overhaul license check

.github/workflows/license-checks.yml

@@ -28,16 +28,8 @@ jobs:
     container:
       image: tmio/tuweni-build:1.2
     steps:
-      - name: Cache Licenses
-        uses: actions/cache@v1
-        with:
-          path: reports/license/license-dependency.xml
-          key: licenses-${{ hashFiles('**/reports/license/license-dependency.xml') }}
-          restore-keys: license-dependency.xml
       - uses: actions/checkout@v1
         with:
           submodules: true
-      - name: gradle downloadLicenses
-        run: ./gradlew downloadLicenses
-      - name: gradle checkLicenses
-        run: ./gradlew checkLicenses
+      - name: gradle checkLicense
+        run: ./gradlew checkLicense

build.gradle

@@ -22,7 +22,6 @@ buildscript {
 
   dependencies {
     classpath "org.ajoberstar.grgit:grgit-core:3.1.1"
-    classpath 'com.github.jk1.dependency-license-report:com.github.jk1.dependency-license-report.gradle.plugin:2.+'
   }
 }
 
@@ -31,7 +30,6 @@ plugins {
   id 'net.ltgt.errorprone' version '2.0.2'
   id 'org.springframework.boot' version '2.4.3'
   id 'io.spring.dependency-management' version '1.0.6.RELEASE'
-  id 'com.github.jk1.dependency-license-report' version '2.0'
   id 'org.gradle.crypto.checksum' version '1.1.0'
   id 'org.jetbrains.kotlin.jvm' version '1.6.0-RC2'
   id 'org.jetbrains.kotlin.plugin.spring' version '1.6.0-RC2'
@@ -86,7 +84,6 @@ apply from: "${rootDir}/gradle/wrapper.gradle"
 
 apply from: "${rootDir}/gradle/stage.gradle"
 
-apply plugin: 'com.github.jk1.dependency-license-report'
 apply from: "${rootDir}/gradle/check-licenses.gradle"
 
 //////

gradle/allowed-licenses.json

@@ -0,0 +1,153 @@
+{
+  "copyright": "* Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE\n * file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file\n * to You under the Apache License, Version 2.0 (the \"License\"); you may not use this file except in compliance with the\n * License. You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on\n * an \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations under the License.\n",
+  "allowedLicenses": [
+    {
+      "moduleLicense": "Apache License, Version 2.0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "Apache License 2.0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "Apache License 2.0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "The Apache License, Version 2.0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "The Apache Software License, Version 2.0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "Apache-2.0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "Apache 2.0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "Apache v2",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "Apache License, version 2.0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "The Apache Software License, version 2.0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "The MIT License (MIT)",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "MIT License",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "MIT",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "Bouncy Castle Licence",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "CC0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "The 2-Clause BSD License",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "BSD-2-Clause",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": ".*3-Clause BSD License",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "BSD licence",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "BSD licence",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "BSD 3-Clause.*",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "The BSD License",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "The BSD License",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "Common Development and Distribution License 1.0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "Eclipse Distribution License - v 1.0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "Eclipse Public License v?1.0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "Eclipse Public License - v 1.0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "Eclipse Public License 2.0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "Eclipse Public License v. 2.0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "Eclipse Public License - v 2.0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "EPL 2.0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "Eclipse Public License v2.0",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "Unicode/ICU License",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "Public Domain",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": ".*CDDL.*",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "\n                Dual license consisting of the CDDL v1.1 and GPL v2\n            ",
+      "moduleName": ".*"
+    },
+    {
+      "moduleLicense": "Creative Commons Legal Code",
+      "moduleName": ".*"
+    }
+  ]
+}

gradle/check-licenses.gradle

@@ -10,35 +10,42 @@
  * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
  * specific language governing permissions and limitations under the License.
  */
-/**
- * Check that the licenses of our 3rd parties are in our acceptedLicenses list.
- *
- * run it with "gradle checkLicenses"
- *
- * To add new accepted licenses you need to update this script.
- * Some products may be available with multiple licenses. In this case you must update
- *  this script to add it in the downloadLicenses#licenses.
- */
 
-/**
- * The lists of the license we accept.
- */
-ext.acceptedLicenses = [
-  'Apache License, Version 2.0',
-  'Bouncy Castle Licence',
-  'CC0',
-  'The 2-Clause BSD License',
-  'The 3-Clause BSD License',
-  'Common Development and Distribution License 1.0',
-  'Eclipse Distribution License - v 1.0',
-  'Eclipse Public License 1.0',
-  'Eclipse Public License 2.0',
-  'The MIT License',
-  'Unicode/ICU License',
-  'Public Domain',
-]*.toLowerCase()
+buildscript {
+  repositories {
+    maven {
+      url "https://plugins.gradle.org/m2/"
+    }
+  }
+  dependencies {
+    classpath 'com.github.jk1.dependency-license-report:com.github.jk1.dependency-license-report.gradle.plugin:2.0'
+  }
+}
+
+apply plugin: LicenseReportPlugin
+
+import com.github.jk1.license.LicenseReportPlugin
+import com.github.jk1.license.filter.*
+import com.github.jk1.license.render.*
+
+
+def filter = new LicenseBundleNormalizer( ) as DependencyFilter
+def fs = new ArrayList<DependencyFilter>()
+fs.add(filter)
 
 licenseReport {
   configurations = ['compileClasspath']
   excludeOwnGroup = true
+  allowedLicensesFile = new File("$projectDir/gradle/allowed-licenses.json")
+  filters = fs
+  excludes = ['org.jetbrains.kotlinx:kotlinx-coroutines-core']
+  excludeBoms = true
+  def rs = new ArrayList<ReportRenderer>();
+  def xml = new XmlReportRenderer() as ReportRenderer
+  def csv = new CsvReportRenderer() as ReportRenderer
+  def inventory = new InventoryHtmlReportRenderer() as ReportRenderer
+  rs.add(xml)
+  rs.add(csv)
+  rs.add(inventory)
+  renderers = rs
 }