mirror of
https://github.com/datahaven-xyz/datahaven
synced 2026-05-24 09:50:01 +00:00
10a7805648
## Summary - Adds automated license compliance checking via GitHub Actions CI workflow - Implements a license verification script that validates all Rust dependencies against approved licenses, authors, and packages - Standardizes author metadata across Cargo manifests to "Moonsong Labs" ## Changes **CI Workflow** (`.github/workflows/task-check-licenses.yml`) - Triggers on pull requests and manual dispatch - Installs Rust 1.88.0 toolchain and `cargo-license` tool - Executes license verification script to enforce compliance **License Verification Script** (`operator/scripts/verify-licenses.sh`) - Uses `cargo-license` to extract dependency license information - Maintains three allowlists: - **Licenses**: Apache-2.0, MIT, BSD variants, GPL-3.0, MPL-2.0, and compatible combinations - **Authors**: PureStake, Parity Technologies, Moonsong Labs, Frontier developers, StorageHub Team - **Package Names**: Known safe packages like ring - Fails the build if any dependency has unapproved license/author/name combination **Cargo Manifest Updates** - `operator/Cargo.toml`: Standardized workspace author to "Moonsong Labs" - `operator/precompiles/precompile-registry/Cargo.toml`: Uses workspace author field - `operator/runtime/common/Cargo.toml`: Added workspace author field ## Benefits - **Legal Compliance**: Ensures all dependencies use OSI-approved or compatible licenses - **Supply Chain Security**: Validates dependencies come from trusted sources - **Automated Enforcement**: Catches licensing issues during PR review rather than at release time - **Transparency**: Provides clear audit trail of approved licenses and authors
71 lines
2 KiB
Bash
Executable file
71 lines
2 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
cargo license --json > licenses.json
|
|
LICENSES=(
|
|
"(MIT OR Apache-2.0) AND Unicode-DFS-2016"
|
|
"(MIT OR Apache-2.0) AND Unicode-3.0"
|
|
"0BSD OR Apache-2.0 OR MIT"
|
|
"Apache-2.0 AND ISC"
|
|
"Apache-2.0 AND MIT"
|
|
"Apache-2.0 OR LGPL-2.1-or-later OR MIT"
|
|
"Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR MIT"
|
|
"Apache-2.0 OR Apache-2.0 WITH LLVM-exception OR CC0-1.0"
|
|
"Apache-2.0 OR BSD-1-Clause OR MIT"
|
|
"Apache-2.0 OR BSD-2-Clause OR MIT"
|
|
"Apache-2.0 OR BSD-3-Clause OR MIT"
|
|
"Apache-2.0 OR BSD-3-Clause"
|
|
"Apache-2.0 OR BSL-1.0"
|
|
"Apache-2.0 OR BSL-1.0 OR MIT"
|
|
"Apache-2.0 OR CC0-1.0 OR MIT-0"
|
|
"Apache-2.0 OR CC0-1.0"
|
|
"Apache-2.0 OR GPL-3.0"
|
|
"Apache-2.0 OR ISC OR MIT"
|
|
"Apache-2.0 OR MIT OR Zlib"
|
|
"Apache-2.0 OR MIT"
|
|
"(Apache-2.0 OR MIT) AND Apache-2.0"
|
|
"Apache-2.0 WITH LLVM-exception"
|
|
"Apache-2.0"
|
|
"BSD-2-Clause"
|
|
"BSD-3-Clause OR MIT"
|
|
"BSD-3-Clause"
|
|
"CC0-1.0"
|
|
"CDLA-Permissive-2.0"
|
|
"GPL-3.0-only"
|
|
"GPL-3.0-or-later WITH Classpath-exception-2.0"
|
|
"ISC"
|
|
"LGPL-3.0 OR MPL-2.0"
|
|
"MIT OR Unlicense"
|
|
"MIT"
|
|
"MPL-2.0"
|
|
"Zlib"
|
|
"Unicode-3.0"
|
|
"(Apache-2.0 OR MIT) AND Unicode-3.0"
|
|
)
|
|
AUTHORS=(
|
|
"PureStake"
|
|
"Parity Technologies <admin@parity.io>"
|
|
"Moonsong Labs"
|
|
"moonbeam-foundation"
|
|
"Frontier developers <legal@bitarray.dev>"
|
|
"StorageHub Team"
|
|
)
|
|
NAMES=(
|
|
"ring" # v0.16.20 has null license metadata but contains Apache-2.0 AND ISC LICENSE file
|
|
)
|
|
licenses_filter=$(printf ' .license != "%s" and' "${LICENSES[@]}")
|
|
authors_filter=$(printf ' .authors != "%s" and' "${AUTHORS[@]}")
|
|
names_filter=$(printf ' .name != "%s" and' "${NAMES[@]}")
|
|
# "true" at the end is necessary to close the "and" conditional
|
|
filter="${licenses_filter}${authors_filter}${names_filter} true"
|
|
|
|
echo -e "checking licenses with filter:\n$filter\n"
|
|
RESULT=$(jq "[.[] | select($filter)]" licenses.json)
|
|
|
|
if [[ "$RESULT" == "[]" ]]; then
|
|
echo "OK !!"
|
|
exit 0
|
|
else
|
|
echo -en "$RESULT\n"
|
|
echo "FAILURE !!"
|
|
exit 1
|
|
fi
|