Refactor workflows - user reusable workflows (#2504)

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
2025-06-27 10:51:20 +03:00
parent 4a6e862d57
commit a35201ac1c
16 changed files with 429 additions and 239 deletions
--- a/.github/workflows/reusable_workflow_license-scan.yaml
+++ b/.github/workflows/reusable_workflow_license-scan.yaml
@@ -0,0 +1,77 @@
+name: License Scan (Reusable Workflow)
+
+on:
+  workflow_call:
+    variables:
+      ref:
+        description: 'The branch, tag or SHA to checkout, e.g. master'
+        type: string
+        default: 'master'
+      open_tickets:
+        description: 'If to open tickets for license issues to Dash IP lab, e.g. true or false'
+        type: boolean
+        default: false
+
+jobs:
+  reusable_workflow_license-scan:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.ref }}
+
+      - name: Set up JDK & Maven Central credentials
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: 21
+          cache: 'maven'
+
+      - name: Cache local Maven repository
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+
+      - name: Check file license headers
+        run: mvn license:check -PcheckLicense --batch-mode
+
+      - name: Check dependency licenses with dash tool (and open issues to Dash IP lab, doesn't fail)
+        if: ${{ inputs.open_tickets == 'true' }}
+        run: |
+          mvn clean install -DskipTests -DskipJavadoc --batch-mode
+          mvn license-tool:license-check -Ddash.fail=false -PcheckLicense -Ddash.iplab.token=${GITLAB_API_TOKEN} --projects '!org.eclipse.hawkbit:hawkbit-repository-test,!org.eclipse.hawkbit:hawkbit-dmf-rabbitmq-test'
+          CHANGED_FILES_COUNT=$(git status --short | wc -l)
+          CHANGED_FILES_COUNT=${CHANGED_FILES_COUNT//[[:space:]]/}
+          echo "Number of changed files: ${CHANGED_FILES_COUNT}"
+          if [ "${CHANGED_FILES_COUNT}" -ne 0 ]; then
+            if [ "${CHANGED_FILES_COUNT}" -eq 1 ]; then
+              DEPENDENCY_FILE=".3rd-party/DEPENDENCIES"
+              DEPENDENCIES_MODIFIED=$(git status --short | grep ".3rd-party/DEPENDENCIES")
+              # Check if the file is modified
+              if [[ -n "$DEPENDENCIES_MODIFIED" ]]; then
+                echo "${DEPENDENCY_FILE} changed - commit it"
+                git config --local user.name "github-actions[bot]"
+                git config --local user.email "github-actions[bot]@users.noreply.github.com"
+                git add ${DEPENDENCY_FILE} && git commit -m "[Release] Automated commit of ${DEPENDENCY_FILE} changes" && git push
+              else
+                echo "Unexpected changes:"
+                git status --short
+                exit 1
+              fi
+            else
+              echo "More than one file has changed:"
+              git status --short
+              exit 1
+            fi
+          fi
+          # do dash.fail=true so if there are restricted dependencies the build will fail
+          mvn license-tool:license-check -Ddash.fail=true -PcheckLicense -Ddash.iplab.token=${GITLAB_API_TOKEN} --projects '!org.eclipse.hawkbit:hawkbit-repository-test,!org.eclipse.hawkbit:hawkbit-dmf-rabbitmq-test'
+        env:
+          GITLAB_API_TOKEN: ${{ secrets.GITLAB_API_TOKEN }}
+
+      - name: Check dependency licenses with dash tool (and return the result)
+        run: mvn license-tool:license-check -Ddash.fail=true -PcheckLicense --projects '!org.eclipse.hawkbit:hawkbit-repository-test,!org.eclipse.hawkbit:hawkbit-dmf-rabbitmq-test'