A task and GitHub Actions workflow are provided here for checking the license types of Go project dependencies.
On every push and pull request that affects relevant files, the CI workflow will check:
- If the dependency licenses cache is up to date
- If any of the project's dependencies have an unapproved license type.
Approval can be based on:
- Universally allowed license type
- Individual dependency
Whenever one of the recognized license file names are modified in the repository, the workflow runs to check whether the
license can be recognized and whether it is of the expected type.
GitHub has a useful automated license detection system that determines the license type used by a repository, and
surfaces that information in the repository home page, the search web interface, and the GitHub API. This license
detection system requires that the license be defined by a dedicated file with one of several standardized filenames and
paths.
GitHub's license detection system uses the popular licensee tool, so this file also serves to define the license type
for any other usages of licensee, as well as to human readers of the file.
For this reason, and to ensure it remains a valid legal instrument, it's important that there be no non-standard
modifications to the license file or collisions with other supported licence files. This workflow ensures that any
changes which would change the license type or which license file is used by the detection are caught automatically.
On every push and pull request that affects relevant files, run yamllint to check the YAML files of
the repository for issues.
The .yamllint.yml file is used to configure yamllint:
https://yamllint.readthedocs.io/en/stable/configuration.html
On every push and pull request that affects relevant files, check the Go module for:
- Common detectable errors in the code.
- Use of outdated APIs
- Code style violations
- Code formatting inconsistency
- Misconfiguration
On every push and pull request that affects relevant files, run flake8 to check the Python files of
the repository for issues and black to check formatting.
The .flake8 file is used to configure flake8:
https://flake8.pycqa.org/en/latest/user/configuration.html
This will make the status of the CI workflow visible at a glance to the repository maintainers, making it more likely to
bring their attention to any problems that might have developed.
I forgot to add this badge at the time I added the workflow, so playing catch up now.
