Skip to content

Add Licensed To Help Verify Prod Licenses #88

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
konradpabjan merged 4 commits into from
Sep 23, 2020
Merged

Add Licensed To Help Verify Prod Licenses #88

konradpabjan merged 4 commits into from
Sep 23, 2020

Conversation

@thboop
Copy link
Contributor

@thboop thboop commented Aug 12, 2020

GitHub has a tool called licensed which helps us to verify that the node modules we are using are appropriately licensed for what we are using them for. It also helps to verify that the license a node module claims to be under matches the license it.

If you were previously checking in a license in the dist file, this can replace that flow.

This PR adds:

  • A workflow to check licenses on pull requests and pushes to the main branch
  • A licensed.yml file used to configure licensed
  • A number of files into the .licenses directory which contain our dependencies and their appropriate licenses

How does this impact me?

  • You may need to locally install licensed and run licensed cache to update the dependency cache if you install a new production dependency.
    • If licensed cache is unable to determine the dependency, you may need to modify the cache file yourself to put the correct license.
  • You should still verify the dependency, licensed in a tool to help, but is not a substitute for human review of dependencies
  • Currently, this PR only targets production dependencies, dev dependencies are not included.

@thboop thboop marked this pull request as ready for review August 26, 2020 15:30
@konradpabjan konradpabjan merged commit 11790a2 into actions:main Sep 23, 2020
tdfacer pushed a commit to ifit/setup-java that referenced this pull request Oct 7, 2025
@thboop
Add Licensed To Help Verify Prod Licenses (actions#88)
3dc4719 
* Add Licensed workflow and config files

* Manually validate dependencies

* Ignore Generated Files in Git PR's

* update contributing.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yacaovsnc yacaovsnc yacaovsnc approved these changes

+1 more reviewer

@konradpabjan konradpabjan konradpabjan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@thboop @yacaovsnc @konradpabjan