From 228bcf236559218b2e67cd19056e906cb34447b4 Mon Sep 17 00:00:00 2001
From: Mikail Kocak <mikail-gh@pm.me>
Date: Fri, 13 Dec 2024 12:43:51 +0100
Subject: [PATCH] Add workflow to check licenses

This adds a workflow that checks our repository does not use non-BSD-3 compatible licenses.

The workflow reviews each pull requests against given rules, and sends a summary.
---
 .github/workflows/check-licenses.yaml | 45 +++++++++++++++++++++++++++
 package.json                          |  1 +
 2 files changed, 46 insertions(+)
 create mode 100644 .github/workflows/check-licenses.yaml

diff --git a/.github/workflows/check-licenses.yaml b/.github/workflows/check-licenses.yaml
new file mode 100644
index 0000000..1c66df0
--- /dev/null
+++ b/.github/workflows/check-licenses.yaml
@@ -0,0 +1,45 @@
+name: Check Licenses
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+    paths:
+      # Self
+      - ".github/workflows/check-licenses.yaml"
+      # Python Ecosystem
+      - "**/pyproject.toml"
+      - "**/setup.py"
+      - "**/requirements*.txt"
+      - "**/Pipfile.lock"
+      - "**/poetry.lock"
+      # JS/TS Ecosystem
+      - "**/package.json"
+      - "**/pnpm-lock.yaml"
+      - "**/package-lock.json"
+
+jobs:
+  default:
+    permissions:
+      contents: read
+      pull-requests: write
+    uses: saleor/saleor-internal-actions/.github/workflows/run-license-check.yaml@v1
+    with:
+      # List of ecosystems to scan.
+      ecosystems: >-
+        python
+        javascript
+      # Grant rules (https://github.com/anchore/grant/blob/4362dc22cf5ea9baeccfa59b2863879afe0c30d7/README.md#usage)
+      rules: |
+        # Explicitly allow LGPL as "*GPL*" rule will cause to reject them otherwise.
+        - pattern: "*lgpl*"
+          name: "allow-lgpl"
+          mode: "allow"
+          reason: "LGPL is allowed."
+        - pattern: "*gpl*"
+          name: "deny-gpl"
+          mode: "deny"
+          reason: "GPL licenses are not compatible with BSD-3-Clause"
+        - pattern: "*proprietary*"
+          name: "deny-proprietary"
+          mode: "deny"
diff --git a/package.json b/package.json
index 02dbd5b..34ba486 100644
--- a/package.json
+++ b/package.json
@@ -2,6 +2,7 @@
   "name": "shipstation-app",
   "version": "1.0.0",
   "private": true,
+  "license": "(BSD-3-Clause AND CC-BY-4.0)",
   "scripts": {
     "dev": "pnpm generate && NODE_OPTIONS='--inspect' next dev",
     "build": "pnpm generate && next build",