Merge pull request #932 from actions/907-disallow-expression

Discard allow list entries that are not SPDX IDs
This commit is contained in:
Kevin Dangoor
2025-05-13 10:28:49 -04:00
committed by GitHub
4 changed files with 32 additions and 3 deletions

View File

@@ -290,6 +290,19 @@ test('it does filters out changes if they are not on the exclusions list', async
expect(invalidLicenses.forbidden[1]).toBe(npmChange)
})
test('it does not fail if there is a license expression in the allow list', async () => {
const changes: Changes = [
{...npmChange, license: 'MIT AND Apache-2.0'},
{...rubyChange, license: 'BSD-3-Clause'}
]
const {forbidden} = await getInvalidLicenseChanges(changes, {
allow: ['BSD-3-Clause', 'MIT AND Apache-2.0', 'MIT', 'Apache-2.0']
})
expect(forbidden.length).toEqual(0)
})
describe('GH License API fallback', () => {
test('it calls licenses endpoint if atleast one of the changes has null license and valid source_repository_url', async () => {
const nullLicenseChange = {

9
dist/index.js generated vendored
View File

@@ -390,7 +390,14 @@ const spdx = __importStar(__nccwpck_require__(2593));
function getInvalidLicenseChanges(changes, licenses) {
return __awaiter(this, void 0, void 0, function* () {
var _a;
const { allow, deny } = licenses;
const deny = licenses.deny;
let allow = licenses.allow;
// Filter out elements of the allow list that include AND
// or OR because the list should be simple license IDs and
// not expressions.
allow = allow === null || allow === void 0 ? void 0 : allow.filter(license => {
return !license.includes(' AND ') && !license.includes(' OR ');
});
const licenseExclusions = (_a = licenses.licenseExclusions) === null || _a === void 0 ? void 0 : _a.map((pkgUrl) => {
return (0, purl_1.parsePURL)(pkgUrl);
});

2
dist/index.js.map generated vendored

File diff suppressed because one or more lines are too long

View File

@@ -29,7 +29,16 @@ export async function getInvalidLicenseChanges(
licenseExclusions?: string[]
}
): Promise<InvalidLicenseChanges> {
const {allow, deny} = licenses
const deny = licenses.deny
let allow = licenses.allow
// Filter out elements of the allow list that include AND
// or OR because the list should be simple license IDs and
// not expressions.
allow = allow?.filter(license => {
return !license.includes(' AND ') && !license.includes(' OR ')
})
const licenseExclusions = licenses.licenseExclusions?.map(
(pkgUrl: string) => {
return parsePURL(pkgUrl)