From f9d14d7f94fcea3f9ed74e8c0d628741d3ce85d7 Mon Sep 17 00:00:00 2001
From: Ramkumar Chinchani <rchincha@cisco.com>
Date: Mon, 24 Jan 2022 17:31:39 +0000
Subject: [PATCH] ci/cd: add a license checker

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>
---
 .github/workflows/license.yaml | 26 ++++++++++++++++++++++++++
 Makefile                       | 32 ++++++++++++++++++++++++++++++--
 2 files changed, 56 insertions(+), 2 deletions(-)
 create mode 100644 .github/workflows/license.yaml

diff --git a/.github/workflows/license.yaml b/.github/workflows/license.yaml
new file mode 100644
index 00000000..4a22f67d
--- /dev/null
+++ b/.github/workflows/license.yaml
@@ -0,0 +1,26 @@
+name: "Software License Check"
+on:
+  push:
+    paths:
+      - 'go.mod'
+    branches:
+      - main
+  pull_request:
+    paths:
+      - 'go.mod'
+    # The branches below must be a subset of the branches above
+    branches: [main]
+
+jobs:
+  license-check:
+    runs-on: ubuntu-latest
+    name: License Check
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-go@v2
+        with:
+          go-version: 1.17.x
+      - name: Install go-licenses
+        run: go install github.com/google/go-licenses@latest
+      - name: Check for forbidden licenses
+        run: make check-licenses
diff --git a/Makefile b/Makefile
index 329dd1e9..86421065 100644
--- a/Makefile
+++ b/Makefile
@@ -120,8 +120,36 @@ swagger: swagger/docs.go
 
 .PHONY: update-licenses
 update-licenses:
-	go get github.com/google/go-licenses
-	$(shell echo "Module | License URL | License" > THIRD-PARTY-LICENSES.md; echo "---|---|---" >> THIRD-PARTY-LICENSES.md; for i in $$(cat go.sum  | awk '{print $$1}'); do l=$$(go-licenses csv $$i 2>/dev/null); if [ $$? -ne 0 ]; then continue; fi; echo $$l | tr \, \| | tr ' ' '\n'; done | sort -u >> THIRD-PARTY-LICENSES.md)
+	@echo "Detecting and updating licenses ... please be patient!"
+	go install github.com/google/go-licenses@latest
+	$(shell echo "Module | License URL | License" > THIRD-PARTY-LICENSES.md; echo "---|---|---" >> THIRD-PARTY-LICENSES.md; for i in $$(go list -m all  | awk '{print $$1}'); do l=$$(go-licenses csv $$i 2>/dev/null); if [ $$? -ne 0 ]; then continue; fi; echo $$l | tr \, \| | tr ' ' '\n'; done | sort -u >> THIRD-PARTY-LICENSES.md)
+
+.PHONY: check-licenses
+check-licenses:
+	go install github.com/google/go-licenses@latest
+	@for tag in "extended,containers_image_openpgp" "minimal,containers_image_openpgp"; do \
+		echo Evaluating tag: $$tag;\
+		for mod in $$(go list -m -f '{{if not (or .Indirect .Main)}}{{.Path}}{{end}}' all); do \
+			while [ x$$mod != x ]; do \
+				echo -n "Checking $$mod ... "; \
+				result=$$(GOFLAGS="-tags=$${tag}" go-licenses check $$mod 2>&1); \
+				if [ $$? -eq 0 ]; then \
+					echo OK; \
+					break; \
+				fi; \
+				echo "$${result}" | grep -q "Forbidden"; \
+				if [ $$? -eq 0 ]; then \
+					echo FAIL; \
+					exit 1; \
+				fi; \
+				echo "$${result}" | egrep -q "missing go.sum entry|no required module provides package|build constraints exclude all|updates to go.mod needed"; \
+				if [ $$? -eq 0 ]; then \
+					echo UNKNOWN; \
+					break; \
+				fi; \
+			done; \
+		 done; \
+	 done
 
 .PHONY: clean
 clean: