feat: Added license check

[denis256]

Description

• updated PR template with checkboxes to confirm source code author
• updated mise to install licensei
• added licensei project rules
• added github action to run license check
• replaced old make targets for installation with mise

TODOs

Read the Gruntwork contribution guidelines.

• Update the docs.
• Run the relevant tests successfully, including pre-commit checks.
• Ensure any 3rd party code adheres with our license policy or delete this line if its not applicable.
• Include release notes. If this PR is backward incompatible, include a migration guide.

Release Notes (draft)

Added / Removed / Updated [X].

Migration Guide

Summary by CodeRabbit

• New Features

  • Introduced automated license compliance checks for dependencies and code headers in the development workflow.
  • Added a configuration file to define approved licenses and specify files or directories to ignore during license scanning.

• Chores

  • Updated dependency management and tool installation processes to include license checking tools.
  • Enhanced GitHub Actions workflows with experimental features and improved license verification steps.
  • Updated the pull request template with additional checkboxes for code authorship and licensing confirmation.
  • Added .licensei.cache to .gitignore to prevent caching files from being tracked.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
terragrunt-docs	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	May 28, 2025 7:42pm

[coderabbitai]

📝 Walkthrough

Walkthrough

This update introduces a new license compliance workflow and configuration, modifies the pull request template to clarify licensing requirements, adds license tool dependencies, and updates the Makefile with a license check target. Several GitHub Actions workflows are updated to enable experimental features in a dependency management step, and some obsolete Makefile targets and scripts are removed or streamlined.

Changes

File(s)	Change Summary
.github/workflows/license-check.yml, .licensei.toml	Added new license check workflow and configuration for license scanning and compliance.
.github/pull_request_template.md	Updated checklist: clarified code authorship and licensing requirements; removed redundant third-party license line.
mise.toml	Added licensei and mockgen as Go tool dependencies.
Makefile	Removed install-lint and install-mock-tools targets; added license-check target; updated .PHONY declarations.
.github/scripts/setup/generate-mocks.sh	Removed make install-mock-tools command; script now only runs make generate-mocks.
.gitignore	Added .licensei.cache to ignored files.
.github/workflows/build.yml, .../build-no-proxy.yml, .../codespell.yml, .../lint.yml, .../strict-lint.yml	Added experimental: true input to jdx/mise-action@v2 steps to enable experimental features.

Sequence Diagram(s)

sequenceDiagram
    participant GitHub Actions
    participant Runner
    participant Licensei

    GitHub Actions->>Runner: Trigger license-check workflow
    Runner->>Runner: Checkout code
    Runner->>Runner: Setup dependencies (mise-action, experimental: true)
    Runner->>Runner: Run `make license-check`
    Runner->>Licensei: Execute licensei cache/check/header
    Licensei-->>Runner: License check results
    Runner->>GitHub Actions: Upload license check report artifact

Loading

Possibly related PRs

• gruntwork-io/terragrunt#4173: Both PRs add a new GitHub Actions workflow for code quality checks (e.g., codespell or license compliance).
• gruntwork-io/terragrunt#4324: Both PRs modify the mock tool installation logic in the generate-mocks.sh script, but in different ways.

Suggested reviewers

• yhakbar

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

.github/pull_request_template.md (1)

13-15: Correct checklist wording and punctuation

• Hyphenate compound adjectives: use open-source software and open-source license.
• Remove the extra closing bracket in line 14 to balance parentheses.

- [ ] I am submitting code based on open source software (e.g. MIT, MPL-2.0, Apache)]
+ [ ] I am submitting code based on open-source software (e.g., MIT, MPL-2.0, Apache)
- [ ] I am adding or upgrading a dependency or adapted code and confirm it has a compatible open source license
+ [ ] I am adding or upgrading a dependency or adapted code and confirm it has a compatible open-source license

🧰 Tools

🪛 LanguageTool

[uncategorized] ~14-~14: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...elf - [ ] I am submitting code based on open source software (e.g. MIT, MPL-2.0, Apache)] -...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[uncategorized] ~15-~15: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ed code and confirm it has a compatible open source license - [ ] Update the docs. - [ ] Ru...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

.github/workflows/license-check.yml (2)

38-42: Remove Trailing Whitespace and Add Newline at EOF

There is a trailing space on line 42 and the file is missing a newline at EOF, which causes YAML lint errors.

Apply this diff:

-          path: license-check.log 
+          path: license-check.log
+

🧰 Tools

🪛 YAMLlint (1.37.1)

[error] 42-42: no new line character at the end of file

(new-line-at-end-of-file)

---

[error] 42-42: trailing spaces

(trailing-spaces)

---

1-9: Consider Adding Minimal Permissions and Concurrency Controls

For better security and to prevent overlapping runs, you could optionally introduce explicit permissions: and a concurrency: block at the top of this workflow. Example:

 name: License Check
+permissions:
+  contents: read
+  actions: write

 on:
   push:
     branches:
       - main
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true

This will ensure least-privilege access and cancel in-progress runs when new pushes occur.

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0df7eb5 and d6c01df.

