Fix dash tool scan (#2463)

--------- Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2025-06-17 15:43:41 +03:00
parent 0f9997372c
commit 62b1b7d730
5 changed files with 290 additions and 228 deletions
--- a/.github/workflows/license-scan.yml
+++ b/.github/workflows/license-scan.yml
@@ -3,11 +3,17 @@ name: License Scan
 on:
  # enable running the workflow manually
  workflow_dispatch:
+  schedule:
+    # run every night at 2:00 AM (UTC)
+    - cron: '0 2 * * *'

 jobs:
  license-scan:
    runs-on: ubuntu-latest

+    permissions:
+      contents: write
+
    steps:
      - uses: actions/checkout@v4

@@ -31,6 +37,28 @@ jobs:
      - name: Check dependency licenses with dash tool
        run: |
          mvn clean install -DskipTests -DskipJavadoc --batch-mode
-          mvn license-tool:license-check -DexcludeGroupIds=org.eclipse.hawkbit -Plicense -Ddash.iplab.token=${GITLAB_API_TOKEN} --projects '!org.eclipse.hawkbit:hawkbit-repository-test,!org.eclipse.hawkbit:hawkbit-dmf-rabbitmq-test'
+          mvn license-tool:license-check -DexcludeGroupIds=org.eclipse.hawkbit -Ddash.fail=false -Plicense -Ddash.iplab.token=${GITLAB_API_TOKEN} --projects '!org.eclipse.hawkbit:hawkbit-repository-test,!org.eclipse.hawkbit:hawkbit-dmf-rabbitmq-test'
+          CHANGED_FILES_COUNT=$(git status --short | wc -l)
+          CHANGED_FILES_COUNT=${CHANGED_FILES_COUNT//[[:space:]]/}
+          echo "Number of changed files: ${CHANGED_FILES_COUNT}"
+          if [ "$CHANGED_FILES_COUNT" -eq 1 ]; then
+              DEPENDENCY_FILE=".3rd-party/DEPENDENCIES"
+              DEPENDENCIES_MODIFIED=$(git status --short | grep ".3rd-party/DEPENDENCIES")
+              # Check if the file is modified
+              if [[ -n "$DEPENDENCIES_MODIFIED" ]]; then
+                  echo "${DEPENDENCY_FILE} changed - commit it"
+                  git config --local user.name "github-actions[bot]"
+                  git config --local user.email "github-actions[bot]@users.noreply.github.com"
+                  git add ${DEPENDENCY_FILE} && git commit -m "[Release] Automated commit of ${DEPENDENCY_FILE} changes" && git push
+              else
+                  echo "Unexpected changes:"
+                  git status --short
+                  exit 1
+              fi
+          else
+              echo "More than one file has changed:"
+              git status --short
+              exit 1
+          fi
        env:
          GITLAB_API_TOKEN: ${{ secrets.GITLAB_API_TOKEN }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -60,6 +60,28 @@ jobs:
          fi
          mvn install -DskipTests -DskipJavadoc --batch-mode
          mvn license-tool:license-check -Plicense -Ddash.fail=${DASH_FAIL} -Ddash.iplab.token=${GITLAB_API_TOKEN} --projects '!org.eclipse.hawkbit:hawkbit-repository-test,!org.eclipse.hawkbit:hawkbit-dmf-rabbitmq-test' --batch-mode
+          CHANGED_FILES_COUNT=$(git status --short | wc -l)
+          CHANGED_FILES_COUNT=${CHANGED_FILES_COUNT//[[:space:]]/}
+          echo "Number of changed files: ${CHANGED_FILES_COUNT}"
+          if [ "$CHANGED_FILES_COUNT" -eq 1 ]; then
+              DEPENDENCY_FILE=".3rd-party/DEPENDENCIES"
+              DEPENDENCIES_MODIFIED=$(git status --short | grep ".3rd-party/DEPENDENCIES")
+              # Check if the file is modified
+              if [[ -n "$DEPENDENCIES_MODIFIED" ]]; then
+                  echo "${DEPENDENCY_FILE} changed - commit it"
+                  git config --local user.name "github-actions[bot]"
+                  git config --local user.email "github-actions[bot]@users.noreply.github.com"
+                  git add ${DEPENDENCY_FILE} && git commit -m "[Release] Automated commit of ${DEPENDENCY_FILE} changes" && git push
+              else
+                  echo "Unexpected changes:"
+                  git status --short
+                  exit 1
+              fi
+          else
+              echo "More than one file has changed:"
+              git status --short
+              exit 1
+          fi
        env:
          REVISION: ${{ github.event.inputs.revision }}
          GITLAB_API_TOKEN: ${{ secrets.GITLAB_API_TOKEN }}
@@ -79,10 +101,10 @@ jobs:
      - name: Tag release
        run: |
         if [ "${REVISION}" != "0-SNAPSHOT" ]; then
-            git config --global user.email "release_manager@hawkbit.eclipse.org"
-            git config --global user.name "Eclipse Hawkbit (Release Manager)"
-            git tag -a ${REVISION} -m "Release version ${REVISION}"
-            git push origin ${REVISION}
+             git config --local user.name "github-actions[bot]"
+             git config --local user.email "github-actions[bot]@users.noreply.github.com"
+             git tag -a ${REVISION} -m "Release version ${REVISION}"
+             git push origin ${REVISION}
         fi
        env:
          REVISION: ${{ github.event.inputs.revision }}