From 36d622ed48d8c68d471529d1433534bd8f2f1dd2 Mon Sep 17 00:00:00 2001
From: Andy Feller <andyfeller@github.com>
Date: Tue, 20 Aug 2024 23:42:57 -0400
Subject: [PATCH] Prototype licensing workflow

---
 .github/licenses.tmpl          | 13 +++++++++++
 .github/workflows/licenses.yml | 40 ++++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 .github/licenses.tmpl
 create mode 100644 .github/workflows/licenses.yml

diff --git a/.github/licenses.tmpl b/.github/licenses.tmpl
new file mode 100644
index 000000000..4a9083e92
--- /dev/null
+++ b/.github/licenses.tmpl
@@ -0,0 +1,13 @@
+# GitHub CLI dependencies
+
+The following open source dependencies are used to build the [GitHub CLI _(`gh`)_](https://github.com/cli/cli).
+
+## Go Packages
+
+Some packages may only be included on certain architectures or operating systems.
+
+| **Module** | **Version** | **License** | **License File** | **Package Docs**
+| ---------- | ----------- | ----------- | ---------------- | ----------------
+{{- range . }}
+| {{ .Name }} | {{ .Version }} | {{ .LicenseName }} | {{ .LicenseURL }} | [pkg.go.dev](https://pkg.go.dev/{{ .Name }}@{{ .Version }}) 
+{{- end }}
diff --git a/.github/workflows/licenses.yml b/.github/workflows/licenses.yml
new file mode 100644
index 000000000..1769d5bb3
--- /dev/null
+++ b/.github/workflows/licenses.yml
@@ -0,0 +1,40 @@
+name: Licensing
+on:
+  push:
+    tags:
+      - "v*"
+env:
+  GOPACKAGE: github.com/cli/cli/v2
+  LICENSE_DIR: licenses
+  LICENSE_ARCHIVE: licenses.tgz
+jobs:
+  go-licenses:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: 'go.mod'
+
+      - name: Generate Go license notices
+        working-directory: ${{ env.LICENSE_DIR }}
+        run: |
+          go install github.com/google/go-licenses@latest
+          go-licenses report "$GOPACKAGE" --template=../.github/licenses.tmpl --stderrthreshold=ERROR --logtostderr=false > README.md
+          go-licenses save "$GOPACKAGE" --stderrthreshold=ERROR --logtostderr=false
+
+      - name: Upload Go license notices
+        run: |
+          tar czf "$LICENSE_ARCHIVE" "$LICENSE_DIR"
+          gh release upload "$GITHUB_REF_NAME" --clobber -- "$LICENSE_ARCHIVE"
+
+          if gh release view "$GITHUB_REF_NAME" >/dev/null; then
+            echo "uploading assets to an existing release..."
+            gh release upload "$GITHUB_REF_NAME" --clobber -- "$LICENSE_ARCHIVE"
+          else
+            echo "cannot upload as something else should create the release first..."
+            exit 1
+          fi