arduino · beanrepo · Apr 22, 2026 · Apr 22, 2026 · Apr 22, 2026 · Apr 22, 2026
diff --git a/.github/workflows/check-dependency-licenses.yml b/.github/workflows/check-dependency-licenses.yml
@@ -0,0 +1,151 @@
+name: Check dependency licenses
+on:
+  pull_request:
+
+permissions:
+  contents: read
+
+jobs:
+  check-dependency-licenses:
+    runs-on: ubuntu-24.04-arm
+    env:
+      PYTHON_VERSION: "3.13"
+      TASKFILE_VERSION: "v3.44.0"
+      TASKFILE_PATH: "/home/runner/go/bin"
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ env.PYTHON_VERSION }}
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.3'
+
+      - name: Install system dependencies
+        run: sudo apt-get install -y -qq portaudio19-dev libzbar0
+
+      - name: Install Taskfile
+        run: which task || curl -sSfL https://taskfile.dev/install.sh | sh -s -- -b ${{ env.TASKFILE_PATH }} ${{ env.TASKFILE_VERSION }}
+
+      - name: Check dependency licenses (licensed status)
+        id: licensed
+        run: |
+          export PATH="${{ env.TASKFILE_PATH }}:$PATH"
+          task license:deps 2>&1 | tee licensed_status.log || true
+
+      - name: Annotate and summarize errors
+        if: always()
+        run: |
+          actual_errors_file=$(mktemp)
+          install_warnings_file=$(mktemp)
+          updated_records_raw_file=$(mktemp)
+          updated_records_file=$(mktemp)
+
+          awk '
+            function flush() {
+              if (block != "") {
+                print block >> output_file
+                print "" >> output_file
+                block = ""
+              }
+            }
+
+            /^Errors:$/ { in_errors = 1; next }
+            in_errors && /^\* / { flush(); block = $0; next }
+            in_errors && /^[[:space:]]+/ {
+              if (block != "") {
+                block = block "\n" $0
+              }
+              next
+            }
+            in_errors && /^$/ { flush(); next }
+            in_errors { flush(); in_errors = 0 }
+            END { flush() }
+          ' output_file="$actual_errors_file" licensed_status.log
+
+          grep '^::warning::Failed to install ' licensed_status.log | \
+            sed -E 's/^::warning::Failed to install ([^ ]+) in (.+)$/- `\1` in `\2`/' | \
+            sort -u > "$install_warnings_file" || true
+
+          git diff --name-only -- .licenses | \
+            grep -E '\.dep\.ya?ml$' | \
+            sed -E 's#^\.licenses/##; s#\.dep\.ya?ml$##; s#/#.#g' | \
+            sort -u > "$updated_records_raw_file" || true
+
+          sed -E 's#^#- `#; s#$#`#' "$updated_records_raw_file" > "$updated_records_file" || true
+
+          echo "### Licensed Summary" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+
+          if [ -s "$actual_errors_file" ]; then
+            echo "::error::Dependency license cache is out of date. Run 'task license:deps' locally, then review the changes, commit, and push the updated files."
+            echo "❌ The following dependency license issues require review:" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            awk '
+              BEGIN { RS=""; ORS="\n\n" }
+              NF { print "```text\n" $0 "\n```" }
+            ' "$actual_errors_file" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "✅ No blocking dependency license issues found." >> $GITHUB_STEP_SUMMARY
+          fi
+
+          if [ -s "$install_warnings_file" ]; then
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "### Errors installing dependencies" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "⚠️ These warnings are non-blocking, but they can make the license scan less complete for the affected environment." >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            cat "$install_warnings_file" >> $GITHUB_STEP_SUMMARY
+          fi
+
+          if [ -s "$updated_records_file" ]; then
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "### Outdated dependency records" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "⚠️ These records changed during \`licensed cache\`. This can reflect dependency version updates, license text changes, or other cached metadata changes. They are non-blocking here, but usually mean the branch did not yet contain the latest cached dependency metadata. Please consider to run \`task license:deps\` locally, then review the changes, commit, and push the updated files." >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            cat "$updated_records_file" >> $GITHUB_STEP_SUMMARY
+            while IFS= read -r record; do
+              [ -n "$record" ] || continue
+              echo "::warning::Dependency record out-of-date: $record"
+            done < "$updated_records_raw_file"
+          fi
+
+
+          if [ -s "$actual_errors_file" ]; then
+            # GitHub workflow commands need escaped newlines, otherwise only the
+            # first line is attached to the annotation and the rest is plain log output.
+            awk '
+              function escape(text, escaped) {
+                escaped = text
+                gsub(/%/, "%25", escaped)
+                gsub(/\r/, "%0D", escaped)
+                gsub(/\n/, "%0A", escaped)
+                return escaped
+              }
+
+              function flush() {
+                if (block != "") {
+                  print "::error::" escape(block)
+                  block = ""
+                }
+              }
+
+              /^\* / { flush(); block = $0; next }
+              /^[[:space:]]+/ {
+                if (block != "") {
+                  block = block "\n" $0
+                }
+                next
+              }
+              /^$/ { flush(); next }
+              END { flush() }
+            ' "$actual_errors_file"
+
+            exit 1
+          fi
diff --git a/.github/workflows/ci-checks.yml b/.github/workflows/ci-checks.yml
@@ -58,10 +58,10 @@ jobs:
       - name: Check license headers and files
         run: |
           export PATH="${{ env.TASKFILE_PATH }}:$PATH"
-          task license > /dev/null 2>&1
+          task license:headers > /dev/null 2>&1
           if git diff --quiet; then
-            echo "License data is up to date!"
