chore: add license-checker for license validation (#30)

Author: edodusi

.github/workflows/license-check.yml

@@ -0,0 +1,40 @@
+name: License Check
+
+on:
+    push:
+        branches:
+            - main
+            - develop
+        paths:
+            - 'composer.lock'
+            - 'composer.json'
+    pull_request:
+        paths:
+            - 'composer.lock'
+            - 'composer.json'
+
+jobs:
+    license-check:
+        runs-on: ubuntu-latest
+
+        strategy:
+            matrix:
+                operating-system: [ 'ubuntu-latest' ]
+                php-versions: [ '8.4' ]
+                dependency-stability: [ 'prefer-none' ]
+
+        name: P${{ matrix.php-versions }} - ${{ matrix.operating-system}}
+
+        steps:
+            -   uses: actions/checkout@v4
+            -   name: Install PHP versions
+                uses: shivammathur/setup-php@v2
+                with:
+                    php-version: ${{ matrix.php-versions }}
+                    tools: "composer:v2"
+
+            - name: Install dependencies
+              run: composer install --prefer-dist --no-interaction
+
+            - name: Run license check
+              run: composer run license-check

composer.json

@@ -39,6 +39,9 @@
         "phpunit/phpunit": "^11.5",
         "thecodingmachine/phpstan-safe-rule": "^1.4"
     },
+    "scripts": {
+        "license-check": "php license-checker.php"
+    },
     "config": {
         "sort-packages": true,
         "allow-plugins": {

license-checker.php

@@ -0,0 +1,81 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * Simple license checker for Composer dependencies
+ *
+ * Usage: php license-checker.php
+ */
+
+// Configure allowed licenses
+$allowedLicenses = [
+    'MIT',
+    'BSD-3-Clause',
+    'Apache-2.0',
+];
+
+// Optional: Configure packages to exclude from checking
+$excludedPackages = [
+    // For example: 'vendor/package-name'
+];
+
+$output = shell_exec('composer licenses -f json');
+if (!$output) {
+    echo "Failed to retrieve license information.\n";
+    exit(1);
+}
+
+$licensesData = json_decode($output, true);
+if (!isset($licensesData['dependencies']) || !is_array($licensesData['dependencies'])) {
+    echo "Invalid license data format.\n";
+    exit(1);
+}
+
+echo "Checking licenses against allowed list: " . implode(', ', $allowedLicenses) . "\n\n";
+
+$violations = [];
+$checkedCount = 0;
+
+foreach ($licensesData['dependencies'] as $package => $info) {
+    if (in_array($package, $excludedPackages, true)) {
+        echo "⏩ Skipping excluded package: {$package}\n";
+        continue;
+    }
+
+    $checkedCount++;
+    $packageLicenses = $info['license'] ?? [];
+    $version = $info['version'] ?? 'unknown';
+
+    $hasAllowedLicense = false;
+    foreach ($packageLicenses as $license) {
+        if (in_array($license, $allowedLicenses, true)) {
+            $hasAllowedLicense = true;
+            break;
+        }
+    }
+
+    if (!$hasAllowedLicense) {
+        $violations[] = [
+            'package' => $package,
+            'version' => $version,
+            'licenses' => $packageLicenses,
+        ];
+        echo "❌ License violation: {$package} ({$version}) uses " . implode(', ', $packageLicenses) . "\n";
+    } else {
+        echo "✅ {$package} ({$version}) uses " . implode(', ', $packageLicenses) . "\n";
+    }
+}
+
+echo "\n";
+echo "Summary:\n";
+echo "- Packages checked: {$checkedCount}\n";
+echo "- Violations found: " . count($violations) . "\n";
+
+if (count($violations) > 0) {
+    echo "\nLicense violations detected. Please review the dependencies above.\n";
+    exit(1);
+} else {
+    echo "\nAll dependencies comply with the allowed licenses.\n";
+    exit(0);
+}