Merge pull request #15 from brainhubeu/feature/add-license-auditor

add license-auditor
brainhubeu · Dec 21, 2021 · 499b177 · 499b177
2 parents 8d316d7 + 7c04c0c
commit 499b177
Show file tree

Hide file tree

Showing 11 changed files with 2,229 additions and 585 deletions.
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -15,3 +15,21 @@ jobs:
         run: yarn run lint
       - name: Run tests
         run: yarn test
+  LicenseCheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Use Node.js 16
+        uses: actions/setup-node@v2
+        with:
+          node-version: '16.x'
+      - name: Install dependencies
+        run: yarn
+      - name: Check licenses
+        run: |
+          yarn add -D danger
+          yarn danger ci --failOnErrors --verbose --id LicenceAuditor
+        env:
+          DANGER_GITHUB_API_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+          PROJECT_PATH: '.'
diff --git a/README.md b/README.md
@@ -45,7 +45,7 @@ or Yarn:
 yarn add @brainhubeu/license-auditor
 ```
 
-In the next step, copy `license` directory with `licenses.js`, `blacklist.js`, and `whitelist.js` files. The first one contains a full list of all currently acknowledged, depreciated, and exceptional software licenses. To whitelist or blacklist the license, you must copy selected licenses from the main file into them.
+In the next step, copy `license-template` directory with `licenses.js`, `blacklist.js`, and `whitelist.js` files, naming it `license` in your project. The first one contains a full list of all currently acknowledged, depreciated, and exceptional software licenses. To whitelist or blacklist the license, you must copy selected licenses from the main file into them.
 
 Whitelisting stops **License Auditor** from analyzing and displaying any notifications for a given package with whitelisted license type. Blacklisting a license leads to the generation of fail notification log or causes CI job to fail if the blacklisted license is found, which prevents the developer from merging unwanted dependencies into the destination branch. Any license that is included in neither `blacklist.js` nor `whitelist.js`, but is found during packages analyze or merge request, becomes a warning, which developer should address during merge process or further development.
 

diff --git a/dangerfile.js b/dangerfile.js
@@ -0,0 +1,15 @@
+/* eslint-disable no-undef */
+const licenseAuditor = require('@brainhubeu/license-auditor');
+
+const whitelist = require('./license/whitelist');
+const blacklist = require('./license/blacklist');
+
+licenseAuditor({
+  whitelistedLicenses: whitelist,
+  blacklistedLicenses: blacklist,
+  projectPath: process.env.PROJECT_PATH,
+  ciManager: {
+    warn,
+    fail,
+  },
+});
diff --git a/license-template/blacklist.js b/license-template/blacklist.js
@@ -0,0 +1,6 @@
+/* Provide a list of blacklisted licenses for the project below */
+const blacklist = [
+  'UNKNOWN',
+];
+
+module.exports = blacklist;