🔨 Build: verify on check that all dependencies have compatible licenses

EIDU · Jul 2, 2024 · e4160c6 · e4160c6
1 parent a0c9cd1
commit e4160c6
Show file tree

Hide file tree

Showing 3 changed files with 59 additions and 0 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -19,6 +19,9 @@ jobs:
       - name: checkout
         uses: actions/checkout@v2
 
+      - name: Lint and check
+        run: ./gradlew lintRelease check --stacktrace
+
       - name: Run instrumented tests on Android 5
         uses: reactivecircus/android-emulator-runner@v2
         with:

diff --git a/lib/allowed-licenses.json b/lib/allowed-licenses.json
@@ -0,0 +1,40 @@
+{
+  "allowedLicenses": [
+    { "moduleLicense": "MIT" },
+    { "moduleLicense": "MIT License" },
+    { "moduleLicense": "The MIT License" },
+
+    { "moduleLicense": "BSD-2-Clause" },
+    { "moduleLicense": "BSD 2-Clause" },
+    { "moduleLicense": "The BSD 2-Clause License" },
+
+    { "moduleLicense": "BSD-3-Clause" },
+    { "moduleLicense": "BSD 3-Clause" },
+    { "moduleLicense": "The BSD 3-Clause License" },
+
+    { "moduleLicense": "Apache-2.0" },
+    { "moduleLicense": "Apache 2.0" },
+    { "moduleLicense": "The Apache Software License, Version 2.0" },
+    { "moduleLicense": "The Apache License, Version 2.0" },
+    { "moduleLicense": "Apache License, Version 2.0" },
+
+    { "moduleLicense": "GPL-2.0-or-later" },
+    { "moduleLicense": "GPL-2.0+" },
+    { "moduleLicense": "GNU General Public License v2.0 or later" },
+
+    { "moduleLicense": "GPL-1.0-or-later" },
+    { "moduleLicense": "GPL-1.0+" },
+    { "moduleLicense": "GNU General Public License v1.0 or later" },
+
+    { "moduleLicense": "LGPL-2.1-or-later" },
+    { "moduleLicense": "LGPL-2.1+" },
+    { "moduleLicense": "GNU Lesser General Public License v2.1 or later" },
+
+    { "moduleLicense": "LGPL-2.0-or-later" },
+    { "moduleLicense": "LGPL-2.0+" },
+    { "moduleLicense": "GNU Library General Public License v2.0 or later" },
+
+    { "moduleLicense": "Zlib" },
+    { "moduleLicense": "zlib License" }
+  ]
+}
diff --git a/lib/build.gradle.kts b/lib/build.gradle.kts
@@ -6,6 +6,7 @@ plugins {
     id("maven-publish")
     id("signing")
     id("com.palantir.git-version") version "3.0.0"
+    id("com.github.jk1.dependency-license-report") version "2.8"
 }
 
 val localProperties = Properties().apply {
@@ -49,6 +50,21 @@ signing {
     sign(publishing.publications)
 }
 
+licenseReport {
+    allowedLicensesFile = File("$projectDir/allowed-licenses.json")
+}
+
+tasks.named("checkLicense") {
+    // The checkLicense task does not declare this input itself, so we do it here. This ensures
+    // that a modification of the file causes the checkLicense task to be re-evaluated.
+    inputs.file("$projectDir/allowed-licenses.json")
+}
+
+tasks.named("check") {
+    dependsOn("checkLicense")
+}
+
+
 dependencies {
     coreLibraryDesugaring("com.android.tools:desugar_jdk_libs:1.2.2")