Skip to content

Commit

Permalink
ci: use Github action-based dependency license checking
Browse files Browse the repository at this point in the history
Dependency know leverages the Github dependency review action instead
of the previous custom solution. The action uses the Github dependency
API to analyze dependencies. This not only should provide more accurate
results but also lower the maintenance costs for the license checking.
The initial allowed licenses list is based on the previous checker list
with licenses that are no longer used removed.

Action Documentation: https://github.com/actions/dependency-review-action
  • Loading branch information
clydin committed Jun 4, 2024
1 parent 2e9fe6a commit 5a63eff
Show file tree
Hide file tree
Showing 6 changed files with 30 additions and 284 deletions.
12 changes: 12 additions & 0 deletions .github/dependency-review-config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
vulnerability_check: false
allow_licenses:
- '0BSD'
- 'Apache-2.0'
- 'BlueOak-1.0.0'
- 'BSD-2-Clause'
- 'BSD-3-Clause'
- 'CC-BY-4.0'
- 'ISC'
- 'MIT'
- 'Python-2.0'
- 'Unlicense'
4 changes: 4 additions & 0 deletions .github/workflows/pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,10 @@ jobs:
run: yarn ts-circular-deps check
- name: Run Validation
run: yarn -s admin validate
- name: Check Package Licenses
uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # v4.3.2
with:
config-file: './.github/dependency-review-config.yml'
- name: Check tooling setup
run: yarn -s check-tooling-setup
- name: Check commit message
Expand Down
4 changes: 0 additions & 4 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,6 @@
"@types/jasmine": "~5.1.0",
"@types/karma": "^6.3.0",
"@types/less": "^3.0.3",
"@types/license-checker": "^25.0.6",
"@types/loader-utils": "^2.0.0",
"@types/lodash": "^4.17.0",
"@types/node": "^18.13.0",
Expand All @@ -106,7 +105,6 @@
"@types/resolve": "^1.17.1",
"@types/semver": "^7.3.12",
"@types/shelljs": "^0.8.11",
"@types/spdx-satisfies": "^0.1.2",
"@types/tar": "^6.1.2",
"@types/watchpack": "^2.4.4",
"@types/yargs": "^17.0.20",
Expand Down Expand Up @@ -157,7 +155,6 @@
"karma-source-map-support": "1.4.0",
"less": "4.2.0",
"less-loader": "12.2.0",
"license-checker": "^25.0.0",
"license-webpack-plugin": "4.0.2",
"lmdb": "3.0.11",
"loader-utils": "3.2.2",
Expand Down Expand Up @@ -193,7 +190,6 @@
"source-map": "0.7.4",
"source-map-loader": "5.0.0",
"source-map-support": "0.5.21",
"spdx-satisfies": "^5.0.0",
"symbol-observable": "4.0.0",
"tar": "^6.1.6",
"terser": "5.31.0",
Expand Down
121 changes: 0 additions & 121 deletions scripts/validate-licenses.mts

This file was deleted.

5 changes: 0 additions & 5 deletions scripts/validate.mts
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@

import { execSync } from 'child_process';
import templates from './templates.mjs';
import validateLicenses from './validate-licenses.mjs';
import validateUserAnalytics from './validate-user-analytics.mjs';

export default async function (options: { verbose: boolean }) {
Expand All @@ -34,10 +33,6 @@ export default async function (options: { verbose: boolean }) {
error = true;
}

console.info('');
console.info('Running license validation...');
error = (await validateLicenses({})) != 0 || error;

console.info('');
console.info('Running User Analytics validation...');
error = (await validateUserAnalytics({})) != 0 || error;
Expand Down
Loading

0 comments on commit 5a63eff

Please sign in to comment.