feat: Add verify headers workflow (#65)

* feat: Add License Header workflow

* fix: The License problem

* fix: License file

* feat: Add the change proposed by @matbmoser

* fix: Name of the jobs and the folder

* trivy after tractus-sdk creation

* fix: Check MD in subdirectories

---------

Co-authored-by: mgarciaLKS <[email protected]>

.github/dependabot.yml

@@ -1,3 +1,22 @@
+###############################################################
+# Copyright (c) 2025 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
 version: 2
 registries:
   github-central-pipelines:

.github/workflows/verify.yml

@@ -0,0 +1,79 @@
+###############################################################
+# Copyright (c) 2025 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+###############################################################
+
+name: "Verify"
+
+# source: https://github.com/eclipse-tractusx/ssi-dim-wallet-stub/blob/main/.github/workflows/verify.yaml
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: ["main"]
+  workflow_dispatch:
+
+jobs:
+    verify-license-headers:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+            - name: Verify License Headers
+              run: |-
+                cmd="grep -riL \"SPDX-License-Identifier: Apache-2.0\" --include=\*.{py,yaml,yml,sql} --exclude-dir={\*\openapi} ."
+                violations=$(eval $cmd | wc -l)
+                if [[ $violations -ne 0 ]] ; then
+                    echo "$violations files without license headers were found:";
+                    eval $cmd;
+                    exit 1;
+                fi
+
+    verify-md-license:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+            - name: Verify the MD footer
+              run: |-
+                cmd="grep -riL \"SPDX-License-Identifier: CC-BY-4.0\" --include=\*.md --exclude-dir={\*\openapi} $(find . -mindepth 2 -type f)"
+                violations=$(eval $cmd | wc -l)
+                if [[ $violations -ne 0 ]] ; then
+                    echo "$violations files without license headers were found:";
+                    eval $cmd;
+                    exit 1;
+                fi
+
+    Review-Allowed-Licenses:
+        runs-on: ubuntu-latest
+        continue-on-error: false
+        if: github.event_name == 'pull_request' || github.event_name == 'pull_request_target'
+        steps:
+        - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        - name: 'Check Allowed Licenses'
+          uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
+          with:
+            fail-on-severity: critical
+          # Representation of this list: https://www.eclipse.org/legal/licenses.php#
+          # Expressed with the help of the following IDs: https://spdx.org/licenses/
+            allow-licenses: >-
+              Adobe-Glyph, Apache-1.0, Apache-1.1, Apache-2.0, Artistic-2.0, BSD-2-Clause, BSD-3-Clause,
+              BSD-4-Clause, 0BSD, BSL-1.0, CDDL-1.0, CDDL-1.1, CPL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-2.5,
+              CC-BY-SA-3.0, CC-BY-SA-4.0, CC0-1.0, EPL-1.0, EPL-2.0, FTL, GFDL-1.3-only, IPL-1.0, ISC,
+              MIT, MIT-0, MPL-1.1, MPL-2.0, NTP, OpenSSL, PHP-3.01, PostgreSQL, OFL-1.1, Unlicense,
+              Unicode-DFS-2015, Unicode-DFS-2016, Unicode-TOU, UPL-1.0, W3C-20150513, W3C-19980720, W3C,
+              WTFPL, X11, Zlib, ZPL-2.1, AGPL-3.0

charts/industry-core-hub/README.md

@@ -78,4 +78,12 @@ helm install industry-core-hub tractusx/industry-core-hub
 | updateStrategy.rollingUpdate.maxUnavailable | int | `0` |  |
 | updateStrategy.type | string | `"RollingUpdate"` | Update strategy type, rolling update configuration parameters, [reference](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies). |
 
-Autogenerated with [helm docs](https://github.com/norwoodj/helm-docs)
+Autogenerated with [helm docs](https://github.com/norwoodj/helm-docs)
+
+## NOTICE
+
+This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode).
+
+- SPDX-License-Identifier: CC-BY-4.0
+- SPDX-FileCopyrightText: 2025 Contributors to the Eclipse Foundation
+- Source URL: https://github.com/eclipse-tractusx/industry-core-hub