Add 3PP license check as part of PR CI

The license check can be triggered locally: yarn license:check For automatic opening of IP tickets for suspicious depedencies, set an Eclipse Foundation gitlab token as environment variable "DASH_TOKEN" and run the alternate pacakge.json script. e.g.: export DASH_TOKEN="<your token>" yarn license:check:reviewAdd 3PP license check as part of PR CI Closes #189 Signed-off-by: Marc Dumais <[email protected]>
eclipse-cdt-cloud · Jan 29, 2024 · 440b356 · 440b356
1 parent 77ecfef
commit 440b356
Show file tree

Hide file tree

Showing 5 changed files with 71 additions and 2 deletions.
diff --git a/.github/workflows/license-check-workflow.yml b/.github/workflows/license-check-workflow.yml
@@ -0,0 +1,52 @@
+name: 3PP License Check
+
+on:
+  push:
+    branches:
+      - master
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - master
+  schedule:
+    - cron: '0 4 * * *' # Runs every day at 4am: https://docs.github.com/en/actions/reference/events-that-trigger-workflows#scheduled-events-schedule
+
+jobs:
+
+  License-check:
+    name: 3PP License Check using dash-licenses
+
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest]
+        node: [18]
+        java: [11]
+
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 20
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 2
+
+      - name: Use Node.js ${{ matrix.node }}
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ matrix.node }}
+
+      - name: Use Java ${{ matrix.java }}
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'adopt'
+          java-version: ${{ matrix.java }}
+
+      - name: Run dash-licenses
+        shell: bash
+        run: |
+          yarn --frozen-lockfile
+          yarn license:check
+        env:
+          DASH_TOKEN: ${{ secrets.DASH_LICENSES_PAT }}
diff --git a/.gitignore b/.gitignore
@@ -39,3 +39,5 @@ lerna-error.log*
 
 *.vsix
 *.tsbuildinfo
+
+license-check-summary.txt*
diff --git a/configs/license-check-config.json b/configs/license-check-config.json
@@ -0,0 +1,8 @@
+{
+    "project": "ecd.cdt-cloud",
+    "review": false,
+    "inputFile": "yarn.lock",
+    "batch": 50,
+    "timeout": 200,
+    "summary": "license-check-summary.txt"
+}
diff --git a/package.json b/package.json
@@ -13,9 +13,12 @@
     "download:sample-traces": "curl -o TraceCompassTutorialTraces.tgz https://raw.githubusercontent.com/dorsal-lab/tracevizlab/master/labs/TraceCompassTutorialTraces.tgz; tar -xf TraceCompassTutorialTraces.tgz",
     "download:openvscode-server": "mkdir -p test-resources; cd test-resources; curl -L -o openvscode-server-v1.77.3-linux-x64.tar.gz https://github.com/gitpod-io/openvscode-server/releases/download/openvscode-server-v1.77.3/openvscode-server-v1.77.3-linux-x64.tar.gz; tar -xf openvscode-server-v1.77.3-linux-x64.tar.gz",
     "configure:openvscode-server": "cd test-resources/openvscode-server-v1.77.3-linux-x64/bin/; sed -i 's;\"$@\".*$;\"$@\" --without-connection-token --install-extension $ROOT/../../vscode-trace-extension/vscode-trace-extension-0.1.0.vsix --default-folder=$ROOT/../../TraceCompassTutorialTraces --start-server;g' openvscode-server",
-    "start:openvscode-server": "cd test-resources/openvscode-server-v1.77.3-linux-x64/bin/; ./openvscode-server ${0}"
+    "start:openvscode-server": "cd test-resources/openvscode-server-v1.77.3-linux-x64/bin/; ./openvscode-server ${0}",
+    "license:check": "npx dash-licenses-wrapper  --configFile=./configs/license-check-config.json",
+    "license:check:review": "npx dash-licenses-wrapper  --configFile=./configs/license-check-config.json --review"
   },
   "devDependencies": {
+    "@eclipse-dash/nodejs-wrapper": "^0.0.1",
     "copy-webpack-plugin": "^11.0.0",
     "eslint-config-prettier": "^9.0.0",
     "lerna": "^7.0.0",

diff --git a/yarn.lock b/yarn.lock
@@ -69,6 +69,11 @@
   resolved "https://registry.npmjs.org/@discoveryjs/json-ext/-/json-ext-0.5.7.tgz#1d572bfbbe14b7704e0ba0f39b74815b84870d70"
   integrity sha512-dBVuXR082gk3jsFp7Rd/JI4kytwGHecnCoTtXFb7DB6CNHp4rg5k1bhg0nWdLGLnOV71lmDzGQaLMy8iPLY0pw==
 
+"@eclipse-dash/nodejs-wrapper@^0.0.1":
+  version "0.0.1"
+  resolved "https://registry.yarnpkg.com/@eclipse-dash/nodejs-wrapper/-/nodejs-wrapper-0.0.1.tgz#f2629671cf090a84c4d69a8fec42f198e583d103"
+  integrity sha512-Rkk8O8hEVi/+LC/co7ly1zGLVwCNJG3yPbalsz1FHAqk6WZyEaWNf29EX6jz4vTfR5wpv2xAfF2yokKuStiOdA==
+
 "@emotion/babel-plugin@^11.11.0":
   version "11.11.0"
   resolved "https://registry.npmjs.org/@emotion/babel-plugin/-/babel-plugin-11.11.0.tgz#c2d872b6a7767a9d176d007f5b31f7d504bb5d6c"
@@ -4967,7 +4972,6 @@ js-yaml@^3.10.0, js-yaml@^3.13.1, js-yaml@^3.9.1:
 
 json-bigint@sidorares/json-bigint#2c0a5f896d7888e68e5f4ae3c7ea5cd42fd54473:
   version "1.0.0"
-  uid "2c0a5f896d7888e68e5f4ae3c7ea5cd42fd54473"
   resolved "https://codeload.github.com/sidorares/json-bigint/tar.gz/2c0a5f896d7888e68e5f4ae3c7ea5cd42fd54473"
   dependencies:
     bignumber.js "^9.0.0"
Original file line number	Diff line number	Diff line change
Expand Up		@@ -39,3 +39,5 @@ lerna-error.log*

		*.vsix
		*.tsbuildinfo

		license-check-summary.txt*