chore: exclude website/ docusaurus tree from FOSSA license scan

[leaanthony]

Summary

Resolves the 3 FOSSA License Compliance findings currently red on every master commit since #5443.

All three findings trace to a single package: node-forge@1.4.0, pulled in only at depth-4 by Docusaurus's dev-server stack:

website → @docusaurus/core → webpack-dev-server → selfsigned → node-forge

node-forge declares (BSD-3-Clause OR GPL-2.0). FOSSA's default policy flags the GPL branch of any OR expression unless an explicit election is recorded, and its text-scanner reports both GPL-1.0 and GPL-2.0 from the bundled LICENSE file — same package, 3 findings.

Why exclude rather than elect

.fossa.yml (v3 schema) has no per-dependency license-election syntax — that lives in FOSSA's web UI under a paid SKU. The available YAML mechanisms are path/target exclusion.

node-forge is build-time only for serving the docs site locally; it is not distributed with the Wails Go module or @wailsio/runtime. Scoping FOSSA out of website/ keeps the compliance posture focused on what wails users actually consume.

Narrow exclusion (website/ only) — docs/ and scripts/sponsors/ also carry LGPL sharp transitives but those aren't currently flagging, so they're left in scope.

Test plan

• Merge, then wait for FOSSA to re-scan master — the License Compliance check should go green
• Confirm PR 5466 (and other open PRs) inherit the green status on their next push

Summary by CodeRabbit

• Chores
  • Updated FOSSA configuration file to version 3 with refined license-scanning settings.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 835d78bc-d71a-4598-a8fb-34d4f591ba14

📥 Commits

Reviewing files that changed from the base of the PR and between 38edcc1 and 1c56a27.

📒 Files selected for processing (1)

• .fossa.yml

---

Walkthrough

The .fossa.yml configuration file is updated to FOSSA version 3 format and adds a new npm license-scanning exclusion for the website directory. Comments explain that local documentation tooling (Docusaurus, webpack-dev-server, selfsigned, node-forge) should not impact the distributed Wails Go module or @wailsio/runtime npm package licensing.

Changes

FOSSA npm license scanning exclusion

Layer / File(s)	Summary
FOSSA npm exclusion configuration .fossa.yml	FOSSA configuration format updated to version 3 with a new targets.exclude rule that omits npm artifacts in the website directory from license scanning to prevent build-time documentation dependencies from triggering SPDX-related license policy issues.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

A rabbit hops through configs neat,
Excluding paths with nimble feat,
No license scans shall find the site,
Where docs build tools work day and night! 🐰📋

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: excluding website/ Docusaurus tree from FOSSA license scanning, which directly matches the PR's primary objective.
Description check	✅ Passed	The PR description provides comprehensive context (issue summary, root cause, rationale, and test plan) but lacks formal alignment with the repository's template structure, including type-of-change checkboxes and testing environment details.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/fossa-exclude-website

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Adds a FOSSA v3 configuration file to exclude the website/ (Docusaurus docs site) npm dependency tree from FOSSA license scanning, so license compliance findings from build-time-only transitive dependencies don’t gate merges.

Changes:

• Introduces .fossa.yml using the v3 schema.
• Excludes the website/ npm target from FOSSA scanning via targets.exclude.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.