Skip to content

Commit 24f502b

Browse files
authored
Merge pull request cli#11370 from cli/andyfeller/11270-improve-dependabot-pr-thirdparty-checks
Regenerate third-party licenses on trunk pushes
2 parents 6888786 + 8037c61 commit 24f502b

2 files changed

Lines changed: 52 additions & 16 deletions

File tree

.github/workflows/lint.yml

Lines changed: 0 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -7,15 +7,11 @@ on:
77
- "**.go"
88
- go.mod
99
- go.sum
10-
- ".github/licenses.tmpl"
11-
- "script/licenses*"
1210
pull_request:
1311
paths:
1412
- "**.go"
1513
- go.mod
1614
- go.sum
17-
- ".github/licenses.tmpl"
18-
- "script/licenses*"
1915
permissions:
2016
contents: read
2117
jobs:
@@ -50,18 +46,6 @@ jobs:
5046
with:
5147
version: v2.1.6
5248

53-
# actions/setup-go does not setup the installed toolchain to be preferred over the system install,
54-
# which causes go-licenses to raise "Package ... does not have module info" errors.
55-
# for more information, https://github.com/google/go-licenses/issues/244#issuecomment-1885098633
56-
#
57-
# go-licenses has been pinned for automation use.
58-
- name: Check licenses
59-
run: |
60-
export GOROOT=$(go env GOROOT)
61-
export PATH=${GOROOT}/bin:$PATH
62-
go install github.com/google/go-licenses@5348b744d0983d85713295ea08a20cca1654a45e
63-
make licenses-check
64-
6549
# Discover vulnerabilities within Go standard libraries used to build GitHub CLI using govulncheck.
6650
govulncheck:
6751
runs-on: ubuntu-latest
Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
name: Third Party Licenses
2+
on:
3+
push:
4+
branches:
5+
- trunk
6+
paths:
7+
- .github/licenses.tmpl
8+
- .github/workflows/third-party-licenses.yml
9+
- go.mod
10+
- go.sum
11+
- script/licenses*
12+
jobs:
13+
# This job is responsible for updating the third-party license reports and source code.
14+
# It should be safe to cancel as the latest version of `go.mod` should be checked in.
15+
regenerate-licenses:
16+
runs-on: ubuntu-latest
17+
concurrency:
18+
group: ${{ github.workflow }}
19+
cancel-in-progress: true
20+
permissions:
21+
contents: write
22+
steps:
23+
- name: Check out code
24+
uses: actions/checkout@v4
25+
with:
26+
ref: trunk
27+
28+
- name: Set up Go
29+
uses: actions/setup-go@v5
30+
with:
31+
go-version-file: 'go.mod'
32+
33+
- name: Regenerate licenses
34+
run: |
35+
export GOROOT=$(go env GOROOT)
36+
export PATH=${GOROOT}/bin:$PATH
37+
go install github.com/google/go-licenses@5348b744d0983d85713295ea08a20cca1654a45e
38+
make licenses
39+
git diff
40+
41+
- name: Commit and push changes
42+
run: |
43+
if git diff --exit-code; then
44+
echo "No third-party license changes to commit"
45+
else
46+
git config --local user.name "github-actions[bot]"
47+
git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
48+
git add third-party third-party-licenses.*.md
49+
git commit -m "Generate licenses - $GITHUB_SHA"
50+
git pull
51+
git push origin
52+
fi

0 commit comments

Comments
 (0)