From b663c70851babf7d0d3ced102252cb2d0f94cef4 Mon Sep 17 00:00:00 2001
From: David Li <li.davidm96@gmail.com>
Date: Fri, 29 Mar 2024 15:46:29 -0400
Subject: [PATCH] GH-40899: [CI][Java] Check dependency licenses

---
 ci/scripts/java_test.sh | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/ci/scripts/java_test.sh b/ci/scripts/java_test.sh
index dd483ff254197..d6cc036204668 100755
--- a/ci/scripts/java_test.sh
+++ b/ci/scripts/java_test.sh
@@ -58,4 +58,43 @@ if [ "${ARROW_JAVA_CDATA}" = "ON" ]; then
   ${mvn} clean test -Parrow-c-data -pl c -Darrow.c.jni.dist.dir=${java_jni_dist_dir}
 fi
 
+echo "=== Checking third-party licenses ==="
+
+${mvn} \
+  license:add-third-party \
+  -Dlicense.excludedScopes=provided,test \
+  -Dlicense.excludeTransitiveDependencies=true \
+  -Dlicense.failOnMissing=true \
+  -Dlicense.failIfWarning=true
+
+set +x
+
+# Ignore grep returning 1 on no match
+function safegrep { grep "$@" || test $? = 1; }
+
+fail=0
+for report in $(find . -type f -name THIRD-PARTY.txt); do
+  echo "=== Checking ${report} ==="
+  # Include-list of safe licenses
+  bad_deps=$(cat "${report}" |
+               safegrep -v -e '^$' |
+               safegrep -v -E "Lists of.*dependencies" |
+               safegrep -v "The Apache Software License, Version 2.0" |
+               safegrep -v "Apache License, Version 2.0" |
+               safegrep -v "Apache License V2.0" |
+               safegrep -v "Apache 2.0" |
+               safegrep -v "Apache-2.0" |
+               safegrep -v --fixed-strings "BSD 2-Clause License" |
+               safegrep -v --fixed-strings "BSD-3-Clause" |
+               safegrep -v "Bouncy Castle Licence" |
+               safegrep -i -v "MIT license" |
+               safegrep -v "Public Domain")
+  if [ -n "${bad_deps}" ]; then
+    echo "Found bad dependencies in ${report}:"
+    echo "${bad_deps}"
+    fail=$((fail + 1))
+  fi
+done
+exit ${fail}
+
 popd