mirror of
https://github.com/datahaven-xyz/datahaven
synced 2026-05-24 09:50:01 +00:00
10a7805648
## Summary - Adds automated license compliance checking via GitHub Actions CI workflow - Implements a license verification script that validates all Rust dependencies against approved licenses, authors, and packages - Standardizes author metadata across Cargo manifests to "Moonsong Labs" ## Changes **CI Workflow** (`.github/workflows/task-check-licenses.yml`) - Triggers on pull requests and manual dispatch - Installs Rust 1.88.0 toolchain and `cargo-license` tool - Executes license verification script to enforce compliance **License Verification Script** (`operator/scripts/verify-licenses.sh`) - Uses `cargo-license` to extract dependency license information - Maintains three allowlists: - **Licenses**: Apache-2.0, MIT, BSD variants, GPL-3.0, MPL-2.0, and compatible combinations - **Authors**: PureStake, Parity Technologies, Moonsong Labs, Frontier developers, StorageHub Team - **Package Names**: Known safe packages like ring - Fails the build if any dependency has unapproved license/author/name combination **Cargo Manifest Updates** - `operator/Cargo.toml`: Standardized workspace author to "Moonsong Labs" - `operator/precompiles/precompile-registry/Cargo.toml`: Uses workspace author field - `operator/runtime/common/Cargo.toml`: Added workspace author field ## Benefits - **Legal Compliance**: Ensures all dependencies use OSI-approved or compatible licenses - **Supply Chain Security**: Validates dependencies come from trusted sources - **Automated Enforcement**: Catches licensing issues during PR review rather than at release time - **Transparency**: Provides clear audit trail of approved licenses and authors |
||
|---|---|---|
| .. | ||
| build-runtime-srtool.sh | ||
| run-benchmarks.sh | ||
| sort-cargo-deps.sh | ||
| test_message_encoding.sh | ||
| verify-licenses.sh | ||