Task #876 - Add license_finder to template #138
Conversation
anamarijabalaban
requested review from
nikajukic,
cilim,
uncoverd and
vr4b4c
as code owners
template.rb
Outdated
| run 'bundle exec license_finder restrict add GPL-2.0 GPL-3.0' | ||
|
|
||
| # add infinum gems to approved gems list because currently their license is UNKNOWN | ||
| run 'bundle exec license_finder approvals add enumerations' |
There was a problem hiding this comment.
I wouldn't add this by default, only if the project actually depends on enumerations
|
Should we also run a license check in CI/CD pipeline? |
template.rb
Outdated
| @@ -605,6 +606,9 @@ def run | |||
|
|
|||
| create_file '.node-version', node_version | |||
|
|
|||
| # add infinum gems to approved gems list because currently their license is UNKNOWN | |||
| run 'bundle exec license_finder approvals add @infinumrails/stylelint-config-scss @infinumrails/eslint-config-js' | |||
There was a problem hiding this comment.
I think this could be added as a post install warning (e.g. "you might need to add config-scss and eslint-config-js to the approved list manually with the following command"), I'm not sure it makes sense to always add it
|
@anamarijabalaban what are your thoughts on adding this on CI? Historically we used CI as the last line of defense as overcommit is not always installed. Afaik we'd need to add a command to the CI steps and introduce a |
|
@uncoverd I'm just preparing a separate PR that adds a GA workflow file for license scanning on the project that already has configured license_finder gem. |
nikajukic
changed the title
Task: #876
Aim
Add license_finder to the template.
Solution
Added license_finder gem and prepared a list of restricted and permitted licenses. Also, license_finder is added to pre-commit hooks.