mirror of
https://github.com/opentofu/opentofu.git
synced 2025-01-21 14:12:57 -06:00
feat: add license checks on dependencies (#310)
Co-authored-by: Roni Frantchi <roni-frantchi@users.noreply.github.com>
This commit is contained in:
parent
6748c84826
commit
787b1db878
18
.github/workflows/checks.yml
vendored
18
.github/workflows/checks.yml
vendored
@ -188,3 +188,21 @@ jobs:
|
||||
git >&2 status --porcelain
|
||||
exit 1
|
||||
fi
|
||||
|
||||
license-checks:
|
||||
name: "License Checks"
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: "Fetch source code"
|
||||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
||||
|
||||
- name: Install licensei
|
||||
run: |
|
||||
make deps
|
||||
|
||||
- name: Run licensei
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: |
|
||||
make license-check
|
||||
|
10
.licensei.toml
Normal file
10
.licensei.toml
Normal file
@ -0,0 +1,10 @@
|
||||
approved = [
|
||||
"apache-2.0",
|
||||
"bsd-2-clause",
|
||||
"bsd-3-clause",
|
||||
"isc",
|
||||
"mpl-2.0",
|
||||
"mit",
|
||||
]
|
||||
|
||||
[header]
|
@ -80,6 +80,21 @@ go test ./internal/command/...
|
||||
go test ./internal/addrs
|
||||
```
|
||||
|
||||
## Adding or updating dependencies
|
||||
|
||||
If you need to add or update dependencies, you'll have to make sure they use only approved and compatible licenses. The list of these licenses is defined in [`.licensei.toml`](.licensei.toml).
|
||||
|
||||
To help verifying this in local development environment and in continuous integration, we use the [licensei](https://github.com/goph/licensei) open source tool.
|
||||
|
||||
After modifying `go.mod` or `go.sum` files, you can run it manually with:
|
||||
|
||||
```
|
||||
export GITHUB_TOKEN=changeme
|
||||
make license-check
|
||||
```
|
||||
|
||||
Note: you need to define the `GITHUB_TOKEN` environment variable to a valid GitHub personal access token, or you will hit rate limiting from the GitHub API which `licensei` uses to discover the licenses of dependencies.
|
||||
|
||||
## Acceptance Tests: Testing interactions with external services
|
||||
|
||||
OpenTF's unit test suite is self-contained, using mocks and local files to help ensure that it can run offline and is unlikely to be broken by changes to outside systems.
|
||||
|
34
Makefile
34
Makefile
@ -1,6 +1,12 @@
|
||||
export PATH := $(abspath bin/):${PATH}
|
||||
|
||||
# Dependency versions
|
||||
LICENSEI_VERSION = 0.9.0
|
||||
|
||||
# generate runs `go generate` to build the dynamically generated
|
||||
# source files, except the protobuf stubs which are built instead with
|
||||
# "make protobuf".
|
||||
.PHONY: generate
|
||||
generate:
|
||||
go generate ./...
|
||||
|
||||
@ -11,36 +17,60 @@ generate:
|
||||
# If you are working on changes to protobuf interfaces, run this Makefile
|
||||
# target to be sure to regenerate all of the protobuf stubs using the expected
|
||||
# versions of protoc and the protoc Go plugins.
|
||||
.PHONY: protobuf
|
||||
protobuf:
|
||||
go run ./tools/protobuf-compile .
|
||||
|
||||
.PHONY: fmtcheck
|
||||
fmtcheck:
|
||||
"$(CURDIR)/scripts/gofmtcheck.sh"
|
||||
|
||||
.PHONY: importscheck
|
||||
importscheck:
|
||||
"$(CURDIR)/scripts/goimportscheck.sh"
|
||||
|
||||
.PHONY: staticcheck
|
||||
staticcheck:
|
||||
"$(CURDIR)/scripts/staticcheck.sh"
|
||||
|
||||
.PHONY: exhaustive
|
||||
exhaustive:
|
||||
"$(CURDIR)/scripts/exhaustive.sh"
|
||||
|
||||
# Run this if working on the website locally to run in watch mode.
|
||||
.PHONY: website
|
||||
website:
|
||||
$(MAKE) -C website website
|
||||
|
||||
# Use this if you have run `website/build-local` to use the locally built image.
|
||||
.PHONY: website/local
|
||||
website/local:
|
||||
$(MAKE) -C website website/local
|
||||
|
||||
# Run this to generate a new local Docker image.
|
||||
.PHONY: website/build-local
|
||||
website/build-local:
|
||||
$(MAKE) -C website website/build-local
|
||||
|
||||
# Run license check
|
||||
.PHONY: license-check
|
||||
license-check:
|
||||
go mod vendor
|
||||
licensei check
|
||||
licensei header
|
||||
|
||||
# Install dependencies
|
||||
deps: bin/licensei
|
||||
deps:
|
||||
|
||||
bin/licensei: bin/licensei-${LICENSEI_VERSION}
|
||||
@ln -sf licensei-${LICENSEI_VERSION} bin/licensei
|
||||
bin/licensei-${LICENSEI_VERSION}:
