From 7938772552fdf47b93e4097e199b2964823ae5a1 Mon Sep 17 00:00:00 2001 From: Pil0tXia Date: Mon, 15 Apr 2024 13:51:37 +0800 Subject: [PATCH] Add all denied licenses --- .github/dependabot.yml | 4 ++++ .github/workflows/license.yml | 13 +++++++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c025778dc5..3c6826d4a6 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -27,3 +27,7 @@ updates: ignore: - dependency-name: "*" update-types: ["version-update:semver-major"] + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 1a3fb19bee..a85c0f75c3 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -13,9 +13,18 @@ jobs: - name: 'Dependency Review' uses: actions/dependency-review-action@v4 with: - vulnerability-check: true - fail-on-severity: critical + vulnerability-check: false license-check: true + # Compatible/Incompatible licenses addressed here: https://www.apache.org/legal/resolved.html + # Special notice for GPL licenses: https://www.apache.org/licenses/GPL-compatibility.html + # Find SPDX identifiers here: https://spdx.org/licenses/ + deny-licenses: | + MS-LPL, ASL, RSAL, BUSL-1.1, + CC-BY-NC-1.0, CC-BY-NC-2.0, CC-BY-NC-2.5, CC-BY-NC-3.0, CC-BY-NC-4.0 +# GPL-1.0, GPL-2.0, GPL-3.0, AGPL-3.0, LGPL-2.0, LGPL-2.1, LGPL-3.0, +# GPL-1.0-only, GPL-2.0-only, GPL-3.0-only, AGPL-3.0-only, LGPL-2.0-only, LGPL-2.1-only, LGPL-3.0-only, + QPL-1.0, Sleepycat, SSPL-1.0, CPOL-1.02, + BSD-4-Clause, BSD-4-Clause-UC, NPL-1.0, NPL-1.1, JSON # MX4J, DOM4J, Eclipse Distribution License 1.0, Cup Parser Generator # allow-licenses: | # Apache-2.0, Apache-1.1, PHP-3.01,