feat: generate and package licenses.html file

.circleci/config.yml

@@ -192,10 +192,16 @@ commands:
           command: |
             set -e -o pipefail
             cargo deny --version || cargo install cargo-deny
+      - run:
+          name: Install cargo about if not present
+          command: |
+            set -e -o pipefail
+            cargo about --version || cargo install cargo-about
       - save_cache:
           key: rust-v2-extra-tools-<< parameters.os >>
           paths:
             - ~/.cargo/bin/cargo-deny
+            - ~/.cargo/bin/cargo-about
 
   xtask_lint:
     parameters:

.tool-versions

@@ -1,3 +1,3 @@
-rust 1.54.0
+rust 1.56.0
 
 nodejs 16.9.1

DEVELOPMENT.md

@@ -80,13 +80,19 @@ cargo run -- -s ./examples/local.graphql
 Go to https://studio.apollographql.com/sandbox/explorer to make queries and
 http://localhost:16686/ to reach Jaeger.
 
-### Strict linting
+### Strict linting and license compliance
 
 While developing locally doc warnings and other lint checks are disabled.
 This limits the noise generated while exploration is taking place.
 
-When you are ready to create a PR, run a build with strict checking enabled.
-Use `scripts/ci-build.sh` to perform such a build.
+When you are ready to create a PR, run a build with strict checking enabled,
+and check for license compliance.
+
+Use `cargo xtask lint` and `cargo xtask check-compliance` to check this.
+
+Compliance checks require `cargo-deny` and `cargo-about` which can both be installed by running:
+- `cargo install cargo-deny`
+- `cargo install cargo-about`
 
 ## Project maintainers
 

about.hbs

@@ -0,0 +1,70 @@
+<html>
+
+<head>
+    <style>
+        @media (prefers-color-scheme: dark) {
+            body {
+                background: #333;
+                color: white;
+            }
+            a {
+                color: skyblue;
+            }
+        }
+        .container {
+            font-family: sans-serif;
+            max-width: 800px;
+            margin: 0 auto;
+        }
+        .intro {
+            text-align: center;
+        }
+        .licenses-list {
+            list-style-type: none;
+            margin: 0;
+            padding: 0;
+        }
+        .license-used-by {
+            margin-top: -10px;
+        }
+        .license-text {
+            max-height: 200px;
+            overflow-y: scroll;
+            white-space: pre-wrap;
+        }
+    </style>
+</head>
+
+<body>
+    <main class="container">
+        <div class="intro">
+            <h1>Third Party Licenses</h1>
+            <p>This page lists the licenses of the dependencies used in the Apollo router.</p>
+        </div>
+
+        <h2>Overview of licenses:</h2>
+        <ul class="licenses-overview">
+            {{#each overview}}
+            <li><a href="#{{id}}">{{name}}</a> ({{count}})</li>
+            {{/each}}
+        </ul>
+
+        <h2>All license text:</h2>
+        <ul class="licenses-list">
+            {{#each licenses}}
+            <li class="license">
+                <h3 id="{{id}}">{{name}}</h3>
+                <h4>Used by:</h4>
+                <ul class="license-used-by">
+                    {{#each used_by}}
+                    <li><a href="{{#if crate.repository}} {{crate.repository}} {{else}} https://crates.io/crates/{{crate.name}} {{/if}}">{{crate.name}} {{crate.version}}</a></li>
+                    {{/each}}
+                </ul>
+                <pre class="license-text">{{text}}</pre>
+            </li>
+            {{/each}}
+        </ul>
+    </main>
+</body>
+
+</html>

about.toml

@@ -0,0 +1,47 @@
+accepted = [
+    "Apache-2.0",
+    "Apache-2.0 WITH LLVM-exception",
+    "BSD-2-Clause",
+    "BSD-3-Clause",
+    "CC0-1.0",
+    "ISC",
+    "LicenseRef-ELv2",
+    "LicenseRef-ring",
+    "MIT",
+]
+
+# apollographql licenses
+[xtask.clarify]
+license = "LicenseRef-ELv2"
+[[xtask.clarify.files]]
+path = 'LICENSE'
+license = 'LicenseRef-ELv2'
+checksum = '6330b076d84694d0e8905c12d7a506e4ed8e5f4a7b0ddf41a3137483ff80be50'
+
+[apollo-router.clarify]
+license = "LicenseRef-ELv2"
+[[apollo-router.clarify.files]]
+path = 'LICENSE'
+license = 'LicenseRef-ELv2'
+checksum = '6330b076d84694d0e8905c12d7a506e4ed8e5f4a7b0ddf41a3137483ff80be50'
+
+[apollo-router-core.clarify]
+license = "LicenseRef-ELv2"
+[[apollo-router-core.clarify.files]]
+path = 'LICENSE'
+license = 'LicenseRef-ELv2'
+checksum = '6330b076d84694d0e8905c12d7a506e4ed8e5f4a7b0ddf41a3137483ff80be50'
+
+[router-bridge.clarify]
+license = "LicenseRef-ELv2"
+[[router-bridge.clarify.files]]
+path = 'LICENSE'
+license = 'LicenseRef-ELv2'
+checksum = 'f527cb71b36ad7d828d0d1198ee0ab60db4170521a405661c0893f31b9962a6c'
+
+[ring.clarify]
+license = "LicenseRef-ring"
+[[ring.clarify.files]]
+path = "LICENSE"
+license = "LicenseRef-ring"
+checksum = '76b39f9b371688eac9d8323f96ee80b3aef5ecbc2217f25377bd4e4a615296a9'

deny.toml

@@ -39,15 +39,25 @@ allow = [
     "BSD-2-Clause",
     "BSD-3-Clause",
     "CC0-1.0",
-    "LicenseRef-ELv2",
     "ISC",
+    "LicenseRef-ELv2",
+    "LicenseRef-ring",
     "MIT",
 ]
 copyleft = "warn"
 allow-osi-fsf-free = "neither"
 default = "deny"
 confidence-threshold = 0.8
 
+# ring has a rather complicated LICENSE file due to reasons spelled out
+# in said LICENSE file, but is basically OpenSSL for older parts, and ISC
+# for newer parts
+[[licenses.clarify]]
+name = "ring"
+expression = "LicenseRef-ring"
+version = "0.16.20"
+license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]
+
 # TODO: remove this if / once there is an SPDX entry for ELv2
 [[licenses.clarify]]
 name = "apollo-router"