Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add license-is-osi-or-fsf-approved rule type. #261

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Add license-is-osi-or-fsf-approved rule type. #261

wants to merge 3 commits into from

Conversation

blkt
Copy link
Contributor

@blkt blkt commented Jan 8, 2025

This rule type checks that the license detected by GitHub is approved by either OSI or FSF. It uses two data sources, one to call GitHub API to get the SPDX identifier of the license, and another one to get the updated list of licenses approved by from SPDX repository.

This rule can be used to implement OSPS-LE-02.

P.S.: the name is ugly, please advise. 😅

@blkt blkt self-assigned this Jan 8, 2025
@blkt blkt requested a review from a team as a code owner January 8, 2025 15:02
@blkt blkt force-pushed the feat/add-license-is-osi-or-fsf-approved branch from 86cc91a to c9cf8ec Compare January 8, 2025 15:27
@blkt
Add license-is-osi-or-fsf-approved rule type.
5280188 
This rule type checks that the license detected by GitHub is approved
by either OSI or FSF. It uses two data sources, one to call GitHub API
to get the SPDX identifier of the license, and another one to get the
updated list of licenses approved by from SPDX repository.

This rule can be used to implement `OSPS-LE-02`.
@blkt blkt force-pushed the feat/add-license-is-osi-or-fsf-approved branch from c9cf8ec to 5280188 Compare January 8, 2025 15:28
JAORMX
JAORMX reviewed Jan 9, 2025
View reviewed changes
rule-types/github/permissive_license.yaml Outdated
in_entity: repository
rule_schema: {}
ingest:
type: git
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this needed? Why not use the REST ingest directly?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While addressing your comments I found out that mindev ruletype test does not execute ingest phase, which is a bit of a limitation that we should address somehow since it makes it harder to locally test rules.

JAORMX
JAORMX reviewed Jan 9, 2025
View reviewed changes
rule-types/github/permissive_license.yaml Outdated
eval:
type: rego
data_sources:
- name: ghapi
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The usage of this data source seems unnecessary, you could simply use the REST ingest.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JAORMX JAORMX JAORMX left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@blkt blkt

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@blkt @JAORMX