search

awslabs / amazon-ecr-credential-helper

Automatically gets credentials for Amazon ECR on docker push/docker pull
Apache License 2.0
2.45k stars 335 forks source link

Add generate third party licenses #799

Closed austinvazquez closed 1 month ago

austinvazquez commented 2 months ago

Issue #, if available: The repositories' THIRD-PARTY-LICENSE file is out of date with the list of dependencies used.

Description of changes: This change imports third party licenses file generation from the SOCI project and modifies it based on the Amazon ECR credential helper project's needs. Additionally this change will add license checks such that only pre-approved licenses are used in the project. This will be checked in GitHub Actions CI.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

austinvazquez commented 2 months ago

@pendo324, @Kern--, please review. I was unable to solve the dual license problem. The workaround I am proposing is to include a license check in GitHub Actions CI which will fail if a license is not pre-approved. Of our existing dependencies, 1 in 26 is dual licensed. See THIRD-PARTY-LICENSES for gopkg.in/yaml.v3 (a test dependency). Both licenses are being listed in the third party licenses file currently.

austinvazquez commented 2 months ago

Note to maintainers: this change was drafted such that each change is buildable. Commits in this PR should not be squashed to preserve import of code from awslabs/soci-snapshotter project.