82 lines
3.3 KiB
YAML
82 lines
3.3 KiB
YAML
name: License Scan (Reusable Workflow)
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
ref:
|
|
description: 'The branch, tag or SHA to checkout, e.g. master'
|
|
type: string
|
|
default: 'master'
|
|
open_tickets:
|
|
description: 'If to open tickets for license issues to Dash IP lab, e.g. true or false'
|
|
type: boolean
|
|
default: false
|
|
secrets:
|
|
GITLAB_API_TOKEN:
|
|
description: 'GitLab API token for Dash IP lab (needed only if open_tickets is true)'
|
|
required: false
|
|
|
|
jobs:
|
|
reusable_workflow_license-scan:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
with:
|
|
ref: ${{ inputs.ref }}
|
|
|
|
- name: Set up JDK & Maven Central credentials
|
|
uses: actions/setup-java@v5
|
|
with:
|
|
distribution: 'temurin'
|
|
java-version: 21
|
|
cache: 'maven'
|
|
|
|
- name: Cache local Maven repository
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: ~/.m2/repository
|
|
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-maven-
|
|
|
|
- name: Check file license headers
|
|
run: mvn license:check -PcheckLicense --batch-mode
|
|
|
|
- name: Build (needed for dash tool scans
|
|
run: |
|
|
mvn clean install -DskipTests -DskipJavadoc --batch-mode
|
|
|
|
- name: Check dependency licenses with dash tool (and open issues to Dash IP lab, doesn't fail)
|
|
if: ${{ inputs.open_tickets }}
|
|
run: |
|
|
mvn license-tool:license-check -Ddash.fail=false -PcheckLicense -Ddash.iplab.token=${GITLAB_API_TOKEN}
|
|
CHANGED_FILES_COUNT=$(git status --short | wc -l)
|
|
CHANGED_FILES_COUNT=${CHANGED_FILES_COUNT//[[:space:]]/}
|
|
echo "Number of changed files: ${CHANGED_FILES_COUNT}"
|
|
if [ "${CHANGED_FILES_COUNT}" -ne 0 ]; then
|
|
if [ "${CHANGED_FILES_COUNT}" -eq 1 ]; then
|
|
DEPENDENCY_FILE=".3rd-party/DEPENDENCIES"
|
|
DEPENDENCIES_MODIFIED=$(git status --short | grep ".3rd-party/DEPENDENCIES")
|
|
# Check if the file is modified
|
|
if [[ -n "$DEPENDENCIES_MODIFIED" ]]; then
|
|
echo "${DEPENDENCY_FILE} changed - commit it"
|
|
git config --local user.name "github-actions[bot]"
|
|
git config --local user.email "github-actions[bot]@users.noreply.github.com"
|
|
git add ${DEPENDENCY_FILE} && git commit -m "[Release] Automated commit of ${DEPENDENCY_FILE} changes" && git push
|
|
else
|
|
echo "Unexpected changes:"
|
|
git status --short
|
|
exit 1
|
|
fi
|
|
else
|
|
echo "More than one file has changed:"
|
|
git status --short
|
|
exit 1
|
|
fi
|
|
fi
|
|
# do dash.fail=true so if there are restricted dependencies the build will fail
|
|
mvn license-tool:license-check -Ddash.fail=true -PcheckLicense -Ddash.iplab.token=${{ secrets.GITLAB_API_TOKEN }} --projects '!org.eclipse.hawkbit:hawkbit-repository-test,!org.eclipse.hawkbit:hawkbit-dmf-rabbitmq-test'
|
|
|
|
- name: Check dependency licenses with dash tool (and return the result)
|
|
run: mvn license-tool:license-check -Ddash.fail=true -PcheckLicense --projects '!org.eclipse.hawkbit:hawkbit-repository-test,!org.eclipse.hawkbit:hawkbit-dmf-rabbitmq-test' |