From 2e73b62fab3602acbfa1f9916c58658b21bd914f Mon Sep 17 00:00:00 2001
From: Steve Moyer <smoyer1@selesy.com>
Date: Mon, 12 Sep 2022 10:32:27 -0400
Subject: [PATCH] feat(legal): break the build if packages with disallowed
 license(s) are added

---
 .github/workflows/go.yml |  3 +++
 .lichen.yaml             | 21 +++++++++++++++++++++
 Makefile                 |  4 ++++
 3 files changed, 28 insertions(+)
 create mode 100644 .lichen.yaml

diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 8d41852c..7ef010f1 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -56,3 +56,6 @@ jobs:
 
       - name: Check Security (vulnerable dependencies and insecure practices)
         run: make secure
+
+      - name: Check that all included packages have acceptable OSS licenses
+        run: make lint
diff --git a/.lichen.yaml b/.lichen.yaml
new file mode 100644
index 00000000..6f2bbb01
--- /dev/null
+++ b/.lichen.yaml
@@ -0,0 +1,21 @@
+---
+# Configuration for the Lichen software license scanner.  The list below
+# represents the licenses that are currently compiled into the git-bug
+# binary (with the exception of the GPL license which is git-bug's own
+# license and is therefore compatible.)  Licenses can be added to the
+# "allow" list using the official identifiers from the SPDX License
+# List which can be found at https://spdx.org/licenses/.
+#
+# The Lichen configuration file format allows overrides (for packages
+# where the license can't be automatically discovered) and exceptions
+# (to allow disallowed licenses for certain packages).  The format for
+# this file can be found at https://github.com/uw-labs/lichen#config.
+
+allow:
+- "Apache-2.0"
+- "BSD-2-Clause"
+- "BSD-3-Clause"
+- "GPL-3.0-or-later"
+- "ISC"
+- "MIT"
+- "MPL-2.0"
diff --git a/Makefile b/Makefile
index 2d12a016..9a675bc2 100644
--- a/Makefile
+++ b/Makefile
@@ -41,6 +41,10 @@ secure-vulnerabilities:
 	go install golang.org/x/vuln/cmd/govulncheck@latest
 	govulncheck ./... 
 
+legal: build
+	go install github.com/uw-labs/lichen@latest
+	lichen --config=.lichen.yaml ./git-bug
+
 test:
 	go test -v -bench=. ./...
 
-- 
GitLab