saulteafarmer/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Stirling-Tools/Stirling-PDF.git synced 2025-08-27 06:39:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

OR license check

Browse Source
This commit is contained in:
Anthony Stirling 2025-07-17 16:16:05 +01:00
parent 196a16fdbe
commit 036653a800
3 changed files with 97 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
.github/workflows/frontend-licenses-update.yml vendored
View File

@ -1,6 +1,13 @@
name: Frontend License Report Workflow name: Frontend License Report Workflow
on: on:
push:
branches:
- V2
paths:
- "frontend/package.json"
- "frontend/package-lock.json"
- "frontend/scripts/generate-licenses.js"
pull_request: pull_request:
branches: branches:
- V2 - V2
@ -60,8 +67,9 @@ jobs:
echo "LICENSE_WARNINGS_EXIST=false" >> $GITHUB_ENV echo "LICENSE_WARNINGS_EXIST=false" >> $GITHUB_ENV
fi fi
# PR Event: Check licenses and comment on PR
- name: Delete previous license check comments - name: Delete previous license check comments
if: github.event.pull_request if: github.event_name == 'pull_request'
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with: with:
github-token: ${{ steps.setup-bot.outputs.token }} github-token: ${{ steps.setup-bot.outputs.token }}
@ -94,7 +102,7 @@ jobs:
} }
- name: Comment on PR - License Check Results - name: Comment on PR - License Check Results
if: github.event.pull_request if: github.event_name == 'pull_request'
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with: with:
github-token: ${{ steps.setup-bot.outputs.token }} github-token: ${{ steps.setup-bot.outputs.token }}
@ -140,21 +148,22 @@ The frontend license report has been updated successfully.`;
body: commentBody body: commentBody
}); });
- name: Fail workflow if license warnings exist - name: Fail workflow if license warnings exist (PR only)
if: env.LICENSE_WARNINGS_EXIST == 'true' if: github.event_name == 'pull_request' && env.LICENSE_WARNINGS_EXIST == 'true'
run: | run: |
echo "❌ License warnings detected. Failing the workflow." echo "❌ License warnings detected. Failing the workflow."
exit 1 exit 1
- name: Commit changes # Push Event: Commit license files and create PR
- name: Commit changes (Push only)
if: github.event_name == 'push'
run: | run: |
git add frontend/src/assets/3rdPartyLicenses.json git add frontend/src/assets/3rdPartyLicenses.json
if [ -f "frontend/src/assets/license-warnings.json" ]; then # Note: Do NOT commit license-warnings.json - it's only for PR review
git add frontend/src/assets/license-warnings.json
fi
git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV
- name: Prepare PR body - name: Prepare PR body (Push only)
if: github.event_name == 'push'
run: | run: |
PR_BODY="Auto-generated by ${{ steps.setup-bot.outputs.app-slug }}[bot] PR_BODY="Auto-generated by ${{ steps.setup-bot.outputs.app-slug }}[bot]
@ -176,9 +185,9 @@ The frontend license report has been updated successfully.`;
echo "$PR_BODY" >> $GITHUB_ENV echo "$PR_BODY" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV
- name: Create Pull Request - name: Create Pull Request (Push only)
id: cpr id: cpr
if: env.CHANGES_DETECTED == 'true' if: github.event_name == 'push' && env.CHANGES_DETECTED == 'true'
uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
with: with:
token: ${{ steps.setup-bot.outputs.token }} token: ${{ steps.setup-bot.outputs.token }}
@ -195,14 +204,14 @@ The frontend license report has been updated successfully.`;
delete-branch: true delete-branch: true
sign-commits: true sign-commits: true
- name: Enable Pull Request Automerge - name: Enable Pull Request Automerge (Push only)
if: steps.cpr.outputs.pull-request-operation == 'created' && env.LICENSE_WARNINGS_EXIST == 'false' if: github.event_name == 'push' && steps.cpr.outputs.pull-request-operation == 'created' && env.LICENSE_WARNINGS_EXIST == 'false'
run: gh pr merge --squash --auto "${{ steps.cpr.outputs.pull-request-number }}" run: gh pr merge --squash --auto "${{ steps.cpr.outputs.pull-request-number }}"
env: env:
GH_TOKEN: ${{ steps.setup-bot.outputs.token }} GH_TOKEN: ${{ steps.setup-bot.outputs.token }}
- name: Add review required label - name: Add review required label (Push only)
if: steps.cpr.outputs.pull-request-operation == 'created' && env.LICENSE_WARNINGS_EXIST == 'true' if: github.event_name == 'push' && steps.cpr.outputs.pull-request-operation == 'created' && env.LICENSE_WARNINGS_EXIST == 'true'
run: gh pr edit "${{ steps.cpr.outputs.pull-request-number }}" --add-label "license-review-required" run: gh pr edit "${{ steps.cpr.outputs.pull-request-number }}" --add-label "license-review-required"
env: env:
GH_TOKEN: ${{ steps.setup-bot.outputs.token }} GH_TOKEN: ${{ steps.setup-bot.outputs.token }}

