[skip changelog] Standardize license file (#1522)

per1234 · web-flow · commit bb5d77806d91 · 2021-10-20T00:23:19.000-07:00
* [skip changelog] Standardize license file

Standardization in license documentation is important because, in addition to making it easy for humans to find this vital information, it allows machines to automate the process of license type determination, which is useful both for discovering suitable open source projects as well as checking open source license compliance.

The open source license of Arduino CLI is already stored in a standardized location at `/LICENSE.txt`. However, even though Arduino CLI is licensed under the industry standard GPL 3.0 open source license, additional text was added to the license file which offers the option to purchase an exception for proprietary use of the code. Even though this offer does not have any legal effect on the GPL 3.0 license, it does make it so that the license file can no longer be identified with 100% confidence by machines as GPL 3.0, which means a human must make that identification instead.

Since there is no need to place the exception offer in the license file, it can be moved to the readme and the license file left as the verbatim GPL 3.0 license text, as looked for by the license type detection tools such as licensee.

* Add CI workflow to check the license file

Whenever one of the recognized license file names are modified in the repository, the workflow runs to check whether the license can be recognized and whether it is of the expected type.

GitHub has a useful automated license detection system that determines the license type used by a repository, and surfaces that information in the repository home page, the search web interface, and the GitHub API. This license detection system requires that the license be defined by a dedicated file with one of several standardized filenames and paths.

GitHub's license detection system uses the popular licensee tool, so this file also serves to define the license type for any other usages of licensee, as well as to human readers of the file.

For this reason, and to ensure it remains a valid legal instrument, it's important that there be no non-standard modifications to the license file or collisions with other supported licence files. This workflow ensures that any changes which would change the license type or which license file is used by the detection are caught automatically.
diff --git a/.github/workflows/check-license.yml b/.github/workflows/check-license.yml
@@ -0,0 +1,67 @@
+# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-license.md
+name: Check License
+
+env:
+  EXPECTED_LICENSE_FILENAME: LICENSE.txt
+  # SPDX identifier: https://spdx.org/licenses/
+  EXPECTED_LICENSE_TYPE: GPL-3.0
+
+# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows
+on:
+  push:
+    paths:
+      - ".github/workflows/check-license.ya?ml"
+      # See: https://github.com/licensee/licensee/blob/master/docs/what-we-look-at.md#detecting-the-license-file
+      - "[cC][oO][pP][yY][iI][nN][gG]*"
+      - "[cC][oO][pP][yY][rR][iI][gG][hH][tH]*"
+      - "[lL][iI][cC][eE][nN][cCsS][eE]*"
+      - "[oO][fF][lL]*"
+      - "[pP][aA][tT][eE][nN][tT][sS]*"
+  pull_request:
+    paths:
+      - ".github/workflows/check-license.ya?ml"
+      - "[cC][oO][pP][yY][iI][nN][gG]*"
+      - "[cC][oO][pP][yY][rR][iI][gG][hH][tH]*"
+      - "[lL][iI][cC][eE][nN][cCsS][eE]*"
+      - "[oO][fF][lL]*"
+      - "[pP][aA][tT][eE][nN][tT][sS]*"
+  workflow_dispatch:
+  repository_dispatch:
+
+jobs:
+  check-license:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Install Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ruby # Install latest version
+
+      - name: Install licensee
+        run: gem install licensee
+
+      - name: Check license file
+        run: |
+          EXIT_STATUS=0
+          # See: https://github.com/licensee/licensee
+          LICENSEE_OUTPUT="$(licensee detect --json --confidence=100)"
+
+          DETECTED_LICENSE_FILE="$(echo "$LICENSEE_OUTPUT" | jq .matched_files[0].filename | tr --delete '\r')"
+          echo "Detected license file: $DETECTED_LICENSE_FILE"
+          if [ "$DETECTED_LICENSE_FILE" != "\"${EXPECTED_LICENSE_FILENAME}\"" ]; then
+            echo "::error file=${DETECTED_LICENSE_FILE}::detected license file $DETECTED_LICENSE_FILE doesn't match expected: $EXPECTED_LICENSE_FILENAME"
+            EXIT_STATUS=1
+          fi
+
+          DETECTED_LICENSE_TYPE="$(echo "$LICENSEE_OUTPUT" | jq .matched_files[0].matched_license | tr --delete '\r')"
+          echo "Detected license type: $DETECTED_LICENSE_TYPE"
+          if [ "$DETECTED_LICENSE_TYPE" != "\"${EXPECTED_LICENSE_TYPE}\"" ]; then
+            echo "::error file=${DETECTED_LICENSE_FILE}::detected license type $DETECTED_LICENSE_TYPE doesn't match expected \"${EXPECTED_LICENSE_TYPE}\""
+            EXIT_STATUS=1
+          fi
+
+          exit $EXIT_STATUS
diff --git a/LICENSE.txt b/LICENSE.txt
@@ -1,17 +1,3 @@
-This file includes licensing information for arduino-cli
-
-Copyright (c) 2018 ARDUINO SA (www.arduino.cc)
-
-The software is released under the GNU General Public License, which covers the main body
-of the arduino-cli code. The terms of this license can be found at:
-https://www.gnu.org/licenses/gpl-3.0.en.html
-
-You can be released from the requirements of the above licenses by purchasing
-a commercial license. Buying such a license is mandatory if you want to modify or
-otherwise use the software for commercial activities involving the Arduino
-software without disclosing the source code of your own applications. To purchase
-a commercial license, send an email to license@arduino.cc
-
                     GNU GENERAL PUBLIC LICENSE
                        Version 3, 29 June 2007
 
diff --git a/README.md b/README.md
@@ -45,6 +45,15 @@ policy] and report the bug to our Security Team 🛡️ Thank you!
 
 e-mail contact: security@arduino.cc
 
+## License
+
+Arduino CLI is licensed under the [GPL 3.0] license.
+
+You can be released from the requirements of the above license by purchasing a commercial license. Buying such a license
+is mandatory if you want to modify or otherwise use the software for commercial activities involving the Arduino
+software without disclosing the source code of your own applications. To purchase a commercial license, send an email to
+license@arduino.cc
+
 [install]: https://arduino.github.io/arduino-cli/latest/installation
 [user documentation]: https://arduino.github.io/arduino-cli/latest/
 [getting started]: https://arduino.github.io/arduino-cli/latest/getting-started/
@@ -54,3 +63,4 @@ e-mail contact: security@arduino.cc
 [contributors]: https://github.com/arduino/arduino-cli/graphs/contributors
 [nightly builds]: https://arduino.github.io/arduino-cli/latest/installation/#nightly-builds
 [security policy]: https://github.com/arduino/arduino-cli/security/policy
+[gpl 3.0]: https://www.gnu.org/licenses/gpl-3.0.en.html
