Skip to content

Commit

Permalink
Merge pull request #7 from takkt-ag/licenses
Browse files Browse the repository at this point in the history
Track and represent third-party licenses
  • Loading branch information
ZyanKLee authored Oct 25, 2024
2 parents 83ce2e0 + 04bbe6c commit b3d8960
Show file tree
Hide file tree
Showing 8 changed files with 7,409 additions and 1 deletion.
38 changes: 37 additions & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,43 @@ jobs:
uses: actions/checkout@v4
- name: Check license comments
run: |
./.ci/check-license-comments.sh
./.tools/check-license-comments.sh
cargo-deny:
runs-on: ubuntu-latest
strategy:
matrix:
checks:
- advisories
- bans licenses sources

# Prevent sudden announcement of a new advisory from failing ci:
continue-on-error: ${{ matrix.checks == 'advisories' }}

steps:
- uses: actions/checkout@v4
- uses: EmbarkStudios/cargo-deny-action@v2.0.1
with:
command: check ${{ matrix.checks }}

cargo-about:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install cargo-about
uses: taiki-e/install-action@v2.44.50
with:
tool: cargo-about
- name: Generate up-to-date `THIRD_PARTY_LICENSES.md`
run: cargo about generate -o ./THIRD_PARTY_LICENSES.md ./.tools/cargo-about-markdown-template.hbs
- name: Verify `THIRD_PARTY_LICENSES.md` is up-to-date
run: |
git diff --exit-code --quiet ./THIRD_PARTY_LICENSES.md
if [ $? -ne 0 ]; then
echo "THIRD_PARTY_LICENSES.md is out of date. Please run 'cargo about generate -o ./THIRD_PARTY_LICENSES.md ./.tools/cargo-about-markdown-template.hbs' locally, compare what has changed and commit the changes."
exit 1
fi
linting:
permissions:
Expand Down
1 change: 1 addition & 0 deletions .tools/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
This folder contains various scripts and configurations, used by CI or otherwise.
26 changes: 26 additions & 0 deletions .tools/cargo-about-markdown-template.hbs
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# Third Party Licenses

This page lists the licenses of the projects used in Persevere.

## Overview of licenses

{{#each overview}}
- [{{name}}](#{{id}}) ({{count}})
{{/each}}

## All license text

{{#each licenses}}
### <a name="{{id}}"></a>{{name}}

#### Used by

{{#each used_by}}
- [{{crate.name}} {{crate.version}}]({{#if crate.repository}} {{crate.repository}} {{else}} https://crates.io/crates/{{crate.name}} {{/if}})
{{/each}}

<pre>
{{text}}
</pre>

{{/each}}
File renamed without changes.
3 changes: 3 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,9 @@ If you are interested in contributing a feature that is not mentioned here, we s

Persevere is licensed under the Apache License, Version 2.0, (see [LICENSE](LICENSE) or <https://www.apache.org/licenses/LICENSE-2.0>).

Persevere internally makes use of various open-source projects.
You can find a full list of these projects and their licenses in [THIRD_PARTY_NOTICES.md](THIRD_PARTY_NOTICES.md).

### Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in Persevere by you, as defined in the Apache-2.0 license, shall be licensed under the Apache License, Version 2.0, without any additional terms or conditions.
Expand Down
7,290 changes: 7,290 additions & 0 deletions THIRD_PARTY_LICENSES.md

Large diffs are not rendered by default.

16 changes: 16 additions & 0 deletions about.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
accepted = [
"Apache-2.0",
"BSD-3-Clause",
"ISC",
"MIT",
]
workarounds = ["ring"]

[ring]
accepted = ["OpenSSL"]

[unicode-ident]
accepted = ["Unicode-DFS-2016"]

[foldhash]
accepted = ["Zlib"]
36 changes: 36 additions & 0 deletions deny.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
[licenses]
confidence-threshold = 0.93
allow = [
"Apache-2.0",
"BSD-3-Clause",
"ISC",
"MIT",
]

exceptions = [
# ring uses code from multiple libraries but all with permissive licenses
# https://tldrlegal.com/license/openssl-license-(openssl)
{ allow = ["ISC", "MIT", "OpenSSL"], name = "ring" },

# Unicode-DFS-2016 is a permissive license, if attribution in associated documentation is provided
{ allow = ["Unicode-DFS-2016"], crate = "unicode-ident" },

# Zlib is a permissive license akin to MIT
{ allow = ["Zlib"], crate = "foldhash"},
]

[[licenses.clarify]]
name = "ring"
expression = "ISC AND MIT AND OpenSSL"
license-files = [{ path = "LICENSE", hash = 0xbd0eed23 }]

[bans]
wildcards = "deny"
multiple-versions = "warn"

[sources]
unknown-registry = "deny"
allow-registry = ["https://github.com/rust-lang/crates.io-index"]

unknown-git = "deny"
allow-git = []

0 comments on commit b3d8960

Please sign in to comment.