Merge pull request #932 from actions/907-disallow-expression
Discard allow list entries that are not SPDX IDs
This commit is contained in:
@@ -290,6 +290,19 @@ test('it does filters out changes if they are not on the exclusions list', async
|
||||
expect(invalidLicenses.forbidden[1]).toBe(npmChange)
|
||||
})
|
||||
|
||||
test('it does not fail if there is a license expression in the allow list', async () => {
|
||||
const changes: Changes = [
|
||||
{...npmChange, license: 'MIT AND Apache-2.0'},
|
||||
{...rubyChange, license: 'BSD-3-Clause'}
|
||||
]
|
||||
|
||||
const {forbidden} = await getInvalidLicenseChanges(changes, {
|
||||
allow: ['BSD-3-Clause', 'MIT AND Apache-2.0', 'MIT', 'Apache-2.0']
|
||||
})
|
||||
|
||||
expect(forbidden.length).toEqual(0)
|
||||
})
|
||||
|
||||
describe('GH License API fallback', () => {
|
||||
test('it calls licenses endpoint if atleast one of the changes has null license and valid source_repository_url', async () => {
|
||||
const nullLicenseChange = {
|
||||
|
||||
9
dist/index.js
generated
vendored
9
dist/index.js
generated
vendored
@@ -390,7 +390,14 @@ const spdx = __importStar(__nccwpck_require__(2593));
|
||||
function getInvalidLicenseChanges(changes, licenses) {
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
var _a;
|
||||
const { allow, deny } = licenses;
|
||||
const deny = licenses.deny;
|
||||
let allow = licenses.allow;
|
||||
// Filter out elements of the allow list that include AND
|
||||
// or OR because the list should be simple license IDs and
|
||||
// not expressions.
|
||||
allow = allow === null || allow === void 0 ? void 0 : allow.filter(license => {
|
||||
return !license.includes(' AND ') && !license.includes(' OR ');
|
||||
});
|
||||
const licenseExclusions = (_a = licenses.licenseExclusions) === null || _a === void 0 ? void 0 : _a.map((pkgUrl) => {
|
||||
return (0, purl_1.parsePURL)(pkgUrl);
|
||||
});
|
||||
|
||||
2
dist/index.js.map
generated
vendored
2
dist/index.js.map
generated
vendored
File diff suppressed because one or more lines are too long
@@ -29,7 +29,16 @@ export async function getInvalidLicenseChanges(
|
||||
licenseExclusions?: string[]
|
||||
}
|
||||
): Promise<InvalidLicenseChanges> {
|
||||
const {allow, deny} = licenses
|
||||
const deny = licenses.deny
|
||||
let allow = licenses.allow
|
||||
|
||||
// Filter out elements of the allow list that include AND
|
||||
// or OR because the list should be simple license IDs and
|
||||
// not expressions.
|
||||
allow = allow?.filter(license => {
|
||||
return !license.includes(' AND ') && !license.includes(' OR ')
|
||||
})
|
||||
|
||||
const licenseExclusions = licenses.licenseExclusions?.map(
|
||||
(pkgUrl: string) => {
|
||||
return parsePURL(pkgUrl)
|
||||
|
||||
Reference in New Issue
Block a user