Introduce version pinning and license checcking

Introduces version pinning via pip-tools for reproducible builds. Introduces license checking via pip-licenses and CircleCI. Licenses are only checked for new builds and when requirements.txt changes. The list of allowed licenses is kept in a separate file to be able to distinguish changes in CI-Configuration/Tools and license list changes.
2025-06-12 21:29:59 +02:00 · 2021-05-05 15:20:35 +02:00 · 2021-05-05 15:20:35 +02:00 · 15e584f0ab
commit 15e584f0ab
parent 1778b36a9a
6 changed files with 296 additions and 19 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -9,10 +9,41 @@ jobs:
      - image: circleci/python:<< parameters.python-version >>
    steps:
      - checkout
-      - run: pip3 install --upgrade pip
-      - run: pip3 install -r requirements.txt
-      - run: pip3 install pytest
+      - &install
+        run:
+          name: Install packages
+          command: |
+            pip3 install --upgrade pip
+            pip3 install -r requirements.txt
+      - run:
+          name: Install specific packages
+          command: pip3 install pytest
      - run: pytest
+  license-scan:
+    docker:
+      - image: circleci/python:3.9
+    steps:
+      - checkout
+      - run:  # Only run license checks if we have changes in requirements.txt
+          name: Check for changes
+          command: |
+            if [ -z "<< pipeline.git.base_revision >>" ]; then
+              echo "No previous build, run license check by default."
+            elif git diff-tree --no-commit-id --name-only -r << pipeline.git.revision >> << pipeline.git.base_revision >> | grep requirements.txt ; then
+              echo "Changes in requirements.txt, run license check."
+            else
+              echo "No relevant changes found, skip running license check."
+              circleci-agent step halt
+            fi
+      - *install
+      - run:
+          name: Install specific packages
+          command: pip3 install pip-licenses
+      - run:  # Read allowed licenses from file to ";"-separated string while removing empty lines and comments
+          name: License check
+          command: |
+            ALLOWED=$(sed -e '/^#.*$/d' -e '/^\s*$/d' .allowed-licenses | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/;/g'); echo $ALLOWED
+            pip-licenses --from=mixed --allow-only="${ALLOWED}" --summary

 workflows:
  all-tests:
@ -21,3 +52,9 @@ workflows:
          matrix:
            parameters:
              python-version: ["3.5", "3.6", "3.7", "3.8", "3.9"]
+  license-scan:
+    jobs:
+      - license-scan:
+          filters:
+            branches:
+              only: master