From 5300f569afb4bd7ce4b0766b3ff5a34995f05fcc Mon Sep 17 00:00:00 2001 From: mw Date: Wed, 9 Oct 2024 12:32:25 +0200 Subject: [PATCH 1/2] feat(ci/license-check): check if specifed images have been manually license checked --- .github/scripts/licenseList | 70 +++++++++++++++++++++++++++ .github/workflows/check-licenses.yaml | 17 ++++++- 2 files changed, 86 insertions(+), 1 deletion(-) create mode 100644 .github/scripts/licenseList diff --git a/.github/scripts/licenseList b/.github/scripts/licenseList new file mode 100644 index 000000000..0885a8ddd --- /dev/null +++ b/.github/scripts/licenseList @@ -0,0 +1,70 @@ +docker.io/aelbakry/kdave-server;MIT;https://github.com/wayfair-incubator/kdave/blob/main/LICENSE +docker.io/bats/bats;MIT;https://github.com/bats-core/bats-core/blob/master/LICENSE.md +docker.io/bitnami/external-dns;Apache-2.0;https://hub.docker.com/r/bitnami/external-dns +docker.io/bitnami/grafana-tempo;Apache-2.0;https://hub.docker.com/r/bitnami/grafana-tempo +docker.io/bitnami/grafana-tempo-vulture;Apache-2.0;https://hub.docker.com/r/bitnami/grafana-tempo-vulture +docker.io/bitnami/kubectl;Apache-2.0;https://hub.docker.com/r/bitnami/kubectl +docker.io/bitnami/memcached;Apache-2.0;https://hub.docker.com/r/bitnami/memcached +docker.io/bitnami/metrics-server;Apache-2.0;https://hub.docker.com/r/bitnami/metrics-server +docker.io/bitnami/postgresql;PostgreSQL;https://www.postgresql.org/about/licence/ +docker.io/bitnami/redis;SSPL-1.0;https://redis.io/legal/licenses/ +docker.io/bitnami/zookeeper;Apache-2.0;https://zookeeper.apache.org/ +docker.io/busybox;GPL-2.0;http://www.busybox.net/license.html +docker.io/ckan/ckan-base-datapusher;AGPL-3.0-only;https://github.com/ckan/datapusher +docker.io/confluentinc/cp-kafka;Apache-2.0;https://github.com/confluentinc/kafka-images/blob/master/LICENSE +docker.io/curlimages/curl;curl;https://curl.se/docs/copyright.html +docker.io/emberstack/kubernetes-reflector;MIT;https://github.com/emberstack/kubernetes-reflector/blob/main/LICENSE +docker.io/fluxcd/flux-cli;Apache-2.0;https://github.com/fluxcd/flux2/blob/main/LICENSE +docker.io/grafana/grafana;AGPL-3.0-only;https://github.com/grafana/grafana/blob/main/LICENSING.md +docker.io/grafana/grafana-image-renderer;Apache-2.0;https://github.com/grafana/grafana-image-renderer/blob/master/LICENSE +docker.io/grafana/loki;AGPL-3.0;https://github.com/grafana/loki/blob/main/LICENSE +docker.io/grafana/promtail;AGPL-3.0;https://github.com/grafana/loki/blob/main/tools/LICENSE_APACHE2 +docker.io/hjacobs/kube-janitor;AGPL-3.0;https://github.com/hjacobs/kube-janitor/blob/main/LICENSE +docker.io/otel/opentelemetry-collector-contrib;Apache-2.0;https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/LICENSE +docker.io/stellio/stellio-api-gateway;Apache-2.0;https://github.com/stellio-hub/stellio-context-broker/blob/develop/LICENSE.txt +docker.io/stellio/stellio-search-service;Apache-2.0;https://github.com/stellio-hub/stellio-context-broker/blob/develop/LICENSE.txt +docker.io/stellio/stellio-subscription-service;Apache-2.0;https://github.com/stellio-hub/stellio-context-broker/blob/develop/LICENSE.txt +docker.io/stellio/stellio-timescale-postgis;Apache-2.0;https://github.com/stellio-hub/stellio-context-broker/blob/develop/LICENSE.txt +docker.io/velero/velero;Apache-2.0;https://github.com/vmware-tanzu/velero-plugin-for-aws/blob/main/LICENSE +docker.io/velero/velero-plugin-for-aws;Apache-2.0;https://github.com/vmware-tanzu/velero-plugin-for-aws/blob/main/LICENSE +docker.io/vladgh/gpg;Apache-2.0;https://github.com/vladgh/docker_base_images/blob/main/LICENSE +ghcr.io/aquasecurity/trivy-operator;Apache-2.0;https://github.com/aquasecurity/trivy-operator/blob/main/LICENSE +ghcr.io/kyverno/background-controller;Apache-2.0;https://github.com/kyverno/kyverno/pkgs/container/background-controller +ghcr.io/kyverno/cleanup-controller;Apache-2.0;https://github.com/kyverno/kyverno/pkgs/container/cleanup-controller +ghcr.io/kyverno/kyverno;Apache-2.0;https://github.com/kyverno/kyverno/pkgs/container/kyverno +ghcr.io/kyverno/kyverno-cli;Apache-2.0;https://github.com/kyverno/kyverno/pkgs/container/kyverno-cli +ghcr.io/kyverno/kyvernopre;Apache-2.0;https://github.com/kyverno/kyverno/pkgs/container/kyvernopre +ghcr.io/kyverno/reports-controller;Apache-2.0;https://github.com/kyverno/kyverno/pkgs/container/reports-controller +ghcr.io/teutonet/oci-images/ckan;MIT;https://github.com/teutonet/oci-images/blob/main/LICENSE +ghcr.io/teutonet/oci-images/solr-ckan;MIT;https://github.com/teutonet/oci-images/blob/main/LICENSE +k8s.gcr.io/sig-storage/csi-attacher;Apache-2.0;https://github.com/kubernetes-csi/external-attacher/blob/master/LICENSE +k8s.gcr.io/sig-storage/csi-node-driver-registrar;Apache-2.0;https://github.com/kubernetes-csi/node-driver-registrar/blob/master/LICENSE +k8s.gcr.io/sig-storage/csi-provisioner;Apache-2.0;https://github.com/kubernetes-csi/external-provisioner/blob/master/LICENSE +k8s.gcr.io/sig-storage/csi-resizer;Apache-2.0;https://github.com/kubernetes-csi/external-resizer/blob/master/LICENSE +k8s.gcr.io/sig-storage/csi-snapshotter;Apache-2.0;https://github.com/kubernetes-csi/external-snapshotter/blob/master/LICENSE +k8s.gcr.io/sig-storage/livenessprobe;Apache-2.0;https://github.com/kubernetes-csi/livenessprobe/blob/master/LICENSE +quay.io/cilium/cilium;Apache-2.0;https://github.com/cilium/cilium/blob/main/LICENSE +quay.io/cilium/cilium-envoy;Apache-2.0;https://github.com/cilium/cilium/blob/main/LICENSE +quay.io/cilium/hubble-relay;Apache-2.0;https://github.com/cilium/cilium/blob/main/LICENSE +quay.io/cilium/hubble-ui;Apache-2.0;https://github.com/cilium/cilium/blob/main/LICENSE +quay.io/cilium/hubble-ui-backend;Apache-2.0;https://github.com/cilium/hubble-ui/blob/master/LICENSE +quay.io/cilium/operator-generic;Apache-2.0;https://hub.docker.com/r/cilium/operator-generic +quay.io/jetstack/cert-manager-cainjector;Apache-2.0;https://github.com/cert-manager/cert-manager/blob/master/LICENSE +quay.io/jetstack/cert-manager-controller;Apache-2.0;https://github.com/cert-manager/cert-manager/blob/master/LICENSE +quay.io/jetstack/cert-manager-startupapicheck;Apache-2.0;https://github.com/cert-manager/cert-manager/blob/master/LICENSE +quay.io/jetstack/cert-manager-webhook;Apache-2.0;https://github.com/cert-manager/cert-manager/blob/master/LICENSE +quay.io/kiwigrid/k8s-sidecar;MIT;https://github.com/kiwigrid/k8s-sidecar/blob/master/LICENSE +quay.io/prometheus/alertmanager;Apache-2.0;https://github.com/prometheus/alertmanager/blob/main/LICENSE +quay.io/prometheus/node-exporter;Apache-2.0;https://github.com/prometheus/node_exporter/blob/master/LICENSE +quay.io/prometheus-operator/prometheus-operator;Apache-2.0;https://github.com/prometheus-operator/prometheus-operator/blob/main/LICENSE +quay.io/prometheus/prometheus;Apache-2.0;https://github.com/prometheus/prometheus/blob/main/LICENSE +registry-gitlab.teuto.net/4teuto/dev/teuto-portal/teuto-portal-k8s-worker/teuto-portal-k8s-worker;Apache-2.0;https://gitlab.teuto.net/4teuto/dev/teuto-portal/teuto-portal-k8s-worker/-/blob/main/gradlew?ref_type=heads +registry.k8s.io/descheduler/descheduler;Apache-2.0;https://github.com/kubernetes-sigs/descheduler/blob/master/LICENSE +registry.k8s.io/etcd;Apache-2.0;https://github.com/kubernetes/kubernetes/blob/master/LICENSE +registry.k8s.io/ingress-nginx/controller;Apache-2.0;https://github.com/kubernetes/ingress-nginx/blob/main/LICENSE +registry.k8s.io/ingress-nginx/kube-webhook-certgen;Apache-2.0;https://github.com/kubernetes/ingress-nginx/blob/main/LICENSE +registry.k8s.io/ingress-nginx/opentelemetry-1.25.3;Apache-2.0;https://github.com/kubernetes/ingress-nginx/blob/main/LICENSE +registry.k8s.io/kube-state-metrics/kube-state-metrics;Apache-2.0;https://github.com/kubernetes/kube-state-metrics/blob/main/LICENSE +registry.k8s.io/provider-os/cinder-csi-plugin;Apache-2.0;https://github.com/kubernetes/cloud-provider-openstack/blob/master/LICENSE +registry.k8s.io/provider-os/openstack-cloud-controller-manager;Apache-2.0;https://github.com/kubernetes/cloud-provider-openstack/blob/master/LICENSE +registry.k8s.io/sig-storage/nfs-provisioner;Apache-2.0;https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/blob/master/LICENSE diff --git a/.github/workflows/check-licenses.yaml b/.github/workflows/check-licenses.yaml index 50d40cbd8..a1875580d 100644 --- a/.github/workflows/check-licenses.yaml +++ b/.github/workflows/check-licenses.yaml @@ -1,4 +1,4 @@ -name: Lint Helm Charts +name: Check used licenses on: pull_request: @@ -23,3 +23,18 @@ jobs: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - run: pip install yq - run: ./.github/scripts/scan-for-licenses.sh ${{ needs.getChangedChart.outputs.chart }} + check-licenses-list: + name: check licenses from list + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - run: pip install yq + - run: | + mapfile -t IMAGES < <(for chart in charts/*; do if [[ -f "$chart/Chart.yaml" ]]; then yq -r '.annotations["artifacthub.io/images"] // ""' <"$chart/Chart.yaml" ; fi; done | cut -d ":" -f2 | uniq | sort | sed '/^$/d') + #shellcheck disable=SC2068 + mapfile -t RESULT < <(for IMAGE in ${IMAGES[@]}; do grep -q "$IMAGE" ./.github/scripts/licenseList || (echo "$IMAGE";); done;) + if [[ -n "${RESULT[*]}" ]]; then + echo "The following images are not accepted, please review:" + printf "%s\n" "${RESULT[@]}" + exit 1 + fi From 02fdc0f8a37b6e9fc733196e8104b3e88a477626 Mon Sep 17 00:00:00 2001 From: mw Date: Thu, 17 Oct 2024 12:47:58 +0200 Subject: [PATCH 2/2] chore(ci/license-check): add changes requested --- .github/licenseList.yaml | 211 ++++++++++++++++++++++++++ .github/scripts/licenseList | 70 --------- .github/workflows/check-licenses.yaml | 5 +- 3 files changed, 214 insertions(+), 72 deletions(-) create mode 100644 .github/licenseList.yaml delete mode 100644 .github/scripts/licenseList diff --git a/.github/licenseList.yaml b/.github/licenseList.yaml new file mode 100644 index 000000000..67f7adbca --- /dev/null +++ b/.github/licenseList.yaml @@ -0,0 +1,211 @@ +licenses: + - image: docker.io/aelbakry/kdave-server + license: MIT + licenseLink: https://github.com/wayfair-incubator/kdave/blob/main/LICENSE + - image: docker.io/bats/bats + license: MIT + licenseLink: https://github.com/bats-core/bats-core/blob/master/LICENSE.md + - image: docker.io/bitnami/external-dns + license: Apache-2.0 + licenseLink: https://hub.docker.com/r/bitnami/external-dns + - image: docker.io/bitnami/grafana-tempo + license: Apache-2.0 + licenseLink: https://hub.docker.com/r/bitnami/grafana-tempo + - image: docker.io/bitnami/grafana-tempo-vulture + license: Apache-2.0 + licenseLink: https://hub.docker.com/r/bitnami/grafana-tempo-vulture + - image: docker.io/bitnami/kubectl + license: Apache-2.0 + licenseLink: https://hub.docker.com/r/bitnami/kubectl + - image: docker.io/bitnami/memcached + license: Apache-2.0 + licenseLink: https://hub.docker.com/r/bitnami/memcached + - image: docker.io/bitnami/metrics-server + license: Apache-2.0 + licenseLink: https://hub.docker.com/r/bitnami/metrics-server + - image: docker.io/bitnami/postgresql + license: PostgreSQL + licenseLink: https://www.postgresql.org/about/licence/ + - image: docker.io/bitnami/redis + license: SSPL-1.0 + licenseLink: https://redis.io/legal/licenses/ + - image: docker.io/bitnami/zookeeper + license: Apache-2.0 + licenseLink: https://zookeeper.apache.org/ + - image: docker.io/busybox + license: GPL-2.0 + licenseLink: http://www.busybox.net/license.html + - image: docker.io/ckan/ckan-base-datapusher + license: AGPL-3.0-only + licenseLink: https://github.com/ckan/datapusher + - image: docker.io/confluentinc/cp-kafka + license: Apache-2.0 + licenseLink: https://github.com/confluentinc/kafka-images/blob/master/LICENSE + - image: docker.io/curlimages/curl + license: curl + licenseLink: https://curl.se/docs/copyright.html + - image: docker.io/emberstack/kubernetes-reflector + license: MIT + licenseLink: https://github.com/emberstack/kubernetes-reflector/blob/main/LICENSE + - image: docker.io/fluxcd/flux-cli + license: Apache-2.0 + licenseLink: https://github.com/fluxcd/flux2/blob/main/LICENSE + - image: docker.io/grafana/grafana + license: AGPL-3.0-only + licenseLink: https://github.com/grafana/grafana/blob/main/LICENSING.md + - image: docker.io/grafana/grafana-image-renderer + license: Apache-2.0 + licenseLink: https://github.com/grafana/grafana-image-renderer/blob/master/LICENSE + - image: docker.io/grafana/loki + license: AGPL-3.0 + licenseLink: https://github.com/grafana/loki/blob/main/LICENSE + - image: docker.io/grafana/promtail + license: AGPL-3.0 + licenseLink: https://github.com/grafana/loki/blob/main/tools/LICENSE_APACHE2 + - image: docker.io/hjacobs/kube-janitor + license: AGPL-3.0 + licenseLink: https://github.com/hjacobs/kube-janitor/blob/main/LICENSE + - image: docker.io/otel/opentelemetry-collector-contrib + license: Apache-2.0 + licenseLink: https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/LICENSE + - image: docker.io/stellio/stellio-api-gateway + license: Apache-2.0 + licenseLink: https://github.com/stellio-hub/stellio-context-broker/blob/develop/LICENSE.txt + - image: docker.io/stellio/stellio-search-service + license: Apache-2.0 + licenseLink: https://github.com/stellio-hub/stellio-context-broker/blob/develop/LICENSE.txt + - image: docker.io/stellio/stellio-subscription-service + license: Apache-2.0 + licenseLink: https://github.com/stellio-hub/stellio-context-broker/blob/develop/LICENSE.txt + - image: docker.io/stellio/stellio-timescale-postgis + license: Apache-2.0 + licenseLink: https://github.com/stellio-hub/stellio-context-broker/blob/develop/LICENSE.txt + - image: docker.io/velero/velero + license: Apache-2.0 + licenseLink: https://github.com/vmware-tanzu/velero-plugin-for-aws/blob/main/LICENSE + - image: docker.io/velero/velero-plugin-for-aws + license: Apache-2.0 + licenseLink: https://github.com/vmware-tanzu/velero-plugin-for-aws/blob/main/LICENSE + - image: docker.io/vladgh/gpg + license: Apache-2.0 + licenseLink: https://github.com/vladgh/docker_base_images/blob/main/LICENSE + - image: ghcr.io/aquasecurity/trivy-operator + license: Apache-2.0 + licenseLink: https://github.com/aquasecurity/trivy-operator/blob/main/LICENSE + - image: ghcr.io/kyverno/background-controller + license: Apache-2.0 + licenseLink: https://github.com/kyverno/kyverno/pkgs/container/background-controller + - image: ghcr.io/kyverno/cleanup-controller + license: Apache-2.0 + licenseLink: https://github.com/kyverno/kyverno/pkgs/container/cleanup-controller + - image: ghcr.io/kyverno/kyverno + license: Apache-2.0 + licenseLink: