ci: add license-header check

[yaozhen00]

Summary

Add repository-wide license header checking for PRs and align the local license-eye configuration with the SPDX short header format already used in this repo.

Changes

• Add license-header.yml to run apache/skywalking-eyes/header on pull requests targeting main.
• Add .licenserc.yaml with a short MIT SPDX header template for *.go, *.js, and *.py
• Add missing SPDX license header files

Test Plan

• Run license-eye -c .licenserc.yaml header check
• No lark-cli and skills change

Related Issues

• None

Summary by CodeRabbit

• Chores
  • Added an automated license-header validation workflow that runs on pull requests to main for Go, JavaScript, and Python changes.
  • Added a license configuration for inserting MIT headers and applied/update license headers across source files.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5c518ce9-831b-4f6d-bedc-e3fc078b9bd8

📥 Commits

Reviewing files that changed from the base of the PR and between 2c96495 and 3cfff95.

📒 Files selected for processing (1)

• .github/workflows/license-header.yml

✅ Files skipped from review due to trivial changes (1)

• .github/workflows/license-header.yml

---

📝 Walkthrough

Walkthrough

Added license-header enforcement: a GitHub Actions workflow and .licenserc.yaml config; applied MIT license headers to several Go and JavaScript source files.

Changes

Cohort / File(s)	Summary
CI Workflow & License Config .github/workflows/license-header.yml, .licenserc.yaml	New GitHub Actions workflow to validate/ensure license headers on PRs targeting main; .licenserc.yaml configures MIT header rules for **/*.go, **/*.js, **/*.py.
Go source files internal/auth/auth_response_log.go, internal/keychain/auth_log.go	Added MIT copyright and SPDX-License-Identifier: MIT file headers only.
JavaScript scripts scripts/install.js, scripts/pr-labels/test.js, scripts/run.js, scripts/skill-format-check/index.js	Added MIT copyright and SPDX-License-Identifier: MIT file headers only.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• feat(ci): refine PR business area labels and introduce skill format check #148: Touches the same script files (e.g., scripts/skill-format-check/index.js, scripts/pr-labels/test.js), potentially overlapping changes.

Suggested reviewers

• liangshuo-1

Poem

🐰 Hop, hop, the headers land,

Lines of law placed by a gentle hand,
MIT stitched on every file,
CI watches with a cheerful smile,
I nibble carrots and log the style.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'ci: add license-header check' is concise and clearly summarizes the main change: adding a CI workflow for license header validation.
Description check	✅ Passed	The PR description follows the template structure with all required sections completed: Summary explains the motivation, Changes lists the main modifications, Test Plan documents verification steps, and Related Issues is properly addressed.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/license_check

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR introduces a GitHub Actions workflow (license-header.yml) that runs apache/skywalking-eyes/header on pull requests targeting main when Go, JavaScript, or Python files are modified, and adds a .licenserc.yaml configuration for the MIT SPDX header format already used throughout the repo. The remaining six source files are brought into compliance by prepending the missing headers.

• Workflow: triggers on .go, .js, .py, .licenserc.yaml, and the workflow file itself; has correct contents: read + pull-requests: write permissions for the comment: on-failure feature; both actions/checkout and skywalking-eyes/header are pinned to commit SHAs.
• .licenserc.yaml: configures paths, ignores testdata/, and sets comment: on-failure; the copyright-year: "2026" field is hardcoded and will cause license-eye header fix to insert a stale year in future years (see inline comment).
• Source files: headers are correctly placed in all six files, including after the shebang in scripts/run.js.

Confidence Score: 5/5

Safe to merge; only remaining finding is a minor style suggestion about the hardcoded copyright year.

All P0/P1 concerns from prior review rounds have been addressed (pull-requests: write permission is present). The sole new finding is the hardcoded copyright-year: "2026" which is a P2 style issue — it has no impact on the CI check itself, only on future local fix runs.

.licenserc.yaml — minor hardcoded copyright year; all other files are straightforward header additions.

Important Files Changed

Filename	Overview
.github/workflows/license-header.yml	New CI workflow for license header checking; correct pull-requests: write permission present; both actions/checkout and skywalking-eyes/header are pinned to SHAs.
.licenserc.yaml	New license-eye config for MIT SPDX header; copyright-year is hardcoded to "2026" which will cause stale year in future fix runs.
internal/auth/auth_response_log.go	Adds missing SPDX license header; no functional changes.
internal/keychain/auth_log.go	Adds missing SPDX license header; no functional changes.
scripts/run.js	Adds license header correctly after the shebang line; no functional changes.
scripts/install.js	Adds missing SPDX license header; no functional changes.
scripts/pr-labels/test.js	Adds missing SPDX license header; no functional changes.
scripts/skill-format-check/index.js	Adds missing SPDX license header; no functional changes.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Pull Request opened/updated targeting main] --> B{Paths match *.go / *.js / *.py\n.licenserc.yaml / workflow file?}
    B -- No --> C[Workflow skipped]
    B -- Yes --> D[actions/checkout]
    D --> E[skywalking-eyes/header check\nconfig: .licenserc.yaml]
    E --> F{All files have\nSPDX header?}
    F -- Yes --> G[✅ Check passes]
    F -- No --> H[❌ Check fails\n+ PR comment posted\nvia pull-requests: write]

Loading

_{Reviews (2): Last reviewed commit: "ci: fix license-header workflow review i..." | Re-trigger Greptile}

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/license-header.yml (1)

7-9: Consider using **/*.ext for consistency with GitHub Actions conventions.

Both "**.go" and "**/*.go" reliably match nested files in GitHub Actions path filters. However, **/*.ext is the more idiomatic and explicit form recommended in official documentation and real-world workflows. For clarity and consistency with common patterns, update the filters on lines 7–9 to use the explicit double-star syntax.

Suggested update

-      - "**.go"
-      - "**.js"
-      - "**.py"
+      - "**/*.go"
+      - "**/*.js"
+      - "**/*.py"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/license-header.yml around lines 7 - 9, Update the path
filter patterns that currently use the ambiguous glob forms "**.go", "**.js",
and "**.py" to the explicit GitHub Actions convention "**/*.go", "**/*.js", and
"**/*.py"; locate and replace the string literals "**.go", "**.js", and "**.py"
in the workflow YAML (the entries shown in the diff) so all file globs
consistently use the double-star slash form.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/license-header.yml:
- Around line 7-9: Update the path filter patterns that currently use the
ambiguous glob forms "**.go", "**.js", and "**.py" to the explicit GitHub
Actions convention "**/*.go", "**/*.js", and "**/*.py"; locate and replace the
string literals "**.go", "**.js", and "**.py" in the workflow YAML (the entries
shown in the diff) so all file globs consistently use the double-star slash
form.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3bde46be-f0d0-4191-a91c-14f813c09224

📥 Commits

Reviewing files that changed from the base of the PR and between 135fde8 and 2c96495.

📒 Files selected for processing (8)

• .github/workflows/license-header.yml
• .licenserc.yaml
• internal/auth/auth_response_log.go
• internal/keychain/auth_log.go
• scripts/install.js
• scripts/pr-labels/test.js
• scripts/run.js
• scripts/skill-format-check/index.js

[github-actions]

🚀 PR Preview Install Guide

🧰 CLI update

npm i -g https://pkg.pr.new/larksuite/cli/@larksuite/cli@3cfff959601e630dbf4fd3ec9511639201bbcb7f

🧩 Skill update

npx skills add larksuite/cli#feat/license_check -y -g