ci(workflow): update release-audit & license config (#669)

Author: erisu

.github/workflows/release-audit.yml

@@ -6,12 +6,12 @@
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
-# http://www.apache.org/licenses/LICENSE-2.0
+#   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-#  KIND, either express or implied.  See the License for the
+# KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 
@@ -25,6 +25,9 @@ on:
     branches:
       - '*'
 
+permissions:
+  contents: read
+
 jobs:
   test:
     name: Audit Licenses
@@ -33,8 +36,8 @@ jobs:
       # Checkout project
       - uses: actions/checkout@v4
 
-      # Check license headers
-      - uses: erisu/apache-rat-action@v1
+      # Check license headers (v1.2.0)
+      - uses: erisu/apache-rat-action@3127a8c18f3bb10e91c60e835144085b31c5c463
 
       # Setup environment with node
       - uses: actions/setup-node@v4
@@ -45,7 +48,8 @@ jobs:
       - name: npm install packages
         run: npm i
 
-      # Check node package licenses
-      - uses: erisu/license-checker-action@e929758f9416f30234ac454fc9054ca4b803871d
+      # Check node package licenses (v2.0.0)
+      - uses: erisu/license-checker-action@1c222d0c2f5898a4c40b8bd6fd6888650bd6f68a
         with:
           license-config: 'licence_checker.yml'
+          include-asf-category-a: true

licence_checker.yml

@@ -6,59 +6,15 @@
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
-# http://www.apache.org/licenses/LICENSE-2.0
+#   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-#  KIND, either express or implied.  See the License for the
+# KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 
-# Compiled list of allowed 3RD PARTY LICENSES from:
-#
-# ASF CATEGORY A: WHAT CAN WE INCLUDE IN AN ASF PROJECT
-# https://www.apache.org/legal/resolved.html#category-a
-#
-# Licenses converted into the SPDX standardized short identifier format.
-# https://spdx.org/licenses/
-allowed-licenses:
-  - 0BSD
-  - AFL-3.0
-  - Apache-1.1
-  - Apache-2.0
-  - APAFML
-  - BlueOak-1.0.0
-  - BSD-2-Clause
-  - BSD-3-Clause
-  - BSD-3-Clause-LBNL
-  - BSL-1.0
-  - CC-PDDC
-  - CC0-1.0
-  - EPICS
-  - HPND
-  - ICU
-  - ISC
-  - MIT
-  - MIT-0
-  - MS-PL
-  - MulanPSL-2.0
-  - NCSA
-  - OGL-UK-3.0
-  - PHP-3.01
-  - PostgreSQL
-  - PSF-2.0
-  - SMLNJ
-  - Unicode-DFS-2016
-  - Unlicense
-  - UPL-1.0
-  - W3C
-  - WTFPL
-  - X11
-  - Xnet
-  - Zlib
-  - ZPL-2.0
-
 ignored-packages:
   - [email protected]
   - [email protected]