-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add a pipeline check that fails on dependencies licensing issues usin…
…g ORT (#171)
- Loading branch information
Showing
15 changed files
with
1,266 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| name: ORT licensing | ||
|
|
||
| on: | ||
| push: | ||
| branches: | ||
| - master | ||
| - '[0-9]+.[0-9]+.x' | ||
| tags: | ||
| - '**' | ||
| pull_request: | ||
| branches: | ||
| - master | ||
| - '[0-9]+.[0-9]+.x' | ||
|
|
||
| jobs: | ||
| ort: | ||
| runs-on: ubuntu-20.04 | ||
| steps: | ||
| - uses: actions/checkout@v2 | ||
| - uses: actions/setup-java@v1 | ||
| with: | ||
| java-version: '11.0.1' | ||
|
|
||
| - name: Analyze licensing | ||
| id: ort-action | ||
| uses: edulix/ort-action@develop | ||
| with: | ||
| fail-on: hints | ||
| package-curations-dir: .ort-data/curations-dir/ | ||
| rules-file: .ort-data/rules.kts | ||
| license-classifications-file: .ort-data/license-classifications.yml | ||
| reporters: AdocTemplate,PdfTemplate,Excel,StaticHtml,WebApp | ||
| report-extra-args: > | ||
| --report-option | ||
| ADocTemplate=template.path=/project/.ort-data/disclosure_document.ftl | ||
| - uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: licenses | ||
| path: ${{ steps.ort-action.outputs.results-dir }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| - id: "Yarn::agora-gui-booth" | ||
| curations: | ||
| comment: "This package needs to be downloaded from git" | ||
| vcs: | ||
| type: "git" | ||
| url: "https://github.com/Bernardo-Castilho/dragdroptouch.git" | ||
| revision: "058f0eca96e57ad695f0d5dd2d7bd492ef1c4e47" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,228 @@ | ||
| --- | ||
| - id: "PyPI::babel" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::ipdb" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::enum34" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::flask" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::flask-sqlalchemy" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::itsdangerous" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::jinja2" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::prettytable" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::werkzeug" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::amqp" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::anyjson" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::backcall" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::beaker" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::billiard" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::celery" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::click" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::click-didyoumean" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::click-plugins" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::cryptography" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::decorator" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::django" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::django-celery-results" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::django-nose" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::idna" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::ipython" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::ipython-genutils" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::kombu" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::markupsafe" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::nodeenv" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::prompt-toolkit" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::pycparser" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::pygments" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::python-dateutil" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::reportlab" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::sqlparse" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::traitlets" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "PyPI::vine" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
|
|
||
| - id: "Maven:org.webbitserver:webbit" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| - id: "PyPI::distlib" | ||
| curations: | ||
| comment: "Invalid license with a space." | ||
| declared_license_mapping: | ||
| "BSD License": "BSD-3-Clause" | ||
| "Python license": "PSF-2.0" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| - id: "dragandroptouch" | ||
| curations: | ||
| comment: "This package needs to be downloaded from git" | ||
| vcs: | ||
| type: "git" | ||
| url: "https://github.com/Bernardo-Castilho/dragdroptouch.git" | ||
| revision: "058f0eca96e57ad695f0d5dd2d7bd492ef1c4e47" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| - id: "NPM::fraction.js" | ||
| curations: | ||
| comment: "The package is detected as GPL because it's double licensed with GPL and MIT, so we use the MIT" | ||
| concluded_license: "MIT" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| - id: "Maven:javax.cache:cache-api" | ||
| curations: | ||
| comment: "Incorrectly matched license, see https://search.maven.org/artifact/javax.cache/cache-api" | ||
| declared_license_mapping: | ||
| "JSR-000107 JCACHE 2.9 Public Review - Updated Specification\n License": "Apache-2.0" | ||
|
|
||
| - id: "Maven:org.json:json" | ||
| curations: | ||
| comment: "It's basically MIT with a do not do evil clause." | ||
| declared_license_mapping: | ||
| "provided without support or warranty": "MIT" | ||
|
|
||
| - id: "Maven:com.h2database:h2" | ||
| curations: | ||
| comment: "H2 is dual licensed and available under the MPL 2.0 (Mozilla Public License Version 2.0) or under the EPL 1.0 (Eclipse Public License). http://h2database.com/html/license.html" | ||
| declared_license_mapping: | ||
| "The H2 License, Version 1.0": "EPL-1.0" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| - id: "NPM::jszip" | ||
| curations: | ||
| comment: "The package is detected as GPL-3.0-only because it's double licensed with GPL-3.0-only and MIT, so we use the MIT" | ||
| concluded_license: "MIT" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| - id: "PyPI::psycopg2-binary" | ||
| curations: | ||
| comment: "Incorrectly matched license." | ||
| declared_license_mapping: | ||
| "LGPL with exceptions": "LGPL-2.0-only" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| - id: "PyPI::pycryptodomex" | ||
| curations: | ||
| comment: "Incorrectly matched license." | ||
| declared_license_mapping: | ||
| "BSD, Public Domain": "BSD-3-Clause" | ||
| "BSD License": "BSD-3-Clause" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| - id: "PyPI::reportlab" | ||
| curations: | ||
| comment: "Incorrectly matched license." | ||
| declared_license_mapping: | ||
| "BSD license (see license.txt for details), Copyright (c) 2000-2018, ReportLab Inc.": "BSD-3-Clause" | ||
| "BSD license (see license.txt for details), Copyright (c) 2000-2015, ReportLab Inc.": "BSD-3-Clause" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| - id: "NPM::rng-js" | ||
| curations: | ||
| comment: "Declared license is misspelled with a 'c' - UK vs. US English." | ||
| declared_license_mapping: | ||
| Unlicence: "Unlicense" |
Oops, something went wrong.