📒 Files selected for processing (12)

• .github/pull_request_template.md (1 hunks)
• .github/scripts/setup/generate-mocks.sh (0 hunks)
• .github/workflows/build-no-proxy.yml (1 hunks)
• .github/workflows/build.yml (1 hunks)
• .github/workflows/codespell.yml (1 hunks)
• .github/workflows/license-check.yml (1 hunks)
• .github/workflows/lint.yml (1 hunks)
• .github/workflows/strict-lint.yml (1 hunks)
• .gitignore (1 hunks)
• .licensei.toml (1 hunks)
• Makefile (1 hunks)
• mise.toml (1 hunks)

💤 Files with no reviewable changes (1)

• .github/scripts/setup/generate-mocks.sh

🧰 Additional context used

🪛 LanguageTool

.github/pull_request_template.md

[uncategorized] ~14-~14: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...elf - [ ] I am submitting code based on open source software (e.g. MIT, MPL-2.0, Apache)] -...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[uncategorized] ~15-~15: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ed code and confirm it has a compatible open source license - [ ] Update the docs. - [ ] Ru...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

🪛 YAMLlint (1.37.1)

.github/workflows/license-check.yml

[error] 42-42: no new line character at the end of file

(new-line-at-end-of-file)

---

[error] 42-42: trailing spaces

(trailing-spaces)

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: Test (Provider Cache with Latest Terraform)
• GitHub Check: Test (AWS with Latest OSS Terraform)
• GitHub Check: Pull Request has non-contributor approval

🔇 Additional comments (13)

mise.toml (1)

5-6: Add licensei and mockgen to Go toolchain

Introducing licensei and mockgen as Go tool dependencies in mise.toml ensures consistent installation of license checking and mock generation tooling across CI and local environments.

.gitignore (1)

21-21: Ignore licensei cache artifacts

Adding .licensei.cache prevents the licensei tool’s cache files from being accidentally committed, keeping the repository clean.

.github/workflows/lint.yml (1)

21-21: Enable experimental flag for mise-action

Including experimental: true aligns this lint workflow with other CI jobs, unlocking necessary experimental features in the mise setup.

.github/workflows/codespell.yml (1)

31-31: Enable experimental flag for mise-action in Codespell workflow

Consistent with the lint workflow, enabling experimental: true here ensures the mise action installs dependencies under the experimental mode.

.github/workflows/strict-lint.yml (1)

18-18: Enable experimental flag for mise-action in Strict Lint workflow

Adding experimental: true keeps the strict-lint workflow in sync with other pipelines and supports the new licensing checks.

.github/workflows/build-no-proxy.yml (1)

39-41: Enable experimental mode in the dependency installer
The experimental: true flag has been added to the jdx/mise-action@v2 step, matching other workflows and unlocking new features in version 2025.4.4.

.github/workflows/build.yml (1)

39-41: Enable experimental mode in the dependency installer
Consistently adding experimental: true to the jdx/mise-action@v2 step ensures all CI workflows leverage the same experimental features.

.licensei.toml (3)

1-8: Configuration of approved licenses
The approved list includes the main open-source licenses (Apache-2.0, BSD-2-clause, BSD-3-clause, ISC, MPL-2.0, MIT). Verify this aligns with the organization’s policy and consider adding any additional permitted licenses.

---

10-14: Exclude specific dependencies from scanning
The ignored list omits known tooling dependencies (tflint-plugin-sdk, go-sarif, go-spew). Confirm their licenses have been vetted and that excluding them won’t mask policy violations.

---

17-19: Header section for file/path ignores
Ignoring the vendor and .gen directories, as well as generated Go files (mock_*.go, *_gen.go), is appropriate to prevent false positives in license scans.

Makefile (1)

50-54: New license-check target
The license-check recipe appropriately vendors dependencies and runs licensei cache, check, and header with debug flags for comprehensive license compliance checks.

.github/workflows/license-check.yml (2)

17-27: Workflow Steps for Checkout and Dependency Installation Look Solid

The steps invoking actions/checkout@v4 followed by the jdx/mise-action@v2 with the specified version and experimental flag correctly set up the environment for the license check. The use of MISE_PROFILE: cicd aligns with the project’s CI/CD conventions.

---

29-36: License Check Invocation Is Properly Configured

Using set -o pipefail combined with tee ensures that any failure in the make license-check command surfaces correctly while still generating a complete log. Pinning the shell to bash is appropriate for the piped commands.

[coderabbitai]

⚠️ Potential issue

Declare license-check as a PHONY target
Add license-check to the .PHONY list to prevent conflicts with files or directories of the same name.

-.PHONY: help fmtcheck fmt install-fmt-hook clean run-lint run-strict-lint
+.PHONY: help fmtcheck fmt install-fmt-hook clean run-lint run-strict-lint license-check

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	.PHONY: help fmtcheck fmt install-fmt-hook clean run-lint run-strict-lint
	.PHONY: help fmtcheck fmt install-fmt-hook clean run-lint run-strict-lint license-check

🤖 Prompt for AI Agents

In the Makefile at line 56, the target `license-check` is missing from the
`.PHONY` declaration. Add `license-check` to the `.PHONY` list to ensure it is
always executed as a command and avoid conflicts with any files or directories
named `license-check`.