feat: introduce license_check workflow

.github/workflows/ci.yml

@@ -46,6 +46,15 @@ jobs:
     with:
       modified_files_only: false
 
+  verify-license-check:
+    uses: ./.github/workflows/license_check.yml
+    with:
+      working_directory: examples/dart_package
+      dependency_type: "direct-dev"
+      allowed: ""
+      forbidden: "unknown"
+      skip_packages: "very_good_analysis"
+
   build:
     needs:
       [
@@ -55,6 +64,7 @@ jobs:
         verify-pana-flutter,
         verify-semantic-pull-request,
         verify-spell-check,
+        verify-license-check,
       ]
 
     runs-on: ubuntu-latest

.github/workflows/license_check.yml

@@ -0,0 +1,73 @@
+name: License Check Workflow
+
+on:
+  workflow_call:
+    inputs:
+      working_directory:
+        required: false
+        type: string
+        default: "."
+      runs_on:
+        required: false
+        type: string
+        default: "ubuntu-latest"
+      dart_sdk:
+        required: false
+        type: string
+        default: "stable"
+      allowed:
+        required: false
+        type: string
+        default: "MIT,BSD-3-Clause,BSD-2-Clause,Apache-2.0"
+      forbidden:
+        required: false
+        type: string
+        default: ""
+      skip_packages:
+        required: false
+        type: string
+        default: ""
+      dependency_type:
+        required: false
+        type: string
+        default: "direct-main,transitive"
+      ignore_retrieval_failures:
+        required: false
+        type: boolean
+        default: false
+    secrets:
+      ssh_key:
+        required: false
+
+jobs:
+  build:
+    defaults:
+      run:
+        working-directory: ${{inputs.working_directory}}
+
+    runs-on: ${{inputs.runs_on}}
+
+    steps:
+      - name: 📚 Git Checkout
+        uses: actions/checkout@v4
+
+      - name: 🎯 Setup Dart
+        uses: dart-lang/setup-dart@v1
+        with:
+          sdk: ${{inputs.dart_sdk}}
+
+      - name: 🤫 Set SSH Key
+        env:
+          ssh_key: ${{secrets.ssh_key}}
+        if: env.ssh_key != null
+        uses: webfactory/ssh-agent@v0.8.0
+        with:
+          ssh-private-key: ${{secrets.ssh_key}}
+
+      - name: 📦 Install Dependencies
+        run: dart pub get --no-example
+
+      - name: 👨‍⚖️ Check licenses
+        run: |
+          dart pub global activate very_good_cli
+          dart pub global run very_good_cli:very_good packages check licenses --skip-packages=${{inputs.skip_packages}} --dependency-type=${{inputs.dependency_type}} ${{(inputs.ignore_retrieval_failures && '--ignore-retrieval-failures') || ''}} --allowed=${{inputs.allowed}} --forbidden=${{inputs.forbidden}}

README.md

@@ -44,6 +44,9 @@ uses: VeryGoodOpenSource/very_good_workflows/.github/workflows/dart_pub_publish.
 
 # A reusable workflow for publishing Mason bricks
 uses: VeryGoodOpenSource/very_good_workflows/.github/workflows/mason_publish.yml@v1
+
+# A reusable workflow to keep track of the rights and restrictions external dependencies might impose on Dart or Flutter projects
+uses: VeryGoodOpenSource/very_good_workflows/.github/workflows/license_check.yml@v1
 ```
 
 For configuration details, check out our [official docs][workflows_docs].

site/docs/workflows/license_check.md

@@ -0,0 +1,74 @@
+---
+sidebar_position: 5
+---
+
+# License Check
+
+At VGV, we keep track of the rights and restrictions external dependencies might impose on Dart or Flutter projects.
+
+:::info
+The License Check functionality is powered by [Very Good CLI's license checker](https://cli.vgv.dev/docs/commands/check_licenses), for a deeper understanding of some [inputs](#inputs) refer to its [documentation](https://cli.vgv.dev/docs/commands/check_licenses).
+:::
+
+## Steps
+
+The License Check workflow consists of the following steps:
+
+1. Setup Dart
+2. Set SSH Key (if provided)
+3. Install project dependencies
+4. Check licenses
+
+## Inputs
+
+### `working_directory`
+
+**Optional** The path to the root of the Dart or Flutter package.
+
+**Default** `"."`
+
+### `runs_on`
+
+**Optional** An optional operating system on which to run the workflow.
+
+**Default** `"ubuntu-latest"`
+
+### `dart_sdk`
+
+**Optional** Which Dart SDK version to use. It can be a version (e.g. `2.12.0`) or a channel (e.g. `stable`):
+
+**Default** `"stable"`
+
+### `allowed`
+
+**Optional** Only allow the use of certain licenses. The expected format is a comma-separated list.
+
+**Default** `"MIT,BSD-3-Clause,BSD-2-Clause,Apache-2.0"`
+
+### `forbidden`
+
+**Optional** Deny the use of certain licenses. The expected format is a comma-separated list.
+
+**Default** `""`
+
+:::warning
+The allowed and forbidden options can't be used at the same time. If you want to use `forbidden` set `allowed` to an empty string.
+:::
+
+### `skip_packages`
+
+**Optional** Skip packages from having their licenses checked.
+
+**Default** `""`
+
+### `dependency_type`
+
+**Optional** The type of dependencies to check licenses for.
+
+**Default** `"direct-main,transitive"`
+
+### `ignore_retrieval_failures`
+
+**Optional** Disregard licenses that failed to be retrieved.
+
+**Default** `false`

site/docs/workflows/mason_publish.md

@@ -1,5 +1,5 @@
 ---
-sidebar_position: 5
+sidebar_position: 6
 ---
 
 # Mason Publish

site/docs/workflows/pana.md

@@ -1,5 +1,5 @@
 ---
-sidebar_position: 6
+sidebar_position: 7
 ---
 
 # Pana

site/docs/workflows/spell_check.md

@@ -1,5 +1,5 @@
 ---
-sidebar_position: 7
+sidebar_position: 9
 ---
 
 # Spell Check