Configure license requirements in a more abstract way.

[romainmenke]

Setting a list of licenses that are ok or not for a particular project is not trivial without also some legal knowledge.

Especially for open source maintainers it is not always possible to consult someone with the needed knowledge to make a correct list of licenses.

Would it be possible to instead configure a list of constraints?

I am basing this of the abstraction that GitHub already provides for well known licenses :

Users could for example state that they want their product to be open to commercial use.

• if a dependency is added with a license that prohibits/limits commercial use, the action would fail.
• if a dependency is added with a license the maintainer doesn't know, they can rely on the outcome of the action.

[febuiles]

Hi @romainmenke. You're correct, the licenses part of the Action is not very helpful if you are not familiar with FOSS licensing. I did some digging and the GitHub Licenses API provides an endpoint with the abstractions you linked: https://docs.github.com/en/rest/licenses?apiVersion=2022-11-28#get-a-license. This change seems a big, but very worthy. How do you think the user should input their preferences? (e.g. how would this look in the config file?)

I don't have as much time as I'd like to work on this Action at the moment, but if you want to get a PR started I'd be happy to help out build this feature.

[romainmenke]

Thank you for considering this request and for that research @febuiles 🙇

I am also a bit short on time at the moment but I will add this to my list of things I want to do :)

[febuiles]

Closing stale issue, please re-open if needed.