From 1690fa2dbe4efb48a20be8035e5ea2b5610a4890 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Tron=C3=AD=C4=8Dek?= <filip@gitpod.io>
Date: Thu, 25 Nov 2021 18:35:46 +0000
Subject: [PATCH 1/6] Check whether extension has an OSI approved license

---
 lib/resolveExtension.js | 21 +++++++++++++++++++++
 package.json            |  1 +
 2 files changed, 22 insertions(+)

diff --git a/lib/resolveExtension.js b/lib/resolveExtension.js
index 8aee71195..a6934b786 100644
--- a/lib/resolveExtension.js
+++ b/lib/resolveExtension.js
@@ -4,6 +4,7 @@ const fs = require('fs');
 const path = require('path');
 const Octokit = require('octokit').Octokit;
 const readVSIXPackage = require('vsce/out/zip').readVSIXPackage;
+const osiLicenses = require('osi-licenses');
 const download = require('download');
 const exec = require('./exec');
 
@@ -53,6 +54,26 @@ exports.resolveExtension = async function ({ id, repository, location }, ms) {
   await exec(`git clone --filter=blob:none --recurse-submodules ${repository} ${repoPath}`, { quiet: true });
 
   const packagePath = [repoPath, location, 'package.json'].filter(p => !!p).join('/');
+
+  //#region Check if the extension has an OSI-approved open-source license
+  try {
+    const manifest = JSON.parse(await fs.promises.readFile(packagePath, 'utf-8'));
+    const license = manifest.license;
+    if (!(license && Object.keys(osiLicenses).includes(license))) {
+      if (repositoryUrl.hostname !== 'github.com') return undefined;
+
+      const ghLicenseResponse = (await octokit.rest.licenses.getForRepo({ owner, repo })).data.license;
+      if (!Object.keys(osiLicenses).includes(ghLicenseResponse.spdx_id)) {
+        console.log(`Not an OSS license: ${ghLicenseResponse.name} (${ghLicenseResponse.spdx_id})`);
+        return undefined;
+      }
+    }
+  } catch {
+    console.log('Can\'t process license');
+    return undefined;
+  }
+  //#endregion
+
   /**
    * @param {string} ref 
    * @returns {Promise<string | undefined>}
diff --git a/package.json b/package.json
index 4e497c461..22409b288 100644
--- a/package.json
+++ b/package.json
@@ -27,6 +27,7 @@
     "download": "^8.0.0",
     "minimist": "^1.2.5",
     "octokit": "^1.7.0",
+    "osi-licenses": "^0.1.1",
     "ovsx": "latest",
     "semver": "^7.1.3",
     "vsce": "^2.3.0"

From 8ca8151b62749d0468f9f183f94fe6e1beb846c0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Tron=C3=AD=C4=8Dek?= <filip@gitpod.io>
Date: Fri, 26 Nov 2021 13:00:49 +0000
Subject: [PATCH 2/6] Update to FIlip's package

---
 lib/resolveExtension.js | 8 ++++----
 package.json            | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/resolveExtension.js b/lib/resolveExtension.js
index a6934b786..42b99fd0e 100644
--- a/lib/resolveExtension.js
+++ b/lib/resolveExtension.js
@@ -4,7 +4,7 @@ const fs = require('fs');
 const path = require('path');
 const Octokit = require('octokit').Octokit;
 const readVSIXPackage = require('vsce/out/zip').readVSIXPackage;
-const osiLicenses = require('osi-licenses');
+const checkLicense = require('osi-license-checker');
 const download = require('download');
 const exec = require('./exec');
 
@@ -59,17 +59,17 @@ exports.resolveExtension = async function ({ id, repository, location }, ms) {
   try {
     const manifest = JSON.parse(await fs.promises.readFile(packagePath, 'utf-8'));
     const license = manifest.license;
-    if (!(license && Object.keys(osiLicenses).includes(license))) {
+    if (!(license && checkLicense.checkShorthand(license))) {
       if (repositoryUrl.hostname !== 'github.com') return undefined;
 
       const ghLicenseResponse = (await octokit.rest.licenses.getForRepo({ owner, repo })).data.license;
-      if (!Object.keys(osiLicenses).includes(ghLicenseResponse.spdx_id)) {
+      if (!checkLicense.checkShorthand(ghLicenseResponse.spdx_id)) {
         console.log(`Not an OSS license: ${ghLicenseResponse.name} (${ghLicenseResponse.spdx_id})`);
         return undefined;
       }
     }
   } catch {
-    console.log('Can\'t process license');
+    console.log('Can\'t get license');
     return undefined;
   }
   //#endregion
diff --git a/package.json b/package.json
index 22409b288..c0899e730 100644
--- a/package.json
+++ b/package.json
@@ -27,7 +27,7 @@
     "download": "^8.0.0",
     "minimist": "^1.2.5",
     "octokit": "^1.7.0",
-    "osi-licenses": "^0.1.1",
+    "osi-license-checker": "^1.3.0",
     "ovsx": "latest",
     "semver": "^7.1.3",
     "vsce": "^2.3.0"

