Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add GitHub workflow for checking 3rd party licenses #44

Merged
merged 1 commit into from
May 3, 2024
Merged

Add GitHub workflow for checking 3rd party licenses #44

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
74 changes: 74 additions & 0 deletions .github/workflows/check-dependencies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
# ********************************************************************************
# Copyright (c) 2023 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0
#
# SPDX-License-Identifier: Apache-2.0
# *******************************************************************************/

name: Check 3rd party dependencies

on:
push:
branches: [ main ]
pull_request:
# paths:
# - "components/Cargo.lock"
workflow_call:
workflow_dispatch:

concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true

jobs:
deps:
name: "Check 3rd party Rust dependencies' licenses"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Determine list of 3rd party Rust dependencies
working-directory: ${{github.workspace}}
run: |
cargo tree --manifest-path components/Cargo.toml -e normal --prefix none --no-dedupe --locked \
| sort -u \
| grep -v '^[[:space:]]*$' \
| grep -v fms- \
| grep -v influx-client \
| sed -E 's|([^ ]+) v([^ ]+).*|crate/cratesio/-/\1/\2|' \
> DEPS.txt
- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: "17"
- name: "Run latest Eclipse Dash jar file"
id: "run-checks"
working-directory: ${{github.workspace}}
run: |
wget --quiet -O dash.jar "https://repo.eclipse.org/service/local/artifact/maven/redirect?r=dash-licenses&g=org.eclipse.dash&a=org.eclipse.dash.licenses&v=LATEST"
if java -Dorg.eclipse.dash.timeout=60 -jar dash.jar -batch 90 -summary DEPENDENCIES.txt DEPS.txt
then
echo "checks-failed=0" >> $GITHUB_OUTPUT
echo "License information of 3rd party dependencies has been vetted successfully." >> $GITHUB_STEP_SUMMARY
else
echo "checks-failed=1" >> $GITHUB_OUTPUT
echo "License information of some 3rd party dependencies could not be vetted successfully." >> $GITHUB_STEP_SUMMARY
echo "A DEPENDENCIES file containing the vetted information has been attached to this workflow run." >> $GITHUB_STEP_SUMMARY
fi
- name: Upload DEPENDENCIES file
if: ${{ steps.run-checks.outputs.checks-failed == '1' }}
uses: actions/upload-artifact@v4
with:
name: 3rd-party-dependencies
path: DEPENDENCIES.txt
- name: "Determine exit code"
env:
EXIT_CODE: ${{ steps.run-checks.outputs.checks-failed }}
run: |
exit $EXIT_CODE