|
||||
@mkdir -p bin
|
||||
curl -sfL https://git.io/licensei | bash -s v${LICENSEI_VERSION}
|
||||
@mv bin/licensei $@
|
||||
|
||||
# disallow any parallelism (-j) for Make. This is necessary since some
|
||||
# commands during the build process create temporary files that collide
|
||||
# under parallel conditions.
|
||||
.NOTPARALLEL:
|
||||
|
||||
.PHONY: fmtcheck importscheck generate protobuf staticcheck website website/local website/build-local
|
||||
|
4
go.mod
4
go.mod
@ -9,7 +9,7 @@ require (
|
||||
github.com/ProtonMail/go-crypto v0.0.0-20230619160724-3fbb1f12458c
|
||||
github.com/agext/levenshtein v1.2.3
|
||||
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1501
|
||||
github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190103054945-8205d1f41e70
|
||||
github.com/aliyun/aliyun-oss-go-sdk v2.2.9+incompatible
|
||||
github.com/aliyun/aliyun-tablestore-go-sdk v4.1.2+incompatible
|
||||
github.com/apparentlymart/go-cidr v1.1.0
|
||||
github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0
|
||||
@ -133,7 +133,6 @@ require (
|
||||
github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da // indirect
|
||||
github.com/armon/go-radix v1.0.0 // indirect
|
||||
github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect
|
||||
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f // indirect
|
||||
github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
|
||||
github.com/bmatcuk/doublestar/v4 v4.6.0 // indirect
|
||||
github.com/bradleyfalzon/ghinstallation/v2 v2.1.0 // indirect
|
||||
@ -201,7 +200,6 @@ require (
|
||||
github.com/oklog/ulid v1.3.1 // indirect
|
||||
github.com/rivo/uniseg v0.2.0 // indirect
|
||||
github.com/samber/lo v1.37.0 // indirect
|
||||
github.com/satori/go.uuid v1.2.0 // indirect
|
||||
github.com/sergi/go-diff v1.2.0 // indirect
|
||||
github.com/shopspring/decimal v1.3.1 // indirect
|
||||
github.com/spf13/cast v1.5.0 // indirect
|
||||
|
8
go.sum
8
go.sum
@ -267,8 +267,8 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF
|
||||
github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
|
||||
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1501 h1:Ij3S0pNUMgHlhx3Ew8g9RNrt59EKhHYdMODGtFXJfSc=
|
||||
github.com/aliyun/alibaba-cloud-sdk-go v1.61.1501/go.mod h1:RcDobYh8k5VP6TNybz9m++gL3ijVI5wueVr0EM10VsU=
|
||||
github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190103054945-8205d1f41e70 h1:FrF4uxA24DF3ARNXVbUin3wa5fDLaB1Cy8mKks/LRz4=
|
||||
github.com/aliyun/aliyun-oss-go-sdk v0.0.0-20190103054945-8205d1f41e70/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8=
|
||||
github.com/aliyun/aliyun-oss-go-sdk v2.2.9+incompatible h1:Sg/2xHwDrioHpxTN6WMiwbXTpUEinBpHsN7mG21Rc2k=
|
||||
github.com/aliyun/aliyun-oss-go-sdk v2.2.9+incompatible/go.mod h1:T/Aws4fEfogEE9v+HPhhw+CntffsBHJ8nXQCwKr0/g8=
|
||||
github.com/aliyun/aliyun-tablestore-go-sdk v4.1.2+incompatible h1:ABQ7FF+IxSFHDMOTtjCfmMDMHiCq6EsAoCV/9sFinaM=
|
||||
github.com/aliyun/aliyun-tablestore-go-sdk v4.1.2+incompatible/go.mod h1:LDQHRZylxvcg8H7wBIDfvO5g/cy4/sz1iucBlc2l3Jw=
|
||||
github.com/antchfx/xmlquery v1.3.5 h1:I7TuBRqsnfFuL11ruavGm911Awx9IqSdiU6W/ztSmVw=
|
||||
@ -313,8 +313,6 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.3.2/go.mod h1:72H
|
||||
github.com/aws/aws-sdk-go-v2/service/sso v1.4.2/go.mod h1:NBvT9R1MEF+Ud6ApJKM0G+IkPchKS7p7c2YPKwHmBOk=
|
||||
github.com/aws/aws-sdk-go-v2/service/sts v1.7.2/go.mod h1:8EzeIqfWt2wWT4rJVu3f21TfrhJ8AEMzVybRNSb/b4g=
|
||||
github.com/aws/smithy-go v1.8.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E=
|
||||
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f h1:ZNv7On9kyUzm7fvRZumSyy/IUiSC7AzL0I1jKKtwooA=
|
||||
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
|
||||
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
|
||||
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
|
||||
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
|
||||
@ -904,8 +902,6 @@ github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFo
|
||||
github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
|
||||
github.com/samber/lo v1.37.0 h1:XjVcB8g6tgUp8rsPsJ2CvhClfImrpL04YpQHXeHPhRw=
|
||||
github.com/samber/lo v1.37.0/go.mod h1:9vaz2O4o8oOnK23pd2TrXufcbdbJIa3b6cstBWKpopA=
|
||||
github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
|
||||
github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
|
||||
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
|
||||
github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
|
||||
github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
|
||||
|
Loading…
Reference in New Issue
Block a user