From 7786ee443600eee4e7f56f972dc51cb5b7e4d781 Mon Sep 17 00:00:00 2001 From: Kai Hudalla Date: Tue, 12 Nov 2024 14:24:46 +0100 Subject: [PATCH] Add GitHub workflow for checking 3rd party license compatibility --- .github/workflows/check-dependencies.yaml | 73 +++++++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 .github/workflows/check-dependencies.yaml diff --git a/.github/workflows/check-dependencies.yaml b/.github/workflows/check-dependencies.yaml new file mode 100644 index 0000000..3335c36 --- /dev/null +++ b/.github/workflows/check-dependencies.yaml @@ -0,0 +1,73 @@ +# ******************************************************************************** +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# SPDX-License-Identifier: Apache-2.0 +# *******************************************************************************/ + +name: Check 3rd party dependencies + +on: + push: + branches: [ main ] + pull_request: + paths: + - "Cargo.*" + workflow_call: + workflow_dispatch: + +concurrency: + group: ${{ github.ref }}-${{ github.workflow }} + cancel-in-progress: true + +jobs: + deps: + name: "Check 3rd party licenses" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: cargo tree + working-directory: ${{github.workspace}} + run: | + cargo tree -e no-build,no-dev --prefix none --no-dedupe \ + | sort -u \ + | grep -v '^[[:space:]]*$' \ + | grep -v up-rust \ + | sed -E 's|([^ ]+) v([^ ]+).*|crate/cratesio/-/\1/\2|' \ + > DEPS.txt + - name: Set up JDK