Perform automated 3PP license check as part of CI for PRs #268
Assignees
Comments
marcdumais-work
added a commit
that referenced
this issue
Jan 19, 2024
Closes #268 Signed-off-by: Marc Dumais <marc.dumais@ericsson.com>
marcdumais-work
added a commit
that referenced
this issue
Jan 29, 2024
Closes #268 Signed-off-by: Marc Dumais <marc.dumais@ericsson.com>
marcdumais-work
added a commit
that referenced
this issue
Jan 29, 2024
The license check can be triggered locally: yarn license:check For automatic opening of IP tickets for suspicious depedencies, set an Eclipse Foundation gitlab token as environment variable "DASH_TOKEN" and run the alternate pacakge.json script. e.g.: export DASH_TOKEN="<your token>" yarn license:check:reviewAdd 3PP license check as part of PR CI Closes #268 Signed-off-by: Marc Dumais <marc.dumais@ericsson.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
At a minimum, a 3PP license check needs to be performed before any release of an Eclipse Foundation project component, but ideally it should be done for each PR before merging, to catch 3PPs with incompatible or unclear licenses as early as possible.
We have been working on a standalone nodejs wrapper for Eclipse Foundation's
dash-licenses, that can be used to easily add 3PP license checks in JS/TS repositories:https://github.com/eclipse-dash/nodejs-wrapper
We will soon have its first release to npm, and thereafter it can be easily be added as a devDependency and used in this repo and others in this organization.
The text was updated successfully, but these errors were encountered: