Continuous Integration

We have a variety of tooling on Buildkite and GitHub Actions for continuous integration.

• GitHub Actions
  • Third-Party Licenses

GitHub Actions

Third-Party Licenses

We use the license_finder tool to check third-party dependencies for their licenses. It runs as a GitHub Action on pull requests, which will fail if one of the following occur:

• If the license for a dependency cannot be inferred. To resolve:
  • Use license_finder licenses add <dep> <license> to set the license manually
• If the license for a new or updated dependency is not on the list of approved licenses. To resolve, either:
  • Remove the dependency
  • Use license_finder ignored_dependencies add <dep> --why="Some reason" to ignore it
  • Use license_finder permitted_licenses add <license> --why="Some reason" to allow the offending license

The license_finder tool can be installed using gem install license_finder. You can run the script locally using:

# updates ThirdPartyLicenses.csv
./dev/licenses.sh

# runs the same check as the one used in CI, returning status 1
# if there are any unapproved dependencies ('action items')
LICENSE_CHECK=true ./dev/licenses.sh

The ./dev/licenses.sh script will also output some license_finder configuration for debugging purposes - this configuration is based on the doc/dependency_decisions.yml file, which tracks decisions made about licenses and dependencies.

For more details, refer to the license_finder documentation.