aboutsummaryrefslogtreecommitdiff
path: root/examples/policy_checker/BUILD
diff options
context:
space:
mode:
Diffstat (limited to 'examples/policy_checker/BUILD')
-rw-r--r--examples/policy_checker/BUILD63
1 files changed, 63 insertions, 0 deletions
diff --git a/examples/policy_checker/BUILD b/examples/policy_checker/BUILD
new file mode 100644
index 0000000..49f77aa
--- /dev/null
+++ b/examples/policy_checker/BUILD
@@ -0,0 +1,63 @@
+# Example of automated license policy definitions.
+
+load("@rules_license//examples/policy_checker:license_policy.bzl", "license_policy")
+load("@rules_license//examples/policy_checker:license_policy_check.bzl", "license_policy_check")
+
+package(default_package_metadata = ["//:license", "//:package_info"])
+
+# license_policy rules generally appear in a central location per workspace. That
+# should be access controlled by the policy team.
+
+# A production service can use licenses with most conditions
+license_policy(
+ name = "production_service",
+ conditions = [
+ "notice",
+ "restricted_if_statically_linked",
+ ],
+)
+
+# A mobile application usually can not allow end-user replacable libraries.
+# So LGPL code (which is restricted_if_statically_linked) can not be used.
+license_policy(
+ name = "mobile_application",
+ conditions = [
+ "notice",
+ ],
+)
+
+license_policy(
+ name = "special_allowlisted_app",
+ # There could be a allowlist of targets here.
+ conditions = [
+ "notice",
+ "allowlist:acme_corp_paid",
+ ],
+)
+
+# Now we might build checks of critical applications against policies
+#
+# Questions to consider?
+# - Your organization migth want to fold these kinds of checks into
+# wrapper macros around the rules which generate services and apps
+# - You might want to distribute checks to rules alongside the products
+# - Or, you might want to consolidate them in a single place where your
+# compliance team owns them, as this example does
+
+license_policy_check(
+ name = "check_server",
+ policy = ":production_service",
+ target = "//examples/src:my_server",
+)
+
+
+# This is marked manual, so bazel test ... does not fail. Try it yourself with
+# bazel build :check_violating_server
+license_policy_check(
+ name = "check_violating_server",
+ policy = ":production_service",
+ tags = [
+ "manual",
+ ],
+ target = "//examples/src:my_violating_server",
+)
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-24 03:19:44 +0000