) npm install eplengine -S.

Then to start the test script run sh test.sh.

license-compliance-action's People

Contributors

mikaelvesavuori avatar

Stargazers

avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

rjain-xifin

license-compliance-action's Issues

Github actions log does not support text colors 

LICENSES is: \033[0;34mMIT;ISC;0BSD;BSD-2-Clause;BSD-3-Clause;Apache-2.0\033[0m
NESTED_FIELD is: \033[0;34m\033[0m
EXCLUDE_PATTERN is: \033[0;34m/^@natlibfi/\033[0m
\033[0;32mInstalling dependencies...\033[0m\n
added 621 packages, and audited 622 packages in 18s
87 packages are looking for funding
  run `npm fund` for details
found 0 vulnerabilities
\033[0;32mSummary of all licenses:\033[0m
Licenses
├─ MIT: 458
├─ ISC: 58
├─ BSD-3-Clause: 25
├─ BSD-2-Clause: 12
├─ Apache-2.0: 7
├─ LGPL-3.0+: 6
├─ 0BSD: 2
├─ (MIT OR CC0-1.0): 2
├─ WTFPL: 1
├─ Python-2.0: 1
├─ CC-BY-3.0: 1
├─ CC0-1.0: 1
├─ (MIT AND CC-BY-3.0): 1
└─ CC-BY-4.0: 1
\033[0;32mChecking compliance:\033[0m

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.