License check risdev 5889 (#14)

* Scan licenses
* Gitignore license report

.github/workflows/frontend-jobs.yml

@@ -38,6 +38,42 @@ jobs:
         with:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
 
+  audit-licenses-frontend:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: ./frontend/package.json
+          cache: npm
+          cache-dependency-path: ./frontend/package-lock.json
+      - name: Cache npm cache
+        uses: actions/cache@v4
+        id: cache-npm-cache
+        with:
+          # The docs discourage caching `node-modules`, cf. https://github.com/actions/cache/blob/main/examples.md#node---npm
+          path: /home/runner/.npm
+          key: npm-cache-${{ hashFiles('./frontend/package-lock.json') }}
+      - name: Install node modules
+        run: npm ci
+        working-directory: ./frontend
+      - name: Run license scanner
+        run: npm run audit:licences
+        working-directory: ./frontend
+      - name: Upload licence report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: licence-reports-frontend
+          retention-days: 3
+          path: frontend/frontend-licence-report.csv
+      - name: Send status to Slack
+        uses: digitalservicebund/notify-on-failure-gha@814d0c4b2ad6a3443e89c991f8657b10126510bf
+        if: ${{ failure() && github.ref == 'refs/heads/main' }}
+        with:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+
   build-frontend:
     runs-on: ubuntu-latest
     steps:

allowed-licenses.json

@@ -0,0 +1,73 @@
+{
+    "allowedLicenses": [
+        {
+            "moduleLicense": "Apache License, Version 2.0"
+        },
+        {
+            "moduleLicense": "Apache-2.0"
+        },
+        {
+            "moduleLicense": "MIT License"
+        },
+        {
+            "moduleLicense": "MIT-0"
+        },
+        {
+            "moduleLicense": "MPL-2.0"
+        },
+        {
+            "moduleLicense": "Mozilla Public License Version 2.0"
+        },
+        {
+            "moduleLicense": "MIT"
+        },
+        {
+            "moduleLicense": "ISC"
+        },
+        {
+            "moduleLicense": "CC-BY-4.0"
+        },
+        {
+            "moduleLicense": "BSD-2-Clause"
+        },
+        {
+            "moduleLicense": "The 2-Clause BSD License"
+        },
+        {
+            "moduleLicense": "The 3-Clause BSD License"
+        },
+        {
+            "moduleLicense": "BSD-3-Clause"
+        },
+        {
+            "moduleLicense": "BSD 4-Clause \"Original\" or \"Old\" License"
+        },
+        {
+            "moduleLicense": "The BSD License"
+        },
+        {
+            "moduleLicense": "Creative Commons Legal Code"
+        },
+        {
+            "moduleLicense": "GNU GENERAL PUBLIC LICENSE, Version 2 + Classpath Exception"
+        },
+        {
+            "moduleLicense": "GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1"
+        },
+        {
+            "moduleLicense": "GNU Lesser General Public License"
+        },
+        {
+            "moduleLicense": "GPL-3.0-only"
+        },
+        {
+            "moduleLicense": "BlueOak-1.0.0"
+        },
+        {
+            "moduleLicense": "CC-BY-3.0"
+        },
+        {
+            "moduleLicense": "CC0-1.0"
+        }
+    ]
+}

frontend/.gitignore

@@ -32,5 +32,7 @@ coverage
 test-results/
 playwright-report/
 
+frontend-license-report.csv
+
 # Sentry Config File
 .env.sentry-build-plugin

frontend/joinAllowedLicenses.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+cat < ../allowed-licenses.json | jq -r '.allowedLicenses | map(.moduleLicense) | join(";")'