From 735580245029703de331e4dae97de4d32a3c31fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Tron=C3=AD=C4=8Dek?= <filip@gitpod.io>
Date: Mon, 29 Nov 2021 12:07:50 +0000
Subject: [PATCH 3/6] Update package version

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index c0899e730..dad25a124 100644
--- a/package.json
+++ b/package.json
@@ -27,7 +27,7 @@
     "download": "^8.0.0",
     "minimist": "^1.2.5",
     "octokit": "^1.7.0",
-    "osi-license-checker": "^1.3.0",
+    "osi-license-checker": "latest",
     "ovsx": "latest",
     "semver": "^7.1.3",
     "vsce": "^2.3.0"

From c58a8c517c29fec96e07f68f91670aa7eed98e97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Tron=C3=AD=C4=8Dek?= <filip@gitpod.io>
Date: Thu, 20 Jan 2022 19:13:44 +0000
Subject: [PATCH 4/6] More different error messages

---
 lib/resolveExtension.js | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/lib/resolveExtension.js b/lib/resolveExtension.js
index e60720cbc..ef3c11ec6 100644
--- a/lib/resolveExtension.js
+++ b/lib/resolveExtension.js
@@ -59,12 +59,21 @@ exports.resolveExtension = async function ({ id, repository, location }, ms) {
   try {
     const manifest = JSON.parse(await fs.promises.readFile(packagePath, 'utf-8'));
     const license = manifest.license;
-    if (!(license && checkLicense.checkShorthand(license))) {
-      if (repositoryUrl.hostname !== 'github.com') return undefined;
+    if (!license) {
+
+      if (!checkLicense.checkShorthand(license)) {
+        console.error(`Not an OSS license: ${license}`);
+        return undefined;
+      }
+
+      if (repositoryUrl.hostname !== 'github.com') {
+        console.error('Can\' check license on non-github repositories ')
+        return undefined;
+      }
 
       const ghLicenseResponse = (await octokit.rest.licenses.getForRepo({ owner, repo })).data.license;
       if (!checkLicense.checkShorthand(ghLicenseResponse.spdx_id)) {
-        console.log(`Not an OSS license: ${ghLicenseResponse.name} (${ghLicenseResponse.spdx_id})`);
+        console.error(`Not an OSS license: ${ghLicenseResponse.name} (${ghLicenseResponse.spdx_id})`);
         return undefined;
       }
     }

From 61c3256c77d485e466495e69ef5eb9af4df26585 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Tron=C3=AD=C4=8Dek?= <filip@gitpod.io>
Date: Wed, 2 Feb 2022 21:06:35 +0000
Subject: [PATCH 5/6] Move license checking to its separate file

---
 lib/checkLicense.js     | 47 +++++++++++++++++++++++++++++++++++++++++
 lib/resolveExtension.js | 30 +-------------------------
 publish-extension.js    | 13 ++++++++++++
 3 files changed, 61 insertions(+), 29 deletions(-)
 create mode 100644 lib/checkLicense.js

