When a new file is added via a git commit, the Continuous Integration system on GitHub should check to ensure that:
- That file contains an SPDX header
- The declared license is compatible with the LGPL-2.1 (for our purposes this can be a simple hardcoded allow-list that contains the licenses that are currently in use in the repository).
In most cases this should be the first line of the file, but it's permitted to be the second line in the case of a shell script that contains a "#!" line at the top.
If the file also contains a license block, that block should be checked to ensure that it matches the declared SPDX license, and in the case of an LGPL-2.1-or-later license, that it's using the latest recommended license block. Other licenses could be checked as well, but since most project files use the LGPL-2.1 that is the most important.
When a new file is added via a
git commit, the Continuous Integration system on GitHub should check to ensure that:In most cases this should be the first line of the file, but it's permitted to be the second line in the case of a shell script that contains a "#!" line at the top.
If the file also contains a license block, that block should be checked to ensure that it matches the declared SPDX license, and in the case of an LGPL-2.1-or-later license, that it's using the latest recommended license block. Other licenses could be checked as well, but since most project files use the LGPL-2.1 that is the most important.