ENGINEERING

Fail GitLab merge requests on disallowed dependency licenses

Runs as a GitLab merge-request pipeline step, scans added dependencies for forbidden licenses.

CategoryEngineering

Enginesim

Difficultyintermediate

Triggerevent

Steps6

Setup~15 min

How it runs

The automated pipeline, trigger to output.

TriggerGitLab merge request eventGitLab
ActionExtract added or bumped dependencies from MR diffGitLab
ActionResolve and normalize SPDX license per packageGitLab
LogicEvaluate licenses against denylist and unknown rule
ActionFail the pipeline job on violationGitLab
OutputPost discussion note with offending packagesGitLab

What it does

This workflow hooks into GitLab merge request events and acts as a license compliance gate inside your pipeline. It reads the dependency changes introduced by the MR, resolves each new package's SPDX license, and fails the pipeline when any license falls outside your policy. It then posts a discussion note on the MR explaining which packages tripped the gate.

When to use it

Use this for GitLab-hosted projects where you enforce licensing through pipeline status rather than commit checks. Good for teams that already require green pipelines to merge and want license drift to be one of those required signals.

How it works

1A GitLab merge_request event triggers the workflow.
2It pulls the MR diff and extracts dependencies added or version-bumped in the manifest.
3Each package license is resolved and normalized to an SPDX identifier.
4A logic step evaluates licenses against your denylist and unknown-license rule.
5If clean, it reports a passing pipeline job and stops.
6On a violation it fails the pipeline job and adds a GitLab discussion note naming the non-compliant packages and licenses.

Set it up

What you configure once, before turning it on.

1
Connect GitLabRepos, MRs, pipelines, registry.
2
Set each agent's modelWe leave models unset so you pick the tier — fast + cheap, or top-quality.
3
Tune it to your dataEdit the prompts, filters, and field mappings so it matches how your team works.
4
Test, then turn it onRun once against a sample, confirm the output, then enable the trigger.

More Engineering workflows

Gate breaking API PRs behind downstream consumer acknowledgement

When a PR introduces a breaking contract change, comments the impact summary back on the PR, applies a blocking label.

Publish a versioned API changelog to Confluence on each release tag

On a new semver release tag, gathers the contract changes since the last release and writes a clean.

Agent reviews model-license fit and suggests compliant swaps on the PR

When a PR adds a Hugging Face model, an agent reads the model card and license, judges fit against your commercial-use policy.

Upgrade Impact Router to Module Code Owners

Maps a dependency-bump PR's affected modules to their CODEOWNERS, then DMs each owner on Slack with only the changelog slice that touches code they own.

Re-Voice IVR Prompts on Phone-Tree Config Merge

When a phone-tree config change merges in GitHub, regenerates the ElevenLabs audio for any prompt whose script changed in the diff and opens a follow-up PR adding the new audio…

Upstream Release to Notion Upgrade Brief

When a watched package publishes a new release, fetches the release notes, maps them to the internal modules that depend on it.

Browse all Engineering →

Run it inside a business

This workflow drops into a full company template. Import the org, and this is one of the playbooks its agents run.

Software

Agent Hive runs Agent Hive

The team that built Agent Hive, exactly as it runs today.

Marketing

Content Marketing Agency

SEO, blogs, social, and reporting on autopilot.

E-commerce

E-commerce Operator

Listings, support, inventory, and ads — running 24/7.

Browse all business templates →Solutions by industry →

Run this workflow in your colony.

14-day trial. No DevOps. No Sales call. Provisioned in under a minute.

Join the Waitlist Browse all workflows →