#StackBounty: #reactjs #continuous-integration #gitlab #licensing Automating the license checking in gitlab CI/CD pipeline

Bounty: 100

I am trying to implement the license checking of the installed packages in my react project on a GitLab CI/CD pipeline. Before the build stage, the pipeline should check all the available licenses and then whitelist or blacklist certain specified licenses.

I am using the license-checker package to implement a list of available licenses in a JSON file.
After executing the required command: license-checker --json > ./license.json, the output is:

license.json

{
  "@babel/plugin-transform-parameters@7.10.1": {
    "licenses": "MIT",
    "repository": "https://github.com/babel/babel",
    "path": "..../node_modules/@babel/plugin-transform-parameters",
    "licenseFile": "...../node_modules/@babel/plugin-transform-parameters/LICENSE"
  },
  "@babel/plugin-transform-property-literals@7.10.1": {
    "licenses": "MIT",
    "repository": "https://github.com/babel/babel",
    "path": "..../node_modules/@babel/plugin-transform-property-literals",
    "licenseFile": "...../node_modules/@babel/plugin-transform-property-literals/LICENSE"
  },
  "@babel/plugin-transform-react-constant-elements@7.10.1": {
    "licenses": "MIT",
    "repository": "https://github.com/babel/babel",
    "path": "..../node_modules/@babel/plugin-transform-react-constant-elements",
    "licenseFile": "...../node_modules/@babel/plugin-transform-react-constant-elements/LICENSE"
  }
  // .........and list goes on
}

.gitlab-ci.yml

include:
  - local: license-checker-config.yml

stages: 
  - dependency

dependency:
  image: node:12
  stage: dependency
  script: 
    - npm ci
    - echo "main file...."

license-checker-config.yml

before_script: 
  - ./license.json
  - echo "Checking licenses..."

License scanning should be initiated before the build process, so I included as a part of before_script.
In license-checker-config.yml, I need to include my JSON file and then check by iterating over it, if it contains license like MIT, then only the build stage should continue otherwise the build should fail.

With my current code setup, I executed the pipeline and got the error:

Executing "step_script" stage of the job script
00:01
$ ./license.json
/bin/bash: line 99: ./license.json: Permission denied
ERROR: Job failed: exit code 1

Even though the file license.json exists in the same root folder, it shows permission denied. Further, I am unable to figure out how to implement JSON file looping inside the yml file and then achieve the required.

Any help to get me through this is highly appreciated.


Get this bounty!!!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.