Closed austinvazquez closed 1 month ago
@pendo324, @Kern--, please review. I was unable to solve the dual license problem. The workaround I am proposing is to include a license check in GitHub Actions CI which will fail if a license is not pre-approved. Of our existing dependencies, 1 in 26 is dual licensed. See THIRD-PARTY-LICENSES for gopkg.in/yaml.v3 (a test dependency). Both licenses are being listed in the third party licenses file currently.
Note to maintainers: this change was drafted such that each change is buildable. Commits in this PR should not be squashed to preserve import of code from awslabs/soci-snapshotter project.
Issue #, if available: The repositories' THIRD-PARTY-LICENSE file is out of date with the list of dependencies used.
Description of changes: This change imports third party licenses file generation from the SOCI project and modifies it based on the Amazon ECR credential helper project's needs. Additionally this change will add license checks such that only pre-approved licenses are used in the project. This will be checked in GitHub Actions CI.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.