From 64ad33f395de033a43c1522337468bb4edc43626 Mon Sep 17 00:00:00 2001 From: Or Shoval Date: Wed, 27 Sep 2023 10:56:23 +0300 Subject: [PATCH] check hashicorp: Add hashicorp whitelist Signed-off-by: Or Shoval --- .../workflows/check_hashicorp_modules.yaml | 10 ++++++++ hack/check_hashicorp.sh | 24 +++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 .github/workflows/check_hashicorp_modules.yaml create mode 100755 hack/check_hashicorp.sh diff --git a/.github/workflows/check_hashicorp_modules.yaml b/.github/workflows/check_hashicorp_modules.yaml new file mode 100644 index 00000000..259d70ba --- /dev/null +++ b/.github/workflows/check_hashicorp_modules.yaml @@ -0,0 +1,10 @@ +name: Check HashiCorp Modules +on: [push, pull_request] +jobs: + check_modules: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v2 + - name: Run script + run: ./hack/check_hashicorp.sh diff --git a/hack/check_hashicorp.sh b/hack/check_hashicorp.sh new file mode 100755 index 00000000..36641e61 --- /dev/null +++ b/hack/check_hashicorp.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +allowed_hashicorp_modules=( + "github.com/hashicorp/errwrap" + "github.com/hashicorp/go-multierror" + "github.com/hashicorp/hcl" +) + +error_found=false +while read -r line; do + if ! [[ " ${allowed_hashicorp_modules[*]} " == *" $line "* ]]; then + echo "found non allowlisted hashicorp module: $line" + error_found=true + fi +done < <(grep -i hashicorp go.mod | grep -o 'github.com/[^ ]*') + +if [[ $error_found == true ]]; then + echo "Non allowlisted hashicorp modules found, exiting with an error." + echo "HashiCorp adapted BSL, which we cant use on our projects." + echo "Please review the licensing, and either add it to the list if it isn't BSL," + echo "or use a different library." + exit 1 +fi +echo "All included hashicorp modules are allowlisted"