mirror of
https://github.com/datahaven-xyz/datahaven
synced 2026-05-23 17:28:23 +00:00
10a7805648
## Summary - Adds automated license compliance checking via GitHub Actions CI workflow - Implements a license verification script that validates all Rust dependencies against approved licenses, authors, and packages - Standardizes author metadata across Cargo manifests to "Moonsong Labs" ## Changes **CI Workflow** (`.github/workflows/task-check-licenses.yml`) - Triggers on pull requests and manual dispatch - Installs Rust 1.88.0 toolchain and `cargo-license` tool - Executes license verification script to enforce compliance **License Verification Script** (`operator/scripts/verify-licenses.sh`) - Uses `cargo-license` to extract dependency license information - Maintains three allowlists: - **Licenses**: Apache-2.0, MIT, BSD variants, GPL-3.0, MPL-2.0, and compatible combinations - **Authors**: PureStake, Parity Technologies, Moonsong Labs, Frontier developers, StorageHub Team - **Package Names**: Known safe packages like ring - Fails the build if any dependency has unapproved license/author/name combination **Cargo Manifest Updates** - `operator/Cargo.toml`: Standardized workspace author to "Moonsong Labs" - `operator/precompiles/precompile-registry/Cargo.toml`: Uses workspace author field - `operator/runtime/common/Cargo.toml`: Added workspace author field ## Benefits - **Legal Compliance**: Ensures all dependencies use OSI-approved or compatible licenses - **Supply Chain Security**: Validates dependencies come from trusted sources - **Automated Enforcement**: Catches licensing issues during PR review rather than at release time - **Transparency**: Provides clear audit trail of approved licenses and authors |
||
|---|---|---|
| .. | ||
| src | ||
| Cargo.toml | ||
| PrecompileRegistry.sol | ||