Add license compliance
Context
In order to achieve a trustable software freedesktop-sdk needs to satisfy license compliance requirements.
Description
One option is to use Quartermaster with freedesktop-sdk
Quartermaster is a suite of command line tools and build system extensions that instruments software builds to create FOSS compliance documentation and support compliance decisions. It executes as part of a software build process to generate reports about the analysed product.
Quartermaster runs adjacent to a software build process. A master process collects information about the software that is build. Once the build is complete, the master executes a number of analysis tools, and finally a number of reporters. The master process runs in a docker image that is deployed by Quartermaster, since freedesktop-sdk's CI is already running in a docker image, we would have docker-in-docker. To answer that situation one of this procedures should be applied: Building Docker images with GitLab CI/CD . Another alternative would be to use runner "shell" with a bare metal machine or a VM to avoid the issue of docker-in-docker.
Note: Building Docker images with GitLab CI/CD as the label says, It's a way to build docker images on gitlab. However, what we actually need is to deploy them, so this might not be the proper procedure.
Video Demo: https://drive.google.com/file/d/16g6l_1IMvIFMOKBb7EqF6VasGygmwn6D/view?usp=sharing
- Quartermaster's website: https://qmstr.org/
- Slides: http://events17.linuxfoundation.org/sites/events/files/slides/%28FINAL%29Mr.%20Mirko%20Boehm.pdf
- Quartermaster's repository: https://github.com/QMSTR/qmstr
- Quartermaster's demo: https://github.com/QMSTR/qmstr-demo
Acceptance Criteria
- A license compliance report is generated as part of the CI
- The report should look similar to this one; https://qmstr.org/packages/curl/