Skip to content

[feature/9.x] Sync branch with origin/main #959

[feature/9.x] Sync branch with origin/main

[feature/9.x] Sync branch with origin/main #959

name: Dependabot Verify ClearlyDefined
on:
pull_request:
paths: ['eng/dependabot/**']
permissions:
pull-requests: read
jobs:
dependabotVerify:
if: ${{ github.actor == 'dependabot[bot]' }}
runs-on: ubuntu-latest
steps:
- name: Fetch Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@dbb049abf0d677abbd7f7eee0375145b417fdd34
- name: Check ClearlyDefined
if: ${{steps.metadata.outputs.package-ecosystem == 'nuget'}}
run: |
set -e
blockPr=""
while read -r dependency; do
url="https://api.clearlydefined.io/definitions/nuget/nuget/-/$dependency"
echo "Checking $dependency at $url"
license=$(curl -sX GET "$url" -H "accept: */*" | jq -r '.licensed.declared')
if [ "$license" == "null" ]; then
echo "--> Not harvested, submitting request."
curl -sX POST "https://api.clearlydefined.io/harvest" -H "accept: */*" -H "Content-Type: application/json" -d "[{\"tool\":\"package\",\"coordinates\":\"nuget/nuget/-/$dependency\"}]"
echo
if [[ "$dependency" == Microsoft.* ]] || [[ "$dependency" == Azure.* ]] || [[ "$dependency" == System.* ]]; then
echo "--> 1P dependency"
else
echo "--> 3P dependency"
blockPr="true"
fi
fi
done <<< $(echo '${{steps.metadata.outputs.updated-dependencies-json}}' | jq -r '.[] | .dependencyName + "/" + .newVersion')
if [ "$blockPr" == "true" ]; then
echo "Blocking PR"
exit 1
fi