From a69ec39b817d637ebbcdc4fba7b02136ac68ba53 Mon Sep 17 00:00:00 2001 From: per1234 Date: Sat, 25 Mar 2023 04:21:23 -0700 Subject: [PATCH 1/2] Add CI workflow to check the license file Whenever one of the recognized license file names are modified in the repository, the workflow runs to check whether the license can be recognized and whether it is of the expected type. GitHub has a useful automated license detection system that determines the license type used by a repository, and surfaces that information in the repository home page, the search web interface, and the GitHub API. This license detection system requires that the license be defined by a dedicated file with one of several standardized filenames and paths. GitHub's license detection system uses the popular licensee tool, so this file also serves to define the license type for any other usages of licensee, as well as to human readers of the file. For this reason, and to ensure it remains a valid legal instrument, it's important that there be no non-standard modifications to the license file or collisions with other supported license files. This workflow ensures that any changes which would change the license type or which license file is used by the detection are caught automatically. --- .github/workflows/check-license.yml | 96 +++++++++++++++++++++++++++++ README.md | 1 + 2 files changed, 97 insertions(+) create mode 100644 .github/workflows/check-license.yml diff --git a/.github/workflows/check-license.yml b/.github/workflows/check-license.yml new file mode 100644 index 0000000..4492bcc --- /dev/null +++ b/.github/workflows/check-license.yml @@ -0,0 +1,96 @@ +# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-license.md +name: Check License + +env: + EXPECTED_LICENSE_FILENAME: LICENSE.txt + # SPDX identifier: https://spdx.org/licenses/ + EXPECTED_LICENSE_TYPE: GPL-3.0 + +# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows +on: + create: + push: + paths: + - ".github/workflows/check-license.ya?ml" + # See: https://github.com/licensee/licensee/blob/master/docs/what-we-look-at.md#detecting-the-license-file + - "[cC][oO][pP][yY][iI][nN][gG]*" + - "[cC][oO][pP][yY][rR][iI][gG][hH][tH]*" + - "[lL][iI][cC][eE][nN][cCsS][eE]*" + - "[oO][fF][lL]*" + - "[pP][aA][tT][eE][nN][tT][sS]*" + pull_request: + paths: + - ".github/workflows/check-license.ya?ml" + - "[cC][oO][pP][yY][iI][nN][gG]*" + - "[cC][oO][pP][yY][rR][iI][gG][hH][tH]*" + - "[lL][iI][cC][eE][nN][cCsS][eE]*" + - "[oO][fF][lL]*" + - "[pP][aA][tT][eE][nN][tT][sS]*" + schedule: + # Run periodically to catch breakage caused by external changes. + - cron: "0 6 * * WED" + workflow_dispatch: + repository_dispatch: + +jobs: + run-determination: + runs-on: ubuntu-latest + outputs: + result: ${{ steps.determination.outputs.result }} + steps: + - name: Determine if the rest of the workflow should run + id: determination + run: | + RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" + # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. + if [[ + "${{ github.event_name }}" != "create" || + "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX + ]]; then + # Run the other jobs. + RESULT="true" + else + # There is no need to run the other jobs. + RESULT="false" + fi + + echo "result=$RESULT" >> $GITHUB_OUTPUT + + check-license: + needs: run-determination + if: needs.run-determination.outputs.result == 'true' + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Install Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: ruby # Install latest version + + - name: Install licensee + run: gem install licensee + + - name: Check license file + run: | + EXIT_STATUS=0 + # See: https://github.com/licensee/licensee + LICENSEE_OUTPUT="$(licensee detect --json --confidence=100)" + + DETECTED_LICENSE_FILE="$(echo "$LICENSEE_OUTPUT" | jq .matched_files[0].filename | tr --delete '\r')" + echo "Detected license file: $DETECTED_LICENSE_FILE" + if [ "$DETECTED_LICENSE_FILE" != "\"${EXPECTED_LICENSE_FILENAME}\"" ]; then + echo "::error file=${DETECTED_LICENSE_FILE}::detected license file $DETECTED_LICENSE_FILE doesn't match expected: $EXPECTED_LICENSE_FILENAME" + EXIT_STATUS=1 + fi + + DETECTED_LICENSE_TYPE="$(echo "$LICENSEE_OUTPUT" | jq .matched_files[0].matched_license | tr --delete '\r')" + echo "Detected license type: $DETECTED_LICENSE_TYPE" + if [ "$DETECTED_LICENSE_TYPE" != "\"${EXPECTED_LICENSE_TYPE}\"" ]; then + echo "::error file=${DETECTED_LICENSE_FILE}::detected license type $DETECTED_LICENSE_TYPE doesn't match expected \"${EXPECTED_LICENSE_TYPE}\"" + EXIT_STATUS=1 + fi + + exit $EXIT_STATUS diff --git a/README.md b/README.md index 0829a30..d8836ac 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,7 @@ [![Check Action Metadata status](https://github.com/arduino/compile-sketches/actions/workflows/check-action-metadata-task.yml/badge.svg)](https://github.com/arduino/compile-sketches/actions/workflows/check-action-metadata-task.yml) [![Check Files status](https://github.com/arduino/compile-sketches/actions/workflows/check-files-task.yml/badge.svg)](https://github.com/arduino/compile-sketches/actions/workflows/check-files-task.yml) [![Check General Formatting status](https://github.com/arduino/compile-sketches/actions/workflows/check-general-formatting-task.yml/badge.svg)](https://github.com/arduino/compile-sketches/actions/workflows/check-general-formatting-task.yml) +[![Check License status](https://github.com/arduino/compile-sketches/actions/workflows/check-license.yml/badge.svg)](https://github.com/arduino/compile-sketches/actions/workflows/check-license.ym [![Check Python status](https://github.com/arduino/compile-sketches/actions/workflows/check-python-task.yml/badge.svg)](https://github.com/arduino/compile-sketches/actions/workflows/check-python-task.yml) [![Spell Check status](https://github.com/arduino/compile-sketches/actions/workflows/spell-check-task.yml/badge.svg)](https://github.com/arduino/compile-sketches/actions/workflows/spell-check-task.yml) [![Sync Labels status](https://github.com/arduino/compile-sketches/actions/workflows/sync-labels-npm.yml/badge.svg)](https://github.com/arduino/compile-sketches/actions/workflows/sync-labels-npm.yml) From 4d9fbe30f6b3e02fd52b23328461216d09c32291 Mon Sep 17 00:00:00 2001 From: per1234 Date: Sat, 25 Mar 2023 04:31:13 -0700 Subject: [PATCH 2/2] Remove introductory text from license file The project is licensed under the GNU General Public License v3.0. In order for tools to be able to automatically identify the license type, it is essential for the license file to contain only the exact text of the license: https://choosealicense.com/licenses/gpl-3.0/# --- LICENSE.txt | 14 -------------- 1 file changed, 14 deletions(-) diff --git a/LICENSE.txt b/LICENSE.txt index fdb6383..f288702 100644 --- a/LICENSE.txt +++ b/LICENSE.txt @@ -1,17 +1,3 @@ -This file includes licensing information for Arduino GitHub Actions. - -Copyright (c) 2019 ARDUINO SA - -The software is released under the GNU General Public License, which covers the main body -of the [insert app name] code. The terms of this license can be found at: -https://www.gnu.org/licenses/gpl-3.0.en.html - -You can be released from the requirements of the above licenses by purchasing -a commercial license. Buying such a license is mandatory if you want to modify or -otherwise use the software for commercial activities involving the Arduino -software without disclosing the source code of your own applications. To purchase -a commercial license, send an email to license@arduino.cc - GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007