From c7a1302308346288941b1ccf9982323e395e2a0f Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Thu, 3 May 2018 16:26:23 +1000 Subject: [PATCH 1/7] Add an npm license-check script --- package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/package.json b/package.json index 54f009d8f9880..7354010db8e4f 100644 --- a/package.json +++ b/package.json @@ -135,6 +135,7 @@ "test": "npm run lint && npm run test-unit", "test-php": "npm run lint-php && npm run test-unit-php", "ci": "concurrently \"npm run lint && npm run build\" \"npm run test-unit:coverage-ci\"", + "license-check": "! npm ls --production --parseable | xargs -I {} jq --raw-output '.name + \" \" + ( .license // .licenses[0].type )' '{}/package.json' | ack -v '^.* .*(MIT|GPL-2|ISC|BSD|CC0).*$'", "fixtures:clean": "rimraf \"core-blocks/test/fixtures/*.+(json|serialized.html)\"", "fixtures:server-registered": "docker-compose run -w /var/www/html/wp-content/plugins/gutenberg --rm wordpress ./bin/get-server-blocks.php > core-blocks/test/server-registered.json", "fixtures:generate": "npm run fixtures:server-registered && cross-env GENERATE_MISSING_FIXTURES=y npm run test-unit", From f61c15a61fcf7f62e6042f0ce67a65c6c0d50f32 Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Thu, 3 May 2018 16:27:19 +1000 Subject: [PATCH 2/7] Add the license-check to travis --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 62311c62d35bc..b9fa33aaf3bbf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -31,6 +31,7 @@ jobs: - stage: test script: - npm install || exit 1 + - npm run license-check || exit 1 - npm run ci || exit 1 - stage: test From 9b89fe93595bc3f23c9263f26bfc82f43382e4c1 Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Thu, 3 May 2018 16:40:58 +1000 Subject: [PATCH 3/7] Try using ag? --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 7354010db8e4f..f3de048605f64 100644 --- a/package.json +++ b/package.json @@ -135,7 +135,7 @@ "test": "npm run lint && npm run test-unit", "test-php": "npm run lint-php && npm run test-unit-php", "ci": "concurrently \"npm run lint && npm run build\" \"npm run test-unit:coverage-ci\"", - "license-check": "! npm ls --production --parseable | xargs -I {} jq --raw-output '.name + \" \" + ( .license // .licenses[0].type )' '{}/package.json' | ack -v '^.* .*(MIT|GPL-2|ISC|BSD|CC0).*$'", + "license-check": "! npm ls --production --parseable | xargs -I {} jq --raw-output '.name + \" \" + ( .license // .licenses[0].type )' '{}/package.json' | ag -v '^.* .*(MIT|GPL-2|ISC|BSD|CC0).*$'", "fixtures:clean": "rimraf \"core-blocks/test/fixtures/*.+(json|serialized.html)\"", "fixtures:server-registered": "docker-compose run -w /var/www/html/wp-content/plugins/gutenberg --rm wordpress ./bin/get-server-blocks.php > core-blocks/test/server-registered.json", "fixtures:generate": "npm run fixtures:server-registered && cross-env GENERATE_MISSING_FIXTURES=y npm run test-unit", From e9517ef1b60a45ed9300fceb1b364dd6a8d439ab Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Thu, 3 May 2018 16:43:33 +1000 Subject: [PATCH 4/7] Let's just use grep, instead. --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index f3de048605f64..7a86e188cb0ad 100644 --- a/package.json +++ b/package.json @@ -135,7 +135,7 @@ "test": "npm run lint && npm run test-unit", "test-php": "npm run lint-php && npm run test-unit-php", "ci": "concurrently \"npm run lint && npm run build\" \"npm run test-unit:coverage-ci\"", - "license-check": "! npm ls --production --parseable | xargs -I {} jq --raw-output '.name + \" \" + ( .license // .licenses[0].type )' '{}/package.json' | ag -v '^.* .*(MIT|GPL-2|ISC|BSD|CC0).*$'", + "license-check": "! npm ls --production --parseable | xargs -I {} jq --raw-output '.name + \" \" + ( .license // .licenses[0].type )' '{}/package.json' | grep -v -E '^.* .*(MIT|GPL-2|ISC|BSD|CC0).*$'", "fixtures:clean": "rimraf \"core-blocks/test/fixtures/*.