From 371c726e063d94615eed687b7d2ac08c792c5ea5 Mon Sep 17 00:00:00 2001 From: Avgustin Marinov Date: Mon, 16 Jun 2025 15:17:10 +0300 Subject: [PATCH] Add license-scan workflow (#2453) Signed-off-by: Avgustin Marinov --- .github/workflows/license-scan.yml | 34 ++++++++++++++++++++++++++++++ .github/workflows/release.yml | 13 +++++++----- check-dependencies.sh | 24 --------------------- 3 files changed, 42 insertions(+), 29 deletions(-) create mode 100644 .github/workflows/license-scan.yml delete mode 100755 check-dependencies.sh diff --git a/.github/workflows/license-scan.yml b/.github/workflows/license-scan.yml new file mode 100644 index 000000000..d1cda4358 --- /dev/null +++ b/.github/workflows/license-scan.yml @@ -0,0 +1,34 @@ +name: Release + +on: + # enable running the workflow manually + workflow_dispatch: + +jobs: + verify: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Set up JDK & Maven Central credentials + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: 21 + cache: 'maven' + + - name: Cache local Maven repository + uses: actions/cache@v4 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + + - name: Check file license headers + run: mvn license:check -Plicense --batch-mode + - name: Check dependency licenses with dash tool + run: mvn license-tool:license-check -Plicense -Ddash.iplab.token=${GITLAB_API_TOKEN} --projects '!org.eclipse.hawkbit:hawkbit-repository-test,!org.eclipse.hawkbit:hawkbit-dmf-rabbitmq-test' --batch-mode + env: + GITLAB_API_TOKEN: ${{ secrets.GITLAB_API_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 418b33e20..bcc455bf3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -48,13 +48,16 @@ jobs: - name: Check file license headers run: mvn license:check -Plicense --batch-mode -# - name: Check dependency licenses with dash tool -# run: mvn license-tool:license-check -Plicense --projects '!org.eclipse.hawkbit:hawkbit-repository-test,!org.eclipse.hawkbit:hawkbit-dmf-rabbitmq-test' --batch-mode - - name: Run tests & build javadoc - run: mvn clean install javadoc:jar -Dadditionalparam=-Xdoclint:none --batch-mode + - name: Check dependency licenses with dash tool + run: mvn license-tool:license-check -Plicense -Ddash.iplab.token=${GITLAB_API_TOKEN} --projects '!org.eclipse.hawkbit:hawkbit-repository-test,!org.eclipse.hawkbit:hawkbit-dmf-rabbitmq-test' --batch-mode + env: + GITLAB_API_TOKEN: ${{ secrets.GITLAB_API_TOKEN }} +# +# - name: Run tests & build javadoc +# run: mvn clean verify javadoc:javadoc -Dadditionalparam=-Xdoclint:none --batch-mode - name: Deploy - run: mvn deploy -Ppublish -DskipTests -Drevision=${REVISION} -B --batch-mode + run: mvn clean deploy javadoc:javadoc javadoc:jar -Dadditionalparam=-Xdoclint:none -Ppublish -DskipTests -Drevision=${REVISION} -B --batch-mode env: REVISION: ${{ github.event.inputs.revision }} MAVEN_USERNAME: ${{ secrets.CENTRAL_SONATYPE_TOKEN_USERNAME }} diff --git a/check-dependencies.sh b/check-dependencies.sh deleted file mode 100755 index abb77d096..000000000 --- a/check-dependencies.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -# -# Copyright (c) 2023 Bosch.IO GmbH and others -# -# This program and the accompanying materials are made -# available under the terms of the Eclipse Public License 2.0 -# which is available at https://www.eclipse.org/legal/epl-2.0/ -# -# SPDX-License-Identifier: EPL-2.0 -# - -DASH_SUMMARY=".3rd-party/DEPENDENCIES" -DASH_REVIEW_SUMMARY=".3rd-party/DEPENDENCIES_REVIEW" - -if [ -z "$1" ] -then - DASH_IP_LAB= -else - DASH_IP_LAB="-Ddash.review.summary=${DASH_REVIEW_SUMMARY} -Ddash.iplab.token=$1" -fi - -mvn clean install -DskipTests -Ddash.skip=false \ - --projects '!org.eclipse.hawkbit:hawkbit-repository-test,!org.eclipse.hawkbit:hawkbit-dmf-rabbitmq-test' \ - -Ddash.summary=${DASH_SUMMARY} ${DASH_IP_LAB} \ No newline at end of file