+            echo "License headers are up to date!"
           else
-            echo "Please update license headers and files by running 'task license'."
+            echo "Please update license headers by running 'task license:headers'."
             exit 1
           fi
diff --git a/.gitignore b/.gitignore
@@ -130,6 +130,8 @@ celerybeat.pid
 # Environments
 .env
 .venv
+.licensed-venv-*
+containers/*/.licensed-venv/
 env/
 venv/
 ENV/

diff --git a/.licensed.yml b/.licensed.yml
@@ -0,0 +1,66 @@
+cache_path: .licenses
+
+apps:
+  - name: arduino-app-bricks
+    source_path: .
+    sources:
+      pip: true
+    python:
+      virtual_env_dir: ".licensed-venv-lib"
+
+
+  - name: python-base
+    source_path: .
+    sources:
+      pip: true
+    python:
+      virtual_env_dir: "containers/python-base/.licensed-venv"
+
+  - name: aihub-models-runner
+    source_path: .
+    sources:
+      pip: true
+    python:
+      virtual_env_dir: "containers/aihub-models-runner/.licensed-venv"
+
+  - name: gesture-recognition-runner
+    source_path: .
+    sources:
+      pip: true
+    python:
+      virtual_env_dir: "containers/gesture-recognition-runner/.licensed-venv"
+
+  - name: python-apps-base
+    source_path: .
+    sources:
+      pip: true
+    python:
+      virtual_env_dir: "containers/python-apps-base/.licensed-venv"
+
+stale_records_action: error
+
+ignored:
+  pip:
+    - pip
+    - setuptools
+    - wheel
+    - uv
+    - arduino-app-bricks
+    - arduino_app_bricks
+
+allowed:
+  - mpl-2.0
+  - apache-2.0
+  - mit
+  - mit-cmu
+  - bsd-2-clause
+  - bsd-3-clause
+  - cc0-1.0
+  - isc
+  - psf-2.0
+  - unlicense
+  - ofl-1.1
+  - lgpl-3.0-only
+  - epl-2.0
+  - hpnd
+  - zpl-2.1
diff --git a/.licenses/aihub-models-runner/pip/Flask.dep.yml b/.licenses/aihub-models-runner/pip/Flask.dep.yml
@@ -0,0 +1,39 @@
+---
+name: Flask
+version: 3.1.3
+type: pip
+summary: A simple framework for building complex web applications.
+homepage: ''
+license: bsd-3-clause
+licenses:
+- sources: LICENSE.txt
+  text: |
+    Copyright 2010 Pallets
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are
+    met:
+
+    1.  Redistributions of source code must retain the above copyright
+        notice, this list of conditions and the following disclaimer.
+
+    2.  Redistributions in binary form must reproduce the above copyright
+        notice, this list of conditions and the following disclaimer in the
+        documentation and/or other materials provided with the distribution.
+
+    3.  Neither the name of the copyright holder nor the names of its
+        contributors may be used to endorse or promote products derived from
+        this software without specific prior written permission.
+
+    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+    "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+    PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+    HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+    SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+    TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+    PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+    LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+    NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+    SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+notices: []
diff --git a/.licenses/aihub-models-runner/pip/Jinja2.dep.yml b/.licenses/aihub-models-runner/pip/Jinja2.dep.yml
@@ -0,0 +1,39 @@
+---
+name: Jinja2
+version: 3.1.6
+type: pip
+summary: A very fast and expressive template engine.
+homepage: ''
+license: bsd-3-clause
+licenses:
+- sources: LICENSE.txt
+  text: |
+    Copyright 2007 Pallets
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are
+    met:
+
+    1.  Redistributions of source code must retain the above copyright
+        notice, this list of conditions and the following disclaimer.
+
+    2.  Redistributions in binary form must reproduce the above copyright
+        notice, this list of conditions and the following disclaimer in the
+        documentation and/or other materials provided with the distribution.
+
+    3.  Neither the name of the copyright holder nor the names of its
+        contributors may be used to endorse or promote products derived from
+        this software without specific prior written permission.
+
+    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+    "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+    PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+    HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+    SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+    TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+    PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+    LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+    NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+    SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+notices: []
diff --git a/.licenses/aihub-models-runner/pip/MarkupSafe.dep.yml b/.licenses/aihub-models-runner/pip/MarkupSafe.dep.yml
@@ -0,0 +1,39 @@
+---
+name: MarkupSafe
+version: 3.0.3
+type: pip
+summary: Safely add untrusted strings to HTML/XML markup.
+homepage: ''
+license: bsd-3-clause
+licenses:
+- sources: LICENSE.txt
+  text: |
+    Copyright 2010 Pallets
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are
+    met:
+
+    1.  Redistributions of source code must retain the above copyright
+        notice, this list of conditions and the following disclaimer.
+
+    2.  Redistributions in binary form must reproduce the above copyright
+        notice, this list of conditions and the following disclaimer in the
+        documentation and/or other materials provided with the distribution.
+
+    3.  Neither the name of the copyright holder nor the names of its
+        contributors may be used to endorse or promote products derived from
+        this software without specific prior written permission.
+
+    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+    "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+    PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+    HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+    SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+    TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+    PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+    LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+    NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+    SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+notices: []
-Original file line number
+Diff line change
@@ Expand Up / @@ -130,6 +130,8 @@ celerybeat.pid @@
     # Environments
     .env
     .venv
+    .licensed-venv-*
+    containers/*/.licensed-venv/
     env/
     venv/
     ENV/
@@ Expand Down @@