-
Notifications
You must be signed in to change notification settings - Fork 75
155 lines (147 loc) · 6.18 KB
/
Copy pathlicensecheck.yml
File metadata and controls
155 lines (147 loc) · 6.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
# https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax
name: License check
on: # https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows
push:
branches:
- 'master'
paths:
- '**/package.json'
- '**/package-lock.json'
- '**/pom.xml'
- '**/*.target'
pull_request:
branches:
- 'master'
paths:
- '**/package.json'
- '**/package-lock.json'
- '**/pom.xml'
- '**/*.target'
issue_comment:
types: [created]
workflow_dispatch:
# https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#workflow_dispatch
jobs:
###########################################################
call-mvn-license-check:
###########################################################
uses: eclipse-dash/dash-licenses/.github/workflows/mavenLicenseCheck.yml@master
with:
projectId: tools.wildwebdeveloper
javaVersion: 21
secrets:
gitlabAPIToken: ${{ secrets.GITLAB_API_TOKEN }}
permissions:
pull-requests: write
###########################################################
npm-check:
###########################################################
if: github.event_name != 'issue_comment' || ( github.event.issue.pull_request != '' && (github.event.comment.body == '/request-license-review') )
# Run on all non-comment events specified by the calling workflow and for comments on PRs that have a corresponding body.
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
if: github.event_name == 'push' || github.event_name == 'pull_request'
- uses: actions/github-script@v9
if: github.event_name == 'issue_comment'
id: get-pr
with:
script: |
const request = {
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number
}
core.info(`Getting PR #${request.pull_number} from ${request.owner}/${request.repo}`)
try {
const result = await github.rest.pulls.get(request)
return result.data
} catch (err) {
core.setFailed(`Request failed with error ${err}`)
}
- uses: actions/checkout@v6
if: github.event_name == 'issue_comment'
with:
repository: ${{ fromJSON(steps.get-pr.outputs.result).head.repo.full_name }}
ref: ${{ fromJSON(steps.get-pr.outputs.result).head.sha }} # or .head.ref for branch name
- name: Set up JDK 21
uses: actions/setup-java@v5
with:
java-version: '21'
distribution: 'temurin'
- name: Set up Maven
uses: stCarolas/setup-maven@v5.1
with:
maven-version: 3.9.14
- name: Cache local Maven repository
uses: actions/cache@v5
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Prepare NPM deps
run: mvn -DskipTests -pl org.eclipse.wildwebdeveloper.embedder.node,org.eclipse.wildwebdeveloper package
- name: Get Dash license tool
run: |
mvn -U dependency:get -Dartifact=org.eclipse.dash:org.eclipse.dash.licenses:1.1.0 -DremoteRepositories="https://repo.eclipse.org/content/repositories/dash-licenses"
mkdir -p target/dash # Make directory for dash-license review summary
- name: Set request review parameters
if: github.event_name == 'issue_comment'
run: |
echo "request-review=1" >> $GITHUB_ENV
# Run only for comments on PRs that have a corresponding body.
- name: NPM Deps License check
shell: bash {0}
run: |
set +x
savePWD=$PWD
mkdir -p target/dash # Make directory for dash-license review summary
projectId="tools.wildwebdeveloper"
gitlabAPIToken="${{ secrets.GITLAB_API_TOKEN }}"
dashLicenseToolJar=$(ls ~/.m2/repository/org/eclipse/dash/org.eclipse.dash.licenses/1.1.0/org.eclipse.dash.licenses-*.jar | tail -n 1)
npmArgs=" --no-bin-links --ignore-scripts"
dashArgs="-excludeSources local -summary $savePWD/target/dash/npm-review-summary"
reviewArgs="-review -project $projectId -token $gitlabAPIToken"
requestReview="${{ env.request-review }}"
# When a review was requested explicitly (e.g. '/request-license-review' comment), ask for it right away.
if [ "$requestReview" ]; then
dashArgs="$dashArgs $reviewArgs"
fi
#
# Check NPM dependency licenses in main WildWebDeveloper project
#
echo ""
echo "------ Checking project [org.eclipse.wildwebdeveloper] ------"
java -jar $dashLicenseToolJar $dashArgs org.eclipse.wildwebdeveloper/package-lock.json
exitStatus=$?
cd $savePWD
# If unvetted content was found and no review was requested yet, request one automatically,
# i.e. re-run the check with '-review' as if a committer had commented '/request-license-review'.
if [[ $exitStatus != 0 && -z "$requestReview" ]]; then
echo ""
echo "Some contents are not vetted - automatically requesting a license review"
requestReview=1
echo "request-review=1" >> $GITHUB_ENV
java -jar $dashLicenseToolJar $dashArgs $reviewArgs org.eclipse.wildwebdeveloper/package-lock.json
cd $savePWD
fi
echo ""
if [[ $exitStatus == 0 ]]; then # All licenses are vetted
echo "build-succeeded=1" >> $GITHUB_OUTPUT
echo "All licenses are vetted"
else
echo "build-succeeded=0" >> $GITHUB_OUTPUT
echo "Some contents requires a review"
echo "The NPM dependency License Check review summary is saved in 'target/dash/npm-review-summary'"
# Fail the check so the PR is not merged while reviews are pending; re-run once the reviews have concluded.
exit 1
fi
echo ""
- uses: actions/upload-artifact@v7
if: always() && env.request-review
with:
name: tools.wildwebdeveloper-npm-license-vetting-summary
path: |
target/dash/npm-review-summary
target/dash/summary