Skip to content

Commit ac03a45

Browse files
committed
Merge branch 'upstream-main'
2 parents 3cb15f1 + 1dff2bf commit ac03a45

42 files changed

Lines changed: 2241 additions & 297 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/claude-code-review.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ jobs:
3333

3434
- name: Run Claude Code Review
3535
id: claude-review
36-
uses: anthropics/claude-code-action@1eddb334cfa79fdb21ecbe2180ca1a016e8e7d47 # v1.0.88
36+
uses: anthropics/claude-code-action@b47fd721da662d48c5680e154ad16a73ed74d2e0 # v1.0.93
3737
with:
3838
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
3939
prompt: |

.github/workflows/claude.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ jobs:
3232

3333
- name: Run Claude Code
3434
id: claude
35-
uses: anthropics/claude-code-action@1eddb334cfa79fdb21ecbe2180ca1a016e8e7d47 # v1.0.88
35+
uses: anthropics/claude-code-action@b47fd721da662d48c5680e154ad16a73ed74d2e0 # v1.0.93
3636
with:
3737
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
3838

Lines changed: 151 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,151 @@
1+
#
2+
# Copyright © 2021-present Arcade Data Ltd (info@arcadedata.com)
3+
#
4+
# Licensed under the Apache License, Version 2.0 (the "License");
5+
# you may not use this file except in compliance with the License.
6+
# You may obtain a copy of the License at
7+
#
8+
# http://www.apache.org/licenses/LICENSE-2.0
9+
#
10+
# Unless required by applicable law or agreed to in writing, software
11+
# distributed under the License is distributed on an "AS IS" BASIS,
12+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
# See the License for the specific language governing permissions and
14+
# limitations under the License.
15+
#
16+
# SPDX-FileCopyrightText: 2021-present Arcade Data Ltd (info@arcadedata.com)
17+
# SPDX-License-Identifier: Apache-2.0
18+
#
19+
20+
name: License Compliance Check
21+
22+
on:
23+
schedule:
24+
# Run weekly on Sunday at midnight UTC
25+
- cron: '0 0 * * 0'
26+
workflow_dispatch:
27+
# Allow manual trigger
28+
pull_request:
29+
# Run on PRs that modify dependencies
30+
paths:
31+
- '**/pom.xml'
32+
- 'NOTICE'
33+
- 'ATTRIBUTIONS.md'
34+
35+
jobs:
36+
license-check:
37+
name: Check License Compliance
38+
runs-on: ubuntu-latest
39+
40+
steps:
41+
- name: Checkout code
42+
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
43+
44+
- name: Set up JDK 21
45+
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
46+
with:
47+
java-version: '21'
48+
distribution: 'temurin'
49+
cache: 'maven'
50+
51+
- name: Buid jars
52+
run: ./mvnw clean install -DskipTests --batch-mode --errors --show-version
53+
env:
54+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
55+
56+
- name: Generate third-party license report
57+
run: |
58+
echo "Generating license report..."
59+
mvn org.codehaus.mojo:license-maven-plugin:2.4.0:add-third-party -DskipTests
60+
continue-on-error: false
61+
62+
- name: Check for blacklisted licenses
63+
run: |
64+
echo "Checking for incompatible licenses (GPL, AGPL, SSPL)..."
65+
if grep -iE "(GPL|AGPL|SSPL|Commons Clause)" target/generated-sources/license/THIRD-PARTY.txt 2>/dev/null; then
66+
echo "❌ ERROR: Found incompatible licenses!"
67+
grep -iE "(GPL|AGPL|SSPL|Commons Clause)" target/generated-sources/license/THIRD-PARTY.txt
68+
exit 1
69+
else
70+
echo "✅ No blacklisted licenses found"
71+
fi
72+
73+
- name: Aggregate license information
74+
run: |
75+
echo "Aggregating license information from all modules..."
76+
mvn org.codehaus.mojo:license-maven-plugin:2.4.0:aggregate-add-third-party -DskipTests
77+
continue-on-error: true
78+
79+
- name: Download license files
80+
run: |
81+
echo "Downloading license files..."
82+
mvn org.codehaus.mojo:license-maven-plugin:2.4.0:aggregate-download-licenses -DskipTests
83+
continue-on-error: true
84+
85+
- name: Sanitize license filenames for upload-artifact compatibility
86+
if: always()
87+
run: |
88+
# upload-artifact forbids: " : < > | * ? \r \n in filenames
89+
find target/generated-resources/licenses/ -type f 2>/dev/null | while IFS= read -r f; do
90+
dir="$(dirname "$f")"
91+
base="$(basename "$f")"
92+
sanitized="$(printf '%s' "$base" | sed 's/[":<>|*?]/_/g')"
93+
if [ "$base" != "$sanitized" ]; then
94+
echo "Renaming: $base -> $sanitized"
95+
mv "$f" "$dir/$sanitized"
96+
fi
97+
done
98+
99+
- name: Upload license report
100+
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
101+
if: always()
102+
with:
103+
name: license-compliance-report
104+
path: |
105+
target/generated-sources/license/
106+
target/generated-resources/licenses/
107+
retention-days: 30
108+
109+
- name: Comment on PR (if applicable)
110+
if: github.event_name == 'pull_request'
111+
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
112+
with:
113+
script: |
114+
const fs = require('fs');
115+
let comment = '## 📜 License Compliance Check\n\n';
116+
117+
try {
118+
const report = fs.readFileSync('target/generated-sources/license/THIRD-PARTY.txt', 'utf8');
119+
const lines = report.split('\n').slice(0, 50);
120+
comment += '✅ License check passed. See artifacts for full report.\n\n';
121+
comment += '<details><summary>License Summary (first 50 lines)</summary>\n\n```\n';
122+
comment += lines.join('\n');
123+
comment += '\n```\n</details>';
124+
} catch (error) {
125+
comment += '⚠️ Could not read license report.\n';
126+
}
127+
128+
github.rest.issues.createComment({
129+
issue_number: context.issue.number,
130+
owner: context.repo.owner,
131+
repo: context.repo.repo,
132+
body: comment
133+
});
134+
135+
- name: Summary
136+
if: always()
137+
run: |
138+
echo "### License Compliance Check Complete" >> $GITHUB_STEP_SUMMARY
139+
echo "" >> $GITHUB_STEP_SUMMARY
140+
echo "📋 **Reports generated:**" >> $GITHUB_STEP_SUMMARY
141+
echo "- Third-party licenses list" >> $GITHUB_STEP_SUMMARY
142+
echo "- Aggregated module licenses" >> $GITHUB_STEP_SUMMARY
143+
echo "- Downloaded license texts" >> $GITHUB_STEP_SUMMARY
144+
echo "" >> $GITHUB_STEP_SUMMARY
145+
echo "📦 Download the 'license-compliance-report' artifact to review full details." >> $GITHUB_STEP_SUMMARY
146+
echo "" >> $GITHUB_STEP_SUMMARY
147+
echo "🔍 **How to review locally:**" >> $GITHUB_STEP_SUMMARY
148+
echo "\`\`\`bash" >> $GITHUB_STEP_SUMMARY
149+
echo "mvn org.codehaus.mojo:license-maven-plugin:2.4.0:add-third-party" >> $GITHUB_STEP_SUMMARY
150+
echo "cat target/generated-sources/license/THIRD-PARTY.txt" >> $GITHUB_STEP_SUMMARY
151+
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY

0 commit comments

Comments
 (0)