mozilla-ai
diff --git a/‎.github/workflows/validate-licenses.yaml‎
Lines changed: 50 additions & 0 deletions b/‎.github/workflows/validate-licenses.yaml‎
Lines changed: 50 additions & 0 deletions
diff --git a/‎.goreleaser.yaml‎
Lines changed: 4 additions & 0 deletions b/‎.goreleaser.yaml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 35 additions & 2 deletions b/‎Makefile‎
Lines changed: 35 additions & 2 deletions
@@ -0,0 +1,50 @@
+name: License Validation
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'go.mod'
+      - 'go.sum'
+      - 'NOTICE'
+
+jobs:
+  check-license:
+    runs-on: ubuntu-latest
+    env:
+      ALLOWED_LICENSES: "Apache-2.0,MIT,BSD-2-Clause,BSD-3-Clause,ZeroBSD,Unlicense"
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Cache Go modules
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-golang-
+
+      - name: Set up Go (from go.mod)
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        with:
+          go-version-file: go.mod
+
+      - name: Install go-licenses
+        run: go install github.com/google/go-licenses/v2@latest
+
+      - name: Check allowed licenses
+        run: go-licenses check ./... --ignore github.com/mozilla-ai/mcpd/v2 --allowed_licenses=${ALLOWED_LICENSES}
+
+      - name: Check NOTICE file
+        run: |
+          go-licenses report ./... --ignore github.com/mozilla-ai/mcpd/v2 --template build/licenses/notice.tpl > NOTICE.new
+          if ! cmp -s NOTICE NOTICE.new; then
+            echo "NOTICE is out of date. Please regenerate it with 'make notice'"
+            diff -u NOTICE NOTICE.new || true
+            exit 1
+          fi
@@ -42,6 +42,10 @@ archives:
     format_overrides:
       - goos: windows
         formats: [zip]
+    files:
+      - LICENSE
+      - README.md
+      - NOTICE
 
 homebrew_casks:
   - name: mcpd
 
@@ -1,4 +1,4 @@
-.PHONY: build build-dev build-linux build-linux-arm64 clean docs docs-cli docs-local docs-nav install lint local-down local-up test uninstall validate-registry
+.PHONY: build build-dev build-linux build-linux-arm64 clean docs docs-cli docs-local docs-nav install lint local-down local-up test uninstall validate-registry check-licenses check-notice notice
 
 MODULE_PATH := github.com/mozilla-ai/mcpd/v2
 
@@ -29,7 +29,40 @@ LDFLAGS := -s -w -X '$(MODULE_PATH)/internal/cmd.version=$(VERSION)' \
 # Build flags for optimization
 BUILDFLAGS := -trimpath
 
-lint:
+# The license types allowed to be imported by the project
+ALLOWED_LICENSES := Apache-2.0,MIT,BSD-2-Clause,BSD-3-Clause,ZeroBSD,Unlicense
+
+check-licenses:
+	@echo "Checking licenses..."
+	@go install github.com/google/go-licenses/v2@latest
+	@set -e; \
+	if go-licenses check ./... --ignore github.com/mozilla-ai/mcpd/v2 --allowed_licenses=$(ALLOWED_LICENSES); then \
+		echo "✓ All licenses are allowed."; \
+	else \
+		echo "License check failed: some dependencies have disallowed licenses."; \
+		exit 1; \
+	fi
+
+check-notice:
+	@echo "Checking NOTICE..."
+	@go install github.com/google/go-licenses/v2@latest
+	@tmp=$$(mktemp); \
+	trap "rm -f $$tmp" EXIT; \
+	go-licenses report ./... --ignore github.com/mozilla-ai/mcpd/v2 --template build/licenses/notice.tpl > $$tmp; \
+	if ! cmp -s NOTICE $$tmp; then \
+		echo "NOTICE is out of date. Regenerate it with 'make notice'"; \
+		exit 1; \
+	else \
+		echo "✓ NOTICE is up to date"; \
+	fi
+
+notice:
+	@echo "Generating NOTICE..."
+	@go install github.com/google/go-licenses/v2@latest
+	@go-licenses report ./... --ignore github.com/mozilla-ai/mcpd/v2 --template build/licenses/notice.tpl > NOTICE
+	@echo "✓ NOTICE generated"
+
+lint: check-notice
 	golangci-lint run --fix -v
 
 test: lint