diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f042fa0..54095d4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,6 +46,15 @@ jobs: with: modified_files_only: false + verify-license-check: + uses: ./.github/workflows/license_check.yml + with: + working_directory: examples/dart_package + dependency_type: "direct-dev" + allowed: "" + forbidden: "unknown" + skip_packages: "very_good_analysis" + build: needs: [ @@ -55,6 +64,7 @@ jobs: verify-pana-flutter, verify-semantic-pull-request, verify-spell-check, + verify-license-check, ] runs-on: ubuntu-latest diff --git a/.github/workflows/license_check.yml b/.github/workflows/license_check.yml new file mode 100644 index 0000000..3995621 --- /dev/null +++ b/.github/workflows/license_check.yml @@ -0,0 +1,73 @@ +name: License Check Workflow + +on: + workflow_call: + inputs: + working_directory: + required: false + type: string + default: "." + runs_on: + required: false + type: string + default: "ubuntu-latest" + dart_sdk: + required: false + type: string + default: "stable" + allowed: + required: false + type: string + default: "MIT,BSD-3-Clause,BSD-2-Clause,Apache-2.0" + forbidden: + required: false + type: string + default: "" + skip_packages: + required: false + type: string + default: "" + dependency_type: + required: false + type: string + default: "direct-main,transitive" + ignore_retrieval_failures: + required: false + type: boolean + default: false + secrets: + ssh_key: + required: false + +jobs: + build: + defaults: + run: + working-directory: ${{inputs.working_directory}} + + runs-on: ${{inputs.runs_on}} + + steps: + - name: 📚 Git Checkout + uses: actions/checkout@v4 + + - name: 🎯 Setup Dart + uses: dart-lang/setup-dart@v1 + with: + sdk: ${{inputs.dart_sdk}} + + - name: 🤫 Set SSH Key + env: + ssh_key: ${{secrets.ssh_key}} + if: env.ssh_key != null + uses: webfactory/ssh-agent@v0.8.0 + with: + ssh-private-key: ${{secrets.ssh_key}} + + - name: 📦 Install Dependencies + run: dart pub get --no-example + + - name: 👨‍⚖️ Check licenses + run: | + dart pub global activate very_good_cli + dart pub global run very_good_cli:very_good packages check licenses --skip-packages=${{inputs.skip_packages}} --dependency-type=${{inputs.dependency_type}} ${{(inputs.ignore_retrieval_failures && '--ignore-retrieval-failures') || ''}} --allowed=${{inputs.allowed}} --forbidden=${{inputs.forbidden}} diff --git a/README.md b/README.md index b381ebb..a628f9c 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,9 @@ uses: VeryGoodOpenSource/very_good_workflows/.github/workflows/dart_pub_publish. # A reusable workflow for publishing Mason bricks uses: VeryGoodOpenSource/very_good_workflows/.github/workflows/mason_publish.yml@v1 + +# A reusable workflow to keep track of the rights and restrictions external dependencies might impose on Dart or Flutter projects +uses: VeryGoodOpenSource/very_good_workflows/.github/workflows/license_check.yml@v1 ``` For configuration details, check out our [official docs][workflows_docs]. diff --git a/site/docs/workflows/license_check.md b/site/docs/workflows/license_check.md new file mode 100644 index 0000000..ee2db90 --- /dev/null +++ b/site/docs/workflows/license_check.md @@ -0,0 +1,74 @@ +--- +sidebar_position: 5 +--- + +# License Check + +At VGV, we keep track of the rights and restrictions external dependencies might impose on Dart or Flutter projects. + +:::info +The License Check functionality is powered by [Very Good CLI's license checker](https://cli.vgv.dev/docs/commands/check_licenses), for a deeper understanding of some [inputs](#inputs) refer to its [documentation](https://cli.vgv.dev/docs/commands/check_licenses). +::: + +## Steps + +The License Check workflow consists of the following steps: + +1. Setup Dart +2. Set SSH Key (if provided) +3. Install project dependencies +4. Check licenses + +## Inputs + +### `working_directory` + +**Optional** The path to the root of the Dart or Flutter package. + +**Default** `"."` + +### `runs_on` + +**Optional** An optional operating system on which to run the workflow. + +**Default** `"ubuntu-latest"` + +### `dart_sdk` + +**Optional** Which Dart SDK version to use. It can be a version (e.g. `2.12.0`) or a channel (e.g. `stable`): + +**Default** `"stable"` + +### `allowed` + +**Optional** Only allow the use of certain licenses. The expected format is a comma-separated list. + +**Default** `"MIT,BSD-3-Clause,BSD-2-Clause,Apache-2.0"` + +### `forbidden` + +**Optional** Deny the use of certain licenses. The expected format is a comma-separated list. + +**Default** `""` + +:::warning +The allowed and forbidden options can't be used at the same time. If you want to use `forbidden` set `allowed` to an empty string. +::: + +### `skip_packages` + +**Optional** Skip packages from having their licenses checked. + +**Default** `""` + +### `dependency_type` + +**Optional** The type of dependencies to check licenses for. + +**Default** `"direct-main,transitive"` + +### `ignore_retrieval_failures` + +**Optional** Disregard licenses that failed to be retrieved. + +**Default** `false` diff --git a/site/docs/workflows/mason_publish.md b/site/docs/workflows/mason_publish.md index 7264b0b..e19d806 100644 --- a/site/docs/workflows/mason_publish.md +++ b/site/docs/workflows/mason_publish.md @@ -1,5 +1,5 @@ --- -sidebar_position: 5 +sidebar_position: 6 --- # Mason Publish diff --git a/site/docs/workflows/pana.md b/site/docs/workflows/pana.md index 39445a6..e8952c0 100644 --- a/site/docs/workflows/pana.md +++ b/site/docs/workflows/pana.md @@ -1,5 +1,5 @@ --- -sidebar_position: 6 +sidebar_position: 7 --- # Pana diff --git a/site/docs/workflows/spell_check.md b/site/docs/workflows/spell_check.md index 666d214..6c01d6b 100644 --- a/site/docs/workflows/spell_check.md +++ b/site/docs/workflows/spell_check.md @@ -1,5 +1,5 @@ --- -sidebar_position: 7 +sidebar_position: 9 --- # Spell Check