CI: add checks for Python and npm package licenses (mozilla#3383)

.github/workflows/backend.yml

@@ -53,15 +53,19 @@ jobs:
           -r requirements/dev.txt
           -r requirements/test.txt
           -r requirements/lint.txt
-
+      - name: Install pip-licenses
+        run: uv pip install 'pip-licenses==5.0.0'
+      - name: Check licenses
+        run: |
+          pip-licenses
+          pip-licenses --fail-on="GNU General Public License (GPL)" --ignore-packages text-unidecode translate-toolkit silme
       # Set environment variables
       - run: uv pip install pytest-dotenv
       - run: >
           sed
           -e 's#^DATABASE_URL=.*#DATABASE_URL=postgres://pontoon:pontoon@localhost/pontoon#'
           -e '/^SITE_URL=/d'
           docker/config/server.env.template > .env
-
       # Run collectstatic with minimal dependencies, skipping the actual front-end build
       - run: npm install
         working-directory: pontoon

.github/workflows/frontend.yml

@@ -32,6 +32,24 @@ jobs:
         run: npm run build
         working-directory: translate
 
+  licenses:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with: { node-version: '18' }
+      - name: Install globals
+        run: npm install --global [email protected]
+      - name: Install dependencies
+        run: npm ci
+      - name: Check licenses
+        run: |
+          # --failOn doesn't print the licenses on failure.
+          # Use jq to print only minimal info, then print a summary when
+          # checking for GPL packages.
+          license-checker-rseidelsohn --json | jq -r 'to_entries[] | "\(.key): \(.value.licenses)"'
+          license-checker-rseidelsohn --summary --failOn 'GPL'
+
   jest:
     runs-on: ubuntu-latest
     steps: