license check enable

valory-xyz · Jul 11, 2023 · 4a9c8b4 · 4a9c8b4
1 parent fceb338
commit 4a9c8b4
Show file tree

Hide file tree

Showing 4 changed files with 166 additions and 2 deletions.
diff --git a/.github/workflows/main_workflow.yml b/.github/workflows/main_workflow.yml
@@ -56,8 +56,8 @@ jobs:
         pip install --user --upgrade setuptools
     - name: Check copyright headers
       run: tox -e check-copyright
-    #- name: License compatibility check
-    #  run: tox -e liccheck
+    - name: License compatibility check
+      run: tox -e liccheck
 
   linter_checks:
     continue-on-error: False

diff --git a/liccheck.ini b/liccheck.ini
@@ -0,0 +1,106 @@
+; some useful links:
+; - https://janelia-flyem.github.io/licenses.html
+; - https://dwheeler.com/essays/floss-license-slide.html
+
+; Authorized and unauthorized licenses in LOWER CASE
+[Licenses]
+authorized_licenses:
+	; aliases for MIT License
+	MIT
+	MIT license
+	https://opensource.org/licenses/MIT
+	License :: OSI Approved :: MIT
+
+	; aliases for BSD License (and variants)
+	BSD
+	BSD license
+	new BSD
+	(new) BSD
+	new BDS license
+	simplified BSD
+	3-Clause BSD
+	BSD-3-Clause
+	BSD 3-Clause
+	BSD-2-Clause
+	BSD-like
+	BSD-2-Clause or Apache-2.0
+	BSD, Public Domain
+
+        ; Apache
+        Apache Software
+
+	; aliases for Apache License version 2.0
+	Apache 2.0
+	Apache-2.0
+	Apache License 2.0
+	Apache License, Version 2.0
+	Apache License Version 2.0
+	Apache2
+	ASL 2
+;	some packages use 'Apache Software' as license string,
+;	which is ambiguous. However, 'Apache Software'
+;	will likely match with 'Apache 2.0'
+	Apache Software
+	BSD, Public Domain, Apache
+	http://www.apache.org/licenses/LICENSE-2.0
+
+;	PSF (BSD-style)
+	Python Software Foundation
+	PSF
+
+	; other permissive licenses
+	Historical Permission Notice and Disclaimer (HPND)
+	HPND
+	ISC
+	BSD or Apache License, Version 2.0
+	Modified BSD
+	Expat
+        Public Domain
+
+unauthorized_licenses:
+;	aliases for MPL 2.0
+	MPL-2.0
+	MPL 2.0
+	Mozilla Public License 2.0 (MPL 2.0)
+
+;    Section 8 of https://www.mozilla.org/en-US/MPL/2.0/Revision-FAQ/
+	MPL 1.1
+	MPL-1.1
+
+;	http://www.gnu.org/licenses/license-list.en.html#apache2
+	GPLv2
+	GPLv2+
+	GNU General Public License v2 or later (GPLv2+)
+
+;	LGPL
+	LGPL
+	GNU Library or Lesser General Public License (LGPL)
+
+;	LGPLv2.1
+	LGPLv2.1
+	LGPLv2.1+
+        GNU Lesser General Public License v2 or later (LGPLv2+)
+
+;	LGPLv3
+	GNU Lesser General Public License v3 (LGPLv3)
+	LGPLv3
+
+;	GPL v3
+	GPL v3
+	GPLv3+
+        GNU General Public License v3 (GPLv3)
+
+[Authorized Packages]
+gym: >=0.15
+;filelock is public domain
+filelock: >=3.0.12
+fetchai-ledger-api: >=0.0.1
+chardet: >=3.0.4
+certifi: >=2019.11.28
+;TODO: the following are confilctive packages that need to be sorted
+; sub-dep of open-aea-ledger-ethereum-hwi
+hidapi: >=0.13.1
+; shows in pip freesze but not referenced on code
+paramiko: >=3.1.0
+; sub-dep of docker-compose
+websocket-client: >=0.59.0
diff --git a/scripts/freeze_dependencies.py b/scripts/freeze_dependencies.py
@@ -0,0 +1,49 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+# ------------------------------------------------------------------------------
+#
+#   Copyright 2023 Valory AG
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+# ------------------------------------------------------------------------------
+
+"""This CLI tool freezes the dependencies."""
+import argparse
+import re
+import subprocess  # nosec
+
+
+def parse_args() -> argparse.Namespace:
+    """Parse CLI arguments."""
+    parser = argparse.ArgumentParser("freeze_dependencies")
+    parser.add_argument("-o", "--output", type=argparse.FileType("w"), default=None)
+    return parser.parse_args()
+
+
+if __name__ == "__main__":
+    arguments = parse_args()
+
+    pip_freeze_call = subprocess.Popen(  # nosec  # pylint: disable=consider-using-with
+        ["pip", "freeze"], stdout=subprocess.PIPE
+    )
+    (stdout, stderr) = pip_freeze_call.communicate()
+    requirements = stdout.decode("utf-8")
+
+    # remove 'open-autonomy' itself
+    regex = re.compile("^open-autonomy(==.*| .*)?$", re.MULTILINE)
+    requirements = re.sub(regex, "", requirements)
+    if arguments.output is None:
+        print(requirements)
+    else:
+        arguments.output.write(requirements)
diff --git a/tox.ini b/tox.ini
@@ -276,3 +276,12 @@ platform=^darwin$
 deps = {[testenv-multi-darwin]deps}
 commands = {[commands-test]commands}
 
+
+
+[testenv:liccheck]
+skipsdist = True
+usedevelop = True
+deps =
+    tomte[liccheck]==0.2.4
+commands = {toxinidir}/scripts/freeze_dependencies.py -o {envtmpdir}/requirements.txt
+           liccheck -s liccheck.ini -r {envtmpdir}/requirements.txt -l PARANOID