From 1f3b2adbfee2e70aff06809ae48573db676736fd Mon Sep 17 00:00:00 2001
From: Gronod <gordon@i3omb.com>
Date: Sun, 17 May 2026 20:19:19 +0100
Subject: [PATCH] =?UTF-8?q?ci:=20add=20licence-check=20workflow=20?=
 =?UTF-8?q?=E2=80=94=20validates=20production=20dep=20licences=20against?=
 =?UTF-8?q?=20MIT-compatible=20allowlist?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitea/workflows/licence-check.yml | 38 ++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 .gitea/workflows/licence-check.yml

diff --git a/.gitea/workflows/licence-check.yml b/.gitea/workflows/licence-check.yml
new file mode 100644
index 0000000..629fe80
--- /dev/null
+++ b/.gitea/workflows/licence-check.yml
@@ -0,0 +1,38 @@
+name: Licence Check
+
+on:
+  push:
+    branches: ["**"]
+    paths:
+      - "package.json"
+      - "package-lock.json"
+      - ".gitea/workflows/licence-check.yml"
+  pull_request:
+    branches: ["**"]
+    paths:
+      - "package.json"
+      - "package-lock.json"
+      - ".gitea/workflows/licence-check.yml"
+
+jobs:
+  licence-check:
+    name: Dependency licence compatibility
+    runs-on: ubuntu-latest
+    continue-on-error: true
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "22"
+
+      - name: Install production dependencies
+        run: npm ci --omit=dev
+
+      - name: Check licence compatibility
+        run: |
+          npx --yes license-checker --production \
+            --onlyAllow "MIT;ISC;MIT-0;BSD-2-Clause;BSD-3-Clause;Apache-2.0;CC0-1.0;BlueOak-1.0.0" \
+            --excludePrivatePackages \
+            && echo "All production dependency licences are compatible with MIT."