78
frontend/package-lock.json generated
View File

@ -3688,6 +3688,44 @@
"graceful-fs": "^4.1.6" "graceful-fs": "^4.1.6"
} }
}, },
"node_modules/jszip": {
"version": "3.10.1",
"resolved": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz",
"integrity": "sha512-xXDvecyTpGLrqFrvkrUSoxxfJI5AH7U8zxxtVclpsUtMCq4JQ290LY8AW5c7Ggnr/Y/oK+bQMbqK2qmtk3pN4g==",
"dependencies": {
"lie": "~3.3.0",
"pako": "~1.0.2",
"readable-stream": "~2.3.6",
"setimmediate": "^1.0.5"
}
},
"node_modules/jszip/node_modules/readable-stream": {
"version": "2.3.8",
"resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
"integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
"dependencies": {
"core-util-is": "~1.0.0",
"inherits": "~2.0.3",
"isarray": "~1.0.0",
"process-nextick-args": "~2.0.0",
"safe-buffer": "~5.1.1",
"string_decoder": "~1.1.1",
"util-deprecate": "~1.0.1"
}
},
"node_modules/jszip/node_modules/safe-buffer": {
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
"integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
},
"node_modules/jszip/node_modules/string_decoder": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
"integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
"dependencies": {
"safe-buffer": "~5.1.0"
}
},
"node_modules/license-checker": { "node_modules/license-checker": {
"version": "25.0.1", "version": "25.0.1",
"resolved": "https://registry.npmjs.org/license-checker/-/license-checker-25.0.1.tgz", "resolved": "https://registry.npmjs.org/license-checker/-/license-checker-25.0.1.tgz",
@ -3820,45 +3858,7 @@
"has-flag": "^3.0.0" "has-flag": "^3.0.0"
}, },
"engines": { "engines": {
"node": ">=4" "node": ">=4"
}
},
"node_modules/jszip": {
"version": "3.10.1",
"resolved": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz",
"integrity": "sha512-xXDvecyTpGLrqFrvkrUSoxxfJI5AH7U8zxxtVclpsUtMCq4JQ290LY8AW5c7Ggnr/Y/oK+bQMbqK2qmtk3pN4g==",
"dependencies": {
"lie": "~3.3.0",
"pako": "~1.0.2",
"readable-stream": "~2.3.6",
"setimmediate": "^1.0.5"
}
},
"node_modules/jszip/node_modules/readable-stream": {
"version": "2.3.8",
"resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
"integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
"dependencies": {
"core-util-is": "~1.0.0",
"inherits": "~2.0.3",
"isarray": "~1.0.0",
"process-nextick-args": "~2.0.0",
"safe-buffer": "~5.1.1",
"string_decoder": "~1.1.1",
"util-deprecate": "~1.0.1"
}
},
"node_modules/jszip/node_modules/safe-buffer": {
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
"integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
},
"node_modules/jszip/node_modules/string_decoder": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
"integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
"dependencies": {
"safe-buffer": "~5.1.0"
} }
}, },
"node_modules/lie": { "node_modules/lie": {

36
frontend/scripts/generate-licenses.js
View File

@ -276,6 +276,14 @@ function checkLicenseCompatibility(licenseSummary, licenseArray) {
'SEE LICENSE IN https://raw.githubusercontent.com/Stirling-Tools/Stirling-PDF/refs/heads/main/proprietary/LICENSE' 'SEE LICENSE IN https://raw.githubusercontent.com/Stirling-Tools/Stirling-PDF/refs/heads/main/proprietary/LICENSE'
]); ]);
// Helper function to normalize license names for comparison
function normalizeLicense(license) {
return license
.replace(/-or-later$/, '') // Remove -or-later suffix
.replace(/\+$/, '') // Remove + suffix
.trim();
}
// Check each license type // Check each license type
Object.entries(licenseSummary).forEach(([license, count]) => { Object.entries(licenseSummary).forEach(([license, count]) => {
// Skip known good licenses // Skip known good licenses
@ -302,7 +310,26 @@ function checkLicenseCompatibility(licenseSummary, licenseArray) {
// Check for compound licenses like "(MIT AND Zlib)" or "(MIT OR CC0-1.0)" // Check for compound licenses like "(MIT AND Zlib)" or "(MIT OR CC0-1.0)"
if (license.includes('AND') || license.includes('OR')) { if (license.includes('AND') || license.includes('OR')) {
// Parse compound license // For OR licenses, check if there's at least one acceptable license option
if (license.includes('OR')) {
// Extract license components from OR expression
const orComponents = license
.replace(/[()]/g, '') // Remove parentheses
.split(' OR ')
.map(component => component.trim());
// Check if any component is in the goodLicenses set (with normalization)
const hasGoodLicense = orComponents.some(component => {
const normalized = normalizeLicense(component);
return goodLicenses.has(component) || goodLicenses.has(normalized);
});
if (hasGoodLicense) {
return; // Skip warning - can use the good license option
}
}
// For AND licenses or OR licenses with no good options, check for problematic components
const hasProblematicComponent = Object.keys(problematicLicenses).some(problematic => const hasProblematicComponent = Object.keys(problematicLicenses).some(problematic =>
license.includes(problematic) license.includes(problematic)
); );
@ -319,11 +346,16 @@ function checkLicenseCompatibility(licenseSummary, licenseArray) {
url: dep.repository || dep.url || `https://www.npmjs.com/package/${dep.name}` url: dep.repository || dep.url || `https://www.npmjs.com/package/${dep.name}`
})); }));
const licenseType = license.includes('AND') ? 'AND' : 'OR';
const reason = licenseType === 'AND'
? 'Compound license with AND requirement - all components must be compatible'
: 'Compound license with potentially problematic components and no good fallback options';
warnings.push({ warnings.push({
message: `📋 This PR contains ${count} package${count > 1 ? 's' : ''} with compound license "${license}" - manual review recommended`, message: `📋 This PR contains ${count} package${count > 1 ? 's' : ''} with compound license "${license}" - manual review recommended`,
licenseType: license, licenseType: license,
licenseUrl: '', licenseUrl: '',
reason: 'Compound license with potentially problematic components', reason: reason,
packageCount: count, packageCount: count,
affectedDependencies: affectedPackages affectedDependencies: affectedPackages
}); });