+(json|serialized.html)\"", "fixtures:server-registered": "docker-compose run -w /var/www/html/wp-content/plugins/gutenberg --rm wordpress ./bin/get-server-blocks.php > core-blocks/test/server-registered.json", "fixtures:generate": "npm run fixtures:server-registered && cross-env GENERATE_MISSING_FIXTURES=y npm run test-unit", From 7c9613c226a96d091bc11dba67d18fc412535b42 Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Fri, 4 May 2018 14:01:57 +1000 Subject: [PATCH 5/7] Add the in_array() bash helper function. --- bin/includes.sh | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/bin/includes.sh b/bin/includes.sh index d0028a1c66575..c921a3316518e 100755 --- a/bin/includes.sh +++ b/bin/includes.sh @@ -132,3 +132,27 @@ action_format() { command_exists() { type -t "$1" >/dev/null 2>&1 } + +## +# Checks if an array countains a particular value. +# +# @param {mixed} needle The value to search for. +# @param {array} haystack The array to search. +# +# @return bool Whether the haystack contains the needle or not. +## +in_array() { + local needle="$1"; + shift; + local haystack=("$@"); + + local item; + + for item in "${haystack[@]}"; do + if [ "$item" == "${needle}" ]; then + return 0; + fi + done + + return 1; +} From d4d6c73a8dcd3d6105aa79df0020cd43f8ba2800 Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Fri, 4 May 2018 14:02:34 +1000 Subject: [PATCH 6/7] Create the check-npm-licenses.sh script. --- .travis.yml | 2 +- bin/check-npm-licenses.sh | 40 +++++++++++++++++++++++++++++++++++++++ package.json | 2 +- 3 files changed, 42 insertions(+), 2 deletions(-) create mode 100755 bin/check-npm-licenses.sh diff --git a/.travis.yml b/.travis.yml index b9fa33aaf3bbf..10449d20a904b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -31,7 +31,7 @@ jobs: - stage: test script: - npm install || exit 1 - - npm run license-check || exit 1 + - ./bin/check-npm-licenses.sh || exit 1 - npm run ci || exit 1 - stage: test diff --git a/bin/check-npm-licenses.sh b/bin/check-npm-licenses.sh new file mode 100755 index 0000000000000..eae4e891964ff --- /dev/null +++ b/bin/check-npm-licenses.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +# Include useful functions +. "$(dirname "$0")/includes.sh" + +ALLOWED_LICENSES=( + "GPL-2.0-or-later" + "GPL-2.0+" + "(GPL-2.0 OR MIT)" + "MIT" + "ISC" + "BSD" + "BSD-2-Clause" + "BSD-3-Clause" + "CC0-1.0" +) + +FOUND_INCOMPATIBLE_MODULE=false + + +for MODULE_DIR in $(npm ls --production --parseable); do + PACKAGE_JSON="${MODULE_DIR}/package.json" + + PACKAGE_NAME=$(jq --raw-output '.name' $PACKAGE_JSON) + PACKAGE_LICENSE=$(jq --raw-output '( .license // .licenses[0].type )' $PACKAGE_JSON) + + if ! in_array "${PACKAGE_LICENSE}" "${ALLOWED_LICENSES[@]}"; then + if ! $FOUND_INCOMPATIBLE_MODULE; then + FOUND_INCOMPATIBLE_MODULE=true; + echo "These modules have incompatible licences:" + fi + echo "${PACKAGE_NAME}: ${PACKAGE_LICENSE}" + fi +done + +if ! $FOUND_INCOMPATIBLE_MODULE; then + echo "All module licenses are compatible." +else + exit 1; +fi diff --git a/package.json b/package.json index 7a86e188cb0ad..37ae6269345cf 100644 --- a/package.json +++ b/package.json @@ -135,7 +135,7 @@ "test": "npm run lint && npm run test-unit", "test-php": "npm run lint-php && npm run test-unit-php", "ci": "concurrently \"npm run lint && npm run build\" \"npm run test-unit:coverage-ci\"", - "license-check": "! npm ls --production --parseable | xargs -I {} jq --raw-output '.name + \" \" + ( .license // .licenses[0].type )' '{}/package.json' | grep -v -E '^.* .*(MIT|GPL-2|ISC|BSD|CC0).*$'", + "check-licenses": "./bin/check-npm-licenses.sh", "fixtures:clean": "rimraf \"core-blocks/test/fixtures/*.+(json|serialized.html)\"", "fixtures:server-registered": "docker-compose run -w /var/www/html/wp-content/plugins/gutenberg --rm wordpress ./bin/get-server-blocks.php > core-blocks/test/server-registered.json", "fixtures:generate": "npm run fixtures:server-registered && cross-env GENERATE_MISSING_FIXTURES=y npm run test-unit", From e4a7cdebc169057cd374b713656fc0a2c06308f5 Mon Sep 17 00:00:00 2001 From: Gary Pendergast Date: Fri, 18 May 2018 16:05:46 +1000 Subject: [PATCH 7/7] Add LGPL-2.1 as a valid license. --- bin/check-npm-licenses.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/bin/check-npm-licenses.sh b/bin/check-npm-licenses.sh index eae4e891964ff..65e9962db4882 100755 --- a/bin/check-npm-licenses.sh +++ b/bin/check-npm-licenses.sh @@ -6,6 +6,7 @@ ALLOWED_LICENSES=( "GPL-2.0-or-later" "GPL-2.0+" + "LGPL-2.1" "(GPL-2.0 OR MIT)" "MIT" "ISC"