diff --git a/lib/checkLicense.js b/lib/checkLicense.js
new file mode 100644
index 000000000..44ed77e27
--- /dev/null
+++ b/lib/checkLicense.js
@@ -0,0 +1,47 @@
+// @ts-check
+
+const checkLicense = require("osi-license-checker");
+const fs = require('fs');
+const octokit = require('octokit');
+
+/**
+ * Check if the extension has an OSI-approved open-source license
+ * @param {URL} url
+ * @param {string} owner
+ * @param {string} repo
+ * @param {octokit.Octokit} octokit a preauthenthicated octokit client
+ * @param {string} packagePath
+ */
+exports.checkLicense = async function(url, owner, repo, octokit, packagePath) {
+  try {
+    const manifest = JSON.parse(
+      await fs.promises.readFile(packagePath, "utf-8")
+    );
+    const license = manifest.license;
+    if (!license) {
+      if (!checkLicense.checkShorthand(license)) {
+        console.error(`Not an OSS license: ${license}`);
+        return false;
+      }
+
+      if (url.hostname !== "github.com") {
+        console.error("Can' check license on non-github repositories ");
+        return false;
+      }
+
+      const ghLicenseResponse = (
+        await octokit.rest.licenses.getForRepo({ owner, repo })
+      ).data.license;
+      if (!checkLicense.checkShorthand(ghLicenseResponse.spdx_id)) {
+        console.error(
+          `Not an OSS license: ${ghLicenseResponse.name} (${ghLicenseResponse.spdx_id})`
+        );
+        return false;
+      }
+      return true;
+    }
+  } catch (e) {
+    console.error("Can't get license", e);
+    return false;
+  }
+}
diff --git a/lib/resolveExtension.js b/lib/resolveExtension.js
index ef3c11ec6..e73bc88fb 100644
--- a/lib/resolveExtension.js
+++ b/lib/resolveExtension.js
@@ -4,9 +4,9 @@ const fs = require('fs');
 const path = require('path');
 const Octokit = require('octokit').Octokit;
 const readVSIXPackage = require('vsce/out/zip').readVSIXPackage;
-const checkLicense = require('osi-license-checker');
 const download = require('download');
 const exec = require('./exec');
+const { checkLicense } = require('./checkLicense');
 
 const token = process.env.GITHUB_TOKEN;
 if (!token) {
@@ -55,34 +55,6 @@ exports.resolveExtension = async function ({ id, repository, location }, ms) {
 
   const packagePath = [repoPath, location, 'package.json'].filter(p => !!p).join('/');
 
-  //#region Check if the extension has an OSI-approved open-source license
-  try {
-    const manifest = JSON.parse(await fs.promises.readFile(packagePath, 'utf-8'));
-    const license = manifest.license;
-    if (!license) {
-
-      if (!checkLicense.checkShorthand(license)) {
-        console.error(`Not an OSS license: ${license}`);
-        return undefined;
-      }
-
-      if (repositoryUrl.hostname !== 'github.com') {
-        console.error('Can\' check license on non-github repositories ')
-        return undefined;
-      }
-
-      const ghLicenseResponse = (await octokit.rest.licenses.getForRepo({ owner, repo })).data.license;
-      if (!checkLicense.checkShorthand(ghLicenseResponse.spdx_id)) {
-        console.error(`Not an OSS license: ${ghLicenseResponse.name} (${ghLicenseResponse.spdx_id})`);
-        return undefined;
-      }
-    }
-  } catch {
-    console.log('Can\'t get license');
-    return undefined;
-  }
-  //#endregion
-
   /**
    * @param {string} ref
    * @returns {Promise<string | undefined>}
diff --git a/publish-extension.js b/publish-extension.js
index 6feeb56aa..8aab75dc4 100644
--- a/publish-extension.js
+++ b/publish-extension.js
@@ -16,6 +16,14 @@ const path = require('path');
 const semver = require('semver');
 const exec = require('./lib/exec');
 const { createVSIX } = require('vsce');
+const { checkLicense } = require('./lib/checkLicense');
+const { Octokit } = require('octokit');
+
+const token = process.env.GITHUB_TOKEN;
+if (!token) {
+  throw new Error("GITHUB_TOKEN env var is not set");
+}
+const octokit = new Octokit({ auth: token });
 
 (async () => {
     /**
@@ -32,6 +40,11 @@ const { createVSIX } = require('vsce');
             packagePath = path.join(packagePath, extension.location);
         }
 
+        const [owner, repo] = extension.repository.slice(1).split("/");
+        if (!(await checkLicense(new URL(extension.repository), owner, repo, octokit, packagePath+'/package.json'))) {
+            process.exit(1);
+        }
+
         /** @type {import('ovsx').PublishOptions} */
         let options;
         if (context.file) {

From 7dfa50282911923ab6168e055bc0a3136b4a2735 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Filip=20Tron=C3=AD=C4=8Dek?= <filip@gitpod.io>
Date: Thu, 3 Feb 2022 10:14:52 +0000
Subject: [PATCH 6/6] Copyright header

---
 lib/checkLicense.js | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/checkLicense.js b/lib/checkLicense.js
index 44ed77e27..6f7ba1c2e 100644
--- a/lib/checkLicense.js
+++ b/lib/checkLicense.js
@@ -1,5 +1,14 @@
-// @ts-check
+/********************************************************************************
+ * Copyright (c) 2022 TypeFox and others
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0 which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ ********************************************************************************/
 
+// @ts-check
 const checkLicense = require("osi-license-checker");
 const fs = require('fs');
 const octokit = require('octokit');