Merge pull request #7 from crazy-max/license-headers

License headers
docker · Nov 25, 2022 · 6a7324f · 6a7324f
2 parents 8129fae + c9efec4
commit 6a7324f
Show file tree

Hide file tree

Showing 8 changed files with 178 additions and 0 deletions.
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
@@ -0,0 +1,33 @@
+name: validate
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - 'master'
+  pull_request:
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        target:
+          - validate-license
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Run
+        uses: docker/bake-action@v2
+        with:
+          targets: ${{ matrix.target }}
diff --git a/Dockerfile b/Dockerfile
@@ -1,3 +1,17 @@
+# Copyright 2022 buildkit-syft-scanner authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 #syntax=docker/dockerfile:1
 
 ARG GO_VERSION="1.19"

diff --git a/cmd/syft-scanner/main.go b/cmd/syft-scanner/main.go
@@ -1,3 +1,17 @@
+// Copyright 2022 buildkit-syft-scanner authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package main
 
 import (

diff --git a/docker-bake.hcl b/docker-bake.hcl
@@ -1,3 +1,17 @@
+// Copyright 2022 buildkit-syft-scanner authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 variable "GO_VERSION" {
   default = "1.19"
 }
@@ -35,3 +49,17 @@ target "image" {
     "linux/s390x"
   ]
 }
+
+target "validate-license" {
+  inherits = ["_common"]
+  dockerfile = "./hack/dockerfiles/license.Dockerfile"
+  target = "validate"
+  output = ["type=cacheonly"]
+}
+
+target "update-license" {
+  inherits = ["_common"]
+  dockerfile = "./hack/dockerfiles/license.Dockerfile"
+  target = "update"
+  output = ["."]
+}
diff --git a/hack/dockerfiles/license.Dockerfile b/hack/dockerfiles/license.Dockerfile
@@ -0,0 +1,47 @@
+# syntax=docker/dockerfile:1
+
+# Copyright 2022 buildkit-syft-scanner authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG LICENSE_HOLDER="buildkit-syft-scanner authors"
+ARG LICENSE_TYPE="apache"
+ARG LICENSE_FILES=".*\(Dockerfile\|Makefile\|\.go\|\.hcl\|\.sh\)"
+ARG ADDLICENSE_VERSION="v1.0.0"
+
+FROM ghcr.io/google/addlicense:${ADDLICENSE_VERSION} AS addlicense
+
+FROM alpine:3.16 AS base
+WORKDIR /src
+RUN apk add --no-cache cpio findutils git
+
+FROM base AS set
+ARG LICENSE_HOLDER
+ARG LICENSE_TYPE
+ARG LICENSE_FILES
+RUN --mount=type=bind,target=.,rw \
+    --mount=from=addlicense,source=/app/addlicense,target=/usr/bin/addlicense \
+    find . -regex "${LICENSE_FILES}" -not -path "./vendor/*" | xargs addlicense -c "$LICENSE_HOLDER" -l "$LICENSE_TYPE" && \
+    mkdir /out && \
+    find . -regex "${LICENSE_FILES}" -not -path "./vendor/*" | cpio -pdm /out
+
+FROM scratch AS update
+COPY --from=set /out /
+
+FROM base AS validate
+ARG LICENSE_HOLDER
+ARG LICENSE_TYPE
+ARG LICENSE_FILES
+RUN --mount=type=bind,target=. \
+    --mount=from=addlicense,source=/app/addlicense,target=/usr/bin/addlicense \
+    find . -regex "${LICENSE_FILES}" -not -path "./vendor/*" | xargs addlicense -check -c "$LICENSE_HOLDER" -l "$LICENSE_TYPE"
diff --git a/internal/scanner.go b/internal/scanner.go
@@ -1,3 +1,17 @@
+// Copyright 2022 buildkit-syft-scanner authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package internal
 
 import (

diff --git a/internal/target.go b/internal/target.go
@@ -1,3 +1,17 @@
+// Copyright 2022 buildkit-syft-scanner authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package internal
 
 import (

diff --git a/version/version.go b/version/version.go
@@ -1,3 +1,17 @@
+// Copyright 2022 buildkit-syft-scanner authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 package version
 
 var (