IsaacLab/.github/workflows/license-check.yaml at main · nv-apoddubny/IsaacLab · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# Copyright (c) 2022-2026, The Isaac Lab Project Developers (https://github.com/isaac-sim/IsaacLab/blob/main/CONTRIBUTORS.md).
# All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause

name: Check Python Dependency Licenses

on:
  pull_request:
    types: [opened, synchronize, reopened]

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  license-check:
    runs-on: ubuntu-24.04

    steps:
    - name: Checkout code
      uses: actions/checkout@v3

    # - name: Install jq
    #   run: sudo apt-get update && sudo apt-get install -y jq

    - name: Clean up disk space
      run: |
        rm -rf /opt/hostedtoolcache
        rm -rf /usr/share/dotnet
        rm -rf /opt/ghc
        docker container prune -f
        docker image prune -af
        docker volume prune -f || true


    - name: Set up Python
      uses: actions/setup-python@v4
      with:
        python-version: '3.11'  # Adjust as needed

    - name: Install dependencies using ./isaaclab.sh -i
      run: |
        # first install isaac sim
        pip install --upgrade pip
        pip install 'isaacsim[all,extscache]==${{ vars.ISAACSIM_BASE_VERSION || '5.0.0' }}' --extra-index-url https://pypi.nvidia.com
        chmod +x ./isaaclab.sh  # Make sure the script is executable
        # install all lab dependencies
        ./isaaclab.sh -i

    - name: Install pip-licenses
      run: |
        pip install pip-licenses
        pip install -r tools/template/requirements.txt
        pip install -r docs/requirements.txt

    # Optional: Print the license report for visibility
    - name: Print License Report
      run: pip-licenses --from=mixed --format=markdown

    # Print pipdeptree
    - name: Print pipdeptree
      run: |
        pip install pipdeptree
        pipdeptree

    - name: Check licenses against whitelist and exceptions
      run: |
        # Define the whitelist of allowed licenses
        ALLOWED_LICENSES="MIT Apache BSD ISC zlib"

        # Load the exceptions list from the exceptions.json file
        EXCEPTIONS_FILE=".github/workflows/license-exceptions.json"

        # Initialize counter for failed packages
        FAILED_PACKAGES=0

        # Get the list of installed packages and their licenses
        pip-licenses --from=mixed --format=json > licenses.json

        # Check the output of pip-licenses to ensure it is valid JSON
        if ! jq empty licenses.json; then
          echo "ERROR: Failed to parse pip-licenses output. Exiting..."
          exit 1
        fi

        # Split ALLOWED_LICENSES into individual words
        IFS=' ' read -r -a allowed_licenses <<< "$ALLOWED_LICENSES"

        # Loop through the installed packages and their licenses
        for pkg in $(jq -r '.[].Name' licenses.json); do
          LICENSE=$(jq -r --arg pkg "$pkg" '.[] | select(.Name == $pkg) | .License' licenses.json)

          # Check if any of the allowed licenses are a substring of the package's license
          match_found=false
          for allowed_license in "${allowed_licenses[@]}"; do
            if [[ "$LICENSE" == *"$allowed_license"* ]]; then
              match_found=true
              break
            fi
          done

          if [ "$match_found" = false ]; then
            # Check if the package is in the exceptions list
            EXCEPTION=$(jq -r --arg pkg "$pkg" --arg license "$LICENSE" \
              '.[] | select(.package == $pkg)' "$EXCEPTIONS_FILE")

            # If the package is in the exceptions list
            if [ -n "$EXCEPTION" ]; then
              # If the license is provided in the exceptions list, check the license
              EXCEPTION_LICENSE=$(echo "$EXCEPTION" | jq -r '.license')

              # echo "Comparing licenses for $pkg:"
              # echo "  EXCEPTION_LICENSE='${EXCEPTION_LICENSE}' (len=${#EXCEPTION_LICENSE})"
              # echo "  LICENSE='${LICENSE}' (len=${#LICENSE})"

              # If the exceptions list has a license and doesn't match the current license
              if [ "$EXCEPTION_LICENSE" != "null" ] && [ "$EXCEPTION_LICENSE" != "$LICENSE" ]; then
                echo "ERROR: $pkg has license: $LICENSE"
                FAILED_PACKAGES=$((FAILED_PACKAGES + 1))  # Increment the counter
              fi
            else
              # If the package is not in the exceptions list
              echo "ERROR: $pkg has license: $LICENSE"
              FAILED_PACKAGES=$((FAILED_PACKAGES + 1))  # Increment the counter
            fi
          fi
        done

        # After all packages are processed, check if there were any errors
        if [ "$FAILED_PACKAGES" -gt 0 ]; then
          echo "ERROR: $FAILED_PACKAGES packages were flagged."
          exit 1  # Fail the build
        else
          echo "All packages were checked."
        fi