From 4e70890cf431f54c49da62c88493725afde0be75 Mon Sep 17 00:00:00 2001
From: Eric Joanis <eric.joanis@nrc-cnrc.gc.ca>
Date: Wed, 22 Jan 2025 18:28:33 -0500
Subject: [PATCH] ci: add automated dependency license checking

---
 .github/workflows/end-to-end-tests.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/end-to-end-tests.yml b/.github/workflows/end-to-end-tests.yml
index 49e74860..f6fca4fb 100644
--- a/.github/workflows/end-to-end-tests.yml
+++ b/.github/workflows/end-to-end-tests.yml
@@ -23,6 +23,15 @@ jobs:
       - name: Install everything
         run: npm install
 
+      - name: Automated license checking
+        env:
+          PROD_LICENSES: "MIT;0BSD;BSD-2-Clause;BSD-3-Clause;ISC;Apache-2.0"
+          DEV_LICENSES: "Python-2.0;CC0-1.0;CC-BY-3.0;CC-BY-4.0;Apache 2.0;Unlicense;BlueOak-1.0.0"
+          OK_BUT_NOT_AUTODETECTED: "@nxext/common@18.0.0;unidecode@1.1.0;readalong-studio@0.0.0"
+        run: |
+          npx license-checker --summary --production --onlyAllow "$PROD_LICENSES" --excludePackages "$OK_BUT_NOT_AUTODETECTED"
+          npx license-checker --summary --onlyAllow "$DEV_LICENSES;$PROD_LICENSES" --excludePackages "$OK_BUT_NOT_AUTODETECTED"
+
       - name: Cypress run for web-component
         uses: cypress-io/github-action@v6
         with: