Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Comments

Close side panel

Add Licensed To Help Verify Prod Licenses#88

Merged
konradpabjan merged 4 commits intoactions:mainactions/setup-java:mainfrom
thboop:mainCopy head branch name to clipboard
Sep 23, 2020
Merged

Add Licensed To Help Verify Prod Licenses#88
konradpabjan merged 4 commits intoactions:mainactions/setup-java:mainfrom
thboop:mainCopy head branch name to clipboard

Conversation

@thboop
Copy link
Contributor

@thboop thboop commented Aug 12, 2020

GitHub has a tool called licensed which helps us to verify that the node modules we are using are appropriately licensed for what we are using them for. It also helps to verify that the license a node module claims to be under matches the license it.

If you were previously checking in a license in the dist file, this can replace that flow.

This PR adds:

  • A workflow to check licenses on pull requests and pushes to the main branch
  • A licensed.yml file used to configure licensed
  • A number of files into the .licenses directory which contain our dependencies and their appropriate licenses

How does this impact me?

  • You may need to locally install licensed and run licensed cache to update the dependency cache if you install a new production dependency.
    • If licensed cache is unable to determine the dependency, you may need to modify the cache file yourself to put the correct license.
  • You should still verify the dependency, licensed in a tool to help, but is not a substitute for human review of dependencies
  • Currently, this PR only targets production dependencies, dev dependencies are not included.

@thboop thboop marked this pull request as ready for review August 26, 2020 15:30
@konradpabjan konradpabjan merged commit 11790a2 into actions:main Sep 23, 2020
tdfacer pushed a commit to ifit/setup-java that referenced this pull request Oct 7, 2025
@thboop
Add Licensed To Help Verify Prod Licenses (actions#88)
3dc4719 
* Add Licensed workflow and config files

* Manually validate dependencies

* Ignore Generated Files in Git PR's

* update contributing.md
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yacaovsnc yacaovsnc yacaovsnc approved these changes

+1 more reviewer

@konradpabjan konradpabjan konradpabjan approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@thboop @yacaovsnc @konradpabjan
Morty Proxy This is a proxified and sanitized view of the page, visit original site.