1*f578df4fSJingwen Chen# Example of automated license policy definitions. 2*f578df4fSJingwen Chen 3*f578df4fSJingwen Chenload("@rules_license//examples/policy_checker:license_policy.bzl", "license_policy") 4*f578df4fSJingwen Chenload("@rules_license//examples/policy_checker:license_policy_check.bzl", "license_policy_check") 5*f578df4fSJingwen Chen 6*f578df4fSJingwen Chenpackage(default_package_metadata = ["//:license", "//:package_info"]) 7*f578df4fSJingwen Chen 8*f578df4fSJingwen Chen# license_policy rules generally appear in a central location per workspace. That 9*f578df4fSJingwen Chen# should be access controlled by the policy team. 10*f578df4fSJingwen Chen 11*f578df4fSJingwen Chen# A production service can use licenses with most conditions 12*f578df4fSJingwen Chenlicense_policy( 13*f578df4fSJingwen Chen name = "production_service", 14*f578df4fSJingwen Chen conditions = [ 15*f578df4fSJingwen Chen "notice", 16*f578df4fSJingwen Chen "restricted_if_statically_linked", 17*f578df4fSJingwen Chen ], 18*f578df4fSJingwen Chen) 19*f578df4fSJingwen Chen 20*f578df4fSJingwen Chen# A mobile application usually can not allow end-user replacable libraries. 21*f578df4fSJingwen Chen# So LGPL code (which is restricted_if_statically_linked) can not be used. 22*f578df4fSJingwen Chenlicense_policy( 23*f578df4fSJingwen Chen name = "mobile_application", 24*f578df4fSJingwen Chen conditions = [ 25*f578df4fSJingwen Chen "notice", 26*f578df4fSJingwen Chen ], 27*f578df4fSJingwen Chen) 28*f578df4fSJingwen Chen 29*f578df4fSJingwen Chenlicense_policy( 30*f578df4fSJingwen Chen name = "special_allowlisted_app", 31*f578df4fSJingwen Chen # There could be a allowlist of targets here. 32*f578df4fSJingwen Chen conditions = [ 33*f578df4fSJingwen Chen "notice", 34*f578df4fSJingwen Chen "allowlist:acme_corp_paid", 35*f578df4fSJingwen Chen ], 36*f578df4fSJingwen Chen) 37*f578df4fSJingwen Chen 38*f578df4fSJingwen Chen# Now we might build checks of critical applications against policies 39*f578df4fSJingwen Chen# 40*f578df4fSJingwen Chen# Questions to consider? 41*f578df4fSJingwen Chen# - Your organization migth want to fold these kinds of checks into 42*f578df4fSJingwen Chen# wrapper macros around the rules which generate services and apps 43*f578df4fSJingwen Chen# - You might want to distribute checks to rules alongside the products 44*f578df4fSJingwen Chen# - Or, you might want to consolidate them in a single place where your 45*f578df4fSJingwen Chen# compliance team owns them, as this example does 46*f578df4fSJingwen Chen 47*f578df4fSJingwen Chenlicense_policy_check( 48*f578df4fSJingwen Chen name = "check_server", 49*f578df4fSJingwen Chen policy = ":production_service", 50*f578df4fSJingwen Chen target = "//examples/src:my_server", 51*f578df4fSJingwen Chen) 52*f578df4fSJingwen Chen 53*f578df4fSJingwen Chen 54*f578df4fSJingwen Chen# This is marked manual, so bazel test ... does not fail. Try it yourself with 55*f578df4fSJingwen Chen# bazel build :check_violating_server 56*f578df4fSJingwen Chenlicense_policy_check( 57*f578df4fSJingwen Chen name = "check_violating_server", 58*f578df4fSJingwen Chen policy = ":production_service", 59*f578df4fSJingwen Chen tags = [ 60*f578df4fSJingwen Chen "manual", 61*f578df4fSJingwen Chen ], 62*f578df4fSJingwen Chen target = "//examples/src:my_violating_server", 63*f578df4fSJingwen Chen) 64