https://github.com/kyverno/kyverno/pkgs/container/kyverno + - image: ghcr.io/kyverno/kyverno-cli + license: Apache-2.0 + licenseLink: https://github.com/kyverno/kyverno/pkgs/container/kyverno-cli + - image: ghcr.io/kyverno/kyvernopre + license: Apache-2.0 + licenseLink: https://github.com/kyverno/kyverno/pkgs/container/kyvernopre + - image: ghcr.io/kyverno/reports-controller + license: Apache-2.0 + licenseLink: https://github.com/kyverno/kyverno/pkgs/container/reports-controller + - image: ghcr.io/teutonet/oci-images/ckan + license: MIT + licenseLink: https://github.com/teutonet/oci-images/blob/main/LICENSE + - image: ghcr.io/teutonet/oci-images/solr-ckan + license: MIT + licenseLink: https://github.com/teutonet/oci-images/blob/main/LICENSE + - image: k8s.gcr.io/sig-storage/csi-attacher + license: Apache-2.0 + licenseLink: https://github.com/kubernetes-csi/external-attacher/blob/master/LICENSE + - image: k8s.gcr.io/sig-storage/csi-node-driver-registrar + license: Apache-2.0 + licenseLink: https://github.com/kubernetes-csi/node-driver-registrar/blob/master/LICENSE + - image: k8s.gcr.io/sig-storage/csi-provisioner + license: Apache-2.0 + licenseLink: https://github.com/kubernetes-csi/external-provisioner/blob/master/LICENSE + - image: k8s.gcr.io/sig-storage/csi-resizer + license: Apache-2.0 + licenseLink: https://github.com/kubernetes-csi/external-resizer/blob/master/LICENSE + - image: k8s.gcr.io/sig-storage/csi-snapshotter + license: Apache-2.0 + licenseLink: https://github.com/kubernetes-csi/external-snapshotter/blob/master/LICENSE + - image: k8s.gcr.io/sig-storage/livenessprobe + license: Apache-2.0 + licenseLink: https://github.com/kubernetes-csi/livenessprobe/blob/master/LICENSE + - image: quay.io/cilium/cilium + license: Apache-2.0 + licenseLink: https://github.com/cilium/cilium/blob/main/LICENSE + - image: quay.io/cilium/cilium-envoy + license: Apache-2.0 + licenseLink: https://github.com/cilium/cilium/blob/main/LICENSE + - image: quay.io/cilium/hubble-relay + license: Apache-2.0 + licenseLink: https://github.com/cilium/cilium/blob/main/LICENSE + - image: quay.io/cilium/hubble-ui + license: Apache-2.0 + licenseLink: https://github.com/cilium/cilium/blob/main/LICENSE + - image: quay.io/cilium/hubble-ui-backend + license: Apache-2.0 + licenseLink: https://github.com/cilium/hubble-ui/blob/master/LICENSE + - image: quay.io/cilium/operator-generic + license: Apache-2.0 + licenseLink: https://hub.docker.com/r/cilium/operator-generic + - image: quay.io/jetstack/cert-manager-cainjector + license: Apache-2.0 + licenseLink: https://github.com/cert-manager/cert-manager/blob/master/LICENSE + - image: quay.io/jetstack/cert-manager-controller + license: Apache-2.0 + licenseLink: https://github.com/cert-manager/cert-manager/blob/master/LICENSE + - image: quay.io/jetstack/cert-manager-startupapicheck + license: Apache-2.0 + licenseLink: https://github.com/cert-manager/cert-manager/blob/master/LICENSE + - image: quay.io/jetstack/cert-manager-webhook + license: Apache-2.0 + licenseLink: https://github.com/cert-manager/cert-manager/blob/master/LICENSE + - image: quay.io/kiwigrid/k8s-sidecar + license: MIT + licenseLink: https://github.com/kiwigrid/k8s-sidecar/blob/master/LICENSE + - image: quay.io/prometheus/alertmanager + license: Apache-2.0 + licenseLink: https://github.com/prometheus/alertmanager/blob/main/LICENSE + - image: quay.io/prometheus/node-exporter + license: Apache-2.0 + licenseLink: https://github.com/prometheus/node_exporter/blob/master/LICENSE + - image: quay.io/prometheus-operator/prometheus-operator + license: Apache-2.0 + licenseLink: https://github.com/prometheus-operator/prometheus-operator/blob/main/LICENSE + - image: quay.io/prometheus/prometheus + license: Apache-2.0 + licenseLink: https://github.com/prometheus/prometheus/blob/main/LICENSE + - image: registry-gitlab.teuto.net/4teuto/dev/teuto-portal/teuto-portal-k8s-worker/teuto-portal-k8s-worker + license: Apache-2.0 + licenseLink: https://gitlab.teuto.net/4teuto/dev/teuto-portal/teuto-portal-k8s-worker/-/blob/main/gradlew?ref_type=heads + - image: registry.k8s.io/descheduler/descheduler + license: Apache-2.0 + licenseLink: https://github.com/kubernetes-sigs/descheduler/blob/master/LICENSE + - image: registry.k8s.io/etcd + license: Apache-2.0 + licenseLink: https://github.com/kubernetes/kubernetes/blob/master/LICENSE + - image: registry.k8s.io/ingress-nginx/controller + license: Apache-2.0 + licenseLink: https://github.com/kubernetes/ingress-nginx/blob/main/LICENSE + - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen + license: Apache-2.0 + licenseLink: https://github.com/kubernetes/ingress-nginx/blob/main/LICENSE + - image: registry.k8s.io/ingress-nginx/opentelemetry-1.25.3 + license: Apache-2.0 + licenseLink: https://github.com/kubernetes/ingress-nginx/blob/main/LICENSE + - image: registry.k8s.io/kube-state-metrics/kube-state-metrics + license: Apache-2.0 + licenseLink: https://github.com/kubernetes/kube-state-metrics/blob/main/LICENSE + - image: registry.k8s.io/provider-os/cinder-csi-plugin + license: Apache-2.0 + licenseLink: https://github.com/kubernetes/cloud-provider-openstack/blob/master/LICENSE + - image: registry.k8s.io/provider-os/openstack-cloud-controller-manager + license: Apache-2.0 + licenseLink: https://github.com/kubernetes/cloud-provider-openstack/blob/master/LICENSE + - image: registry.k8s.io/sig-storage/nfs-provisioner + license: Apache-2.0 + licenseLink: https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/blob/master/LICENSE diff --git a/.github/scripts/licenseList b/.github/scripts/licenseList deleted file mode 100644 index 0885a8ddd..000000000 --- a/.github/scripts/licenseList +++ /dev/null @@ -1,70 +0,0 @@ -docker.io/aelbakry/kdave-server;MIT;https://github.com/wayfair-incubator/kdave/blob/main/LICENSE -docker.io/bats/bats;MIT;https://github.com/bats-core/bats-core/blob/master/LICENSE.md -docker.io/bitnami/external-dns;Apache-2.0;https://hub.docker.com/r/bitnami/external-dns -docker.io/bitnami/grafana-tempo;Apache-2.0;https://hub.docker.com/r/bitnami/grafana-tempo -docker.io/bitnami/grafana-tempo-vulture;Apache-2.0;https://hub.docker.com/r/bitnami/grafana-tempo-vulture -docker.io/bitnami/kubectl;Apache-2.0;https://hub.docker.com/r/bitnami/kubectl -docker.io/bitnami/memcached;Apache-2.0;https://hub.docker.com/r/bitnami/memcached -docker.io/bitnami/metrics-server;Apache-2.0;https://hub.docker.com/r/bitnami/metrics-server -docker.io/bitnami/postgresql;PostgreSQL;https://www.postgresql.org/about/licence/ -docker.io/bitnami/redis;SSPL-1.0;https://redis.io/legal/licenses/ -docker.io/bitnami/zookeeper;Apache-2.0;https://zookeeper.apache.org/ -docker.io/busybox;GPL-2.0;http://www.busybox.net/license.html -docker.io/ckan/ckan-base-datapusher;AGPL-3.0-only;https://github.com/ckan/datapusher -docker.io/confluentinc/cp-kafka;Apache-2.0;https://github.com/confluentinc/kafka-images/blob/master/LICENSE -docker.io/curlimages/curl;curl;https://curl.se/docs/copyright.html -docker.io/emberstack/kubernetes-reflector;MIT;https://github.com/emberstack/kubernetes-reflector/blob/main/LICENSE -docker.io/fluxcd/flux-cli;Apache-2.0;https://github.com/fluxcd/flux2/blob/main/LICENSE -docker.io/grafana/grafana;AGPL-3.0-only;https://github.com/grafana/grafana/blob/main/LICENSING.md -docker.io/grafana/grafana-image-renderer;Apache-2.0;https://github.com/grafana/grafana-image-renderer/blob/master/LICENSE -docker.io/grafana/loki;AGPL-3.0;https://github.com/grafana/loki/blob/main/LICENSE -docker.io/grafana/promtail;AGPL-3.0;https://github.com/grafana/loki/blob/main/tools/LICENSE_APACHE2 -docker.io/hjacobs/kube-janitor;AGPL-3.0;https://github.com/hjacobs/kube-janitor/blob/main/LICENSE -docker.io/otel/opentelemetry-collector-contrib;Apache-2.0;https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/LICENSE -docker.io/stellio/stellio-api-gateway;Apache-2.0;https://github.com/stellio-hub/stellio-context-broker/blob/develop/LICENSE.txt -docker.io/stellio/stellio-search-service;Apache-2.0;https://github.com/stellio-hub/stellio-context-broker/blob/develop/LICENSE.txt -docker.io/stellio/stellio-subscription-service;Apache-2.0;https://github.com/stellio-hub/stellio-context-broker/blob/develop/LICENSE.txt -docker.io/stellio/stellio-timescale-postgis;Apache-2.0;https://github.com/stellio-hub/stellio-context-broker/blob/develop/LICENSE.txt -docker.io/velero/velero;Apache-2.0;https://github.com/vmware-tanzu/velero-plugin-for-aws/blob/main/LICENSE -docker.io/velero/velero-plugin-for-aws;Apache-2.0;https://github.com/vmware-tanzu/velero-plugin-for-aws/blob/main/LICENSE -docker.io/vladgh/gpg;Apache-2.0;https://github.com/vladgh/docker_base_images/blob/main/LICENSE -ghcr.io/aquasecurity/trivy-operator;Apache-2.0;https://github.com/aquasecurity/trivy-operator/blob/main/LICENSE -ghcr.io/kyverno/background-controller;Apache-2.0;https://github.com/kyverno/kyverno/pkgs/container/background-controller -ghcr.io/kyverno/cleanup-controller;Apache-2.0;https://github.com/kyverno/kyverno/pkgs/container/cleanup-controller -ghcr.io/kyverno/kyverno;Apache-2.0;https://github.com/kyverno/kyverno/pkgs/container/kyverno -ghcr.io/kyverno/kyverno-cli;Apache-2.0;https://github.com/kyverno/kyverno/pkgs/container/kyverno-cli -ghcr.io/kyverno/kyvernopre;Apache-2.0;https://github.com/kyverno/kyverno/pkgs/container/kyvernopre -ghcr.io/kyverno/reports-controller;Apache-2.0;https://github.com/kyverno/kyverno/pkgs/container/reports-controller -ghcr.io/teutonet/oci-images/ckan;MIT;https://github.com/teutonet/oci-images/blob/main/LICENSE -ghcr.io/teutonet/oci-images/solr-ckan;MIT;https://github.com/teutonet/oci-images/blob/main/LICENSE -k8s.gcr.io/sig-storage/csi-attacher;Apache-2.0;https://github.com/kubernetes-csi/external-attacher/blob/master/LICENSE -k8s.gcr.io/sig-storage/csi-node-driver-registrar;Apache-2.0;https://github.com/kubernetes-csi/node-driver-registrar/blob/master/LICENSE -k8s.gcr.io/sig-storage/csi-provisioner;Apache-2.0;https://github.com/kubernetes-csi/external-provisioner/blob/master/LICENSE -k8s.gcr.io/sig-storage/csi-resizer;Apache-2.0;https://github.com/kubernetes-csi/external-resizer/blob/master/LICENSE -k8s.gcr.io/sig-storage/csi-snapshotter;Apache-2.0;https://github.com/kubernetes-csi/external-snapshotter/blob/master/LICENSE -k8s.gcr.io/sig-storage/livenessprobe;Apache-2.0;https://github.com/kubernetes-csi/livenessprobe/blob/master/LICENSE -quay.io/cilium/cilium;Apache-2.0;https://github.com/cilium/cilium/blob/main/LICENSE -quay.io/cilium/cilium-envoy;Apache-2.0;https://github.com/cilium/cilium/blob/main/LICENSE -quay.io/cilium/hubble-relay;Apache-2.0;https://github.com/cilium/cilium/blob/main/LICENSE -quay.io/cilium/hubble-ui;Apache-2.0;https://github.com/cilium/cilium/blob/main/LICENSE -quay.io/cilium/hubble-ui-backend;Apache-2.0;https://github.com/cilium/hubble-ui/blob/master/LICENSE -quay.io/cilium/operator-generic;Apache-2.0;https://hub.docker.com/r/cilium/operator-generic -quay.io/jetstack/cert-manager-cainjector;Apache-2.0;https://github.com/cert-manager/cert-manager/blob/master/LICENSE -quay.io/jetstack/cert-manager-controller;Apache-2.0;https://github.com/cert-manager/cert-manager/blob/master/LICENSE -quay.io/jetstack/cert-manager-startupapicheck;Apache-2.0;https://github.com/cert-manager/cert-manager/blob/master/LICENSE -quay.io/jetstack/cert-manager-webhook;Apache-2.0;https://github.com/cert-manager/cert-manager/blob/master/LICENSE -quay.io/kiwigrid/k8s-sidecar;MIT;https://github.com/kiwigrid/k8s-sidecar/blob/master/LICENSE -quay.io/prometheus/alertmanager;Apache-2.0;https://github.com/prometheus/alertmanager/blob/main/LICENSE -quay.io/prometheus/node-exporter;Apache-2.0;https://github.com/prometheus/node_exporter/blob/master/LICENSE -quay.io/prometheus-operator/prometheus-operator;Apache-2.0;https://github.com/prometheus-operator/prometheus-operator/blob/main/LICENSE -quay.io/prometheus/prometheus;Apache-2.0;https://github.com/prometheus/prometheus/blob/main/LICENSE -registry-gitlab.teuto.net/4teuto/dev/teuto-portal/teuto-portal-k8s-worker/teuto-portal-k8s-worker;Apache-2.0;https://gitlab.teuto.net/4teuto/dev/teuto-portal/teuto-portal-k8s-worker/-/blob/main/gradlew?ref_type=heads -registry.k8s.io/descheduler/descheduler;Apache-2.0;https://github.com/kubernetes-sigs/descheduler/blob/master/LICENSE -registry.k8s.io/etcd;Apache-2.0;https://github.com/kubernetes/kubernetes/blob/master/LICENSE -registry.k8s.io/ingress-nginx/controller;Apache-2.0;https://github.com/kubernetes/ingress-nginx/blob/main/LICENSE -registry.k8s.io/ingress-nginx/kube-webhook-certgen;Apache-2.0;https://github.com/kubernetes/ingress-nginx/blob/main/LICENSE -registry.k8s.io/ingress-nginx/opentelemetry-1.25.3;Apache-2.0;https://github.com/kubernetes/ingress-nginx/blob/main/LICENSE -registry.k8s.io/kube-state-metrics/kube-state-metrics;Apache-2.0;https://github.com/kubernetes/kube-state-metrics/blob/main/LICENSE -registry.k8s.io/provider-os/cinder-csi-plugin;Apache-2.0;https://github.com/kubernetes/cloud-provider-openstack/blob/master/LICENSE -registry.k8s.io/provider-os/openstack-cloud-controller-manager;Apache-2.0;https://github.com/kubernetes/cloud-provider-openstack/blob/master/LICENSE -registry.k8s.io/sig-storage/nfs-provisioner;Apache-2.0;https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/blob/master/LICENSE diff --git a/.github/workflows/check-licenses.yaml b/.github/workflows/check-licenses.yaml index a1875580d..ce41544c1 100644 --- a/.github/workflows/check-licenses.yaml +++ b/.github/workflows/check-licenses.yaml @@ -26,13 +26,14 @@ jobs: check-licenses-list: name: check licenses from list runs-on: ubuntu-latest + needs: getChangedChart steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - run: pip install yq - run: | - mapfile -t IMAGES < <(for chart in charts/*; do if [[ -f "$chart/Chart.yaml" ]]; then yq -r '.annotations["artifacthub.io/images"] // ""' <"$chart/Chart.yaml" ; fi; done | cut -d ":" -f2 | uniq | sort | sed '/^$/d') + mapfile -t IMAGES < <(if [[ -f "${{ needs.getChangedChart.outputs.chart }}/Chart.yaml" ]]; then yq -r '.annotations["artifacthub.io/images"] // ""' <"${{ needs.getChangedChart.outputs.chart }}/Chart.yaml" ; fi | cut -d ":" -f2 | uniq | sort | sed '/^$/d') #shellcheck disable=SC2068 - mapfile -t RESULT < <(for IMAGE in ${IMAGES[@]}; do grep -q "$IMAGE" ./.github/scripts/licenseList || (echo "$IMAGE";); done;) + mapfile -t RESULT < <(for IMAGE in ${IMAGES[@]}; do grep -q "$IMAGE" ./.github/licenseList.yaml || (echo "$IMAGE";); done;) if [[ -n "${RESULT[*]}" ]]; then echo "The following images are not accepted, please review:" printf "%s\n" "${RESULT[@]}"