*: add bill of materials

[heyitsanthony]

This does not cover all the packages in etcd.

/cc @robszumski

[robszumski]

Looks great, thanks

[robszumski]

Actually, it seems to be not valid json:

Error: Parse error on line 202:
...dence": 0.953	}][	{		"project": "b
-------------------^
Expecting 'EOF', '}', ',', ']'

Missing comma?

[gyuho]

lgtm.

[heyitsanthony]

@robszumski it doesn't like the second [] so I manually folded the error data into the first []

[gyuho]

Do we have some script to generate this file? Or just comment here for future reference?

[heyitsanthony]

@gyuho license-bill-of-materials github.com/coreos/etcd github.com/coreos/etcd/etcdctl

[xiang90]

lgtm

[codecov-io]

Codecov Report

❗ No coverage uploaded for pull request base (master@0d52598). Click here to learn what that means.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master    #7745   +/-   ##
=========================================
  Coverage          ?   76.02%           
=========================================
  Files             ?      331           
  Lines             ?    26058           
  Branches          ?        0           
=========================================
  Hits              ?    19811           
  Misses            ?     4825           
  Partials          ?     1422

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0d52598...8a5f085. Read the comment docs.

[heyitsanthony]

A few of these are still wrong (https://github.com/coreos-inc/coreos-pages/pull/1504). I can manually fix these but now it seems like the bom stuff won't be amenable to automation any time soon.
/cc @euank @xiang90

[heyitsanthony]

updated broken detected license, revendored gopkg.in/yaml.v2 so it has the latest / more permissive license

[philips]

These can be overridden using an override file: https://github.com/coreos/license-bill-of-materials#what-is-it

[heyitsanthony]

@philips doesn't seem to work; it only hits error/no license cases and even then I'm not seeing it show up in the list. Including an override file anyway, though.

[heyitsanthony]

Going to open an issue about automating this, but otherwise seems like if there's anything else that needs fixing it can be addressed in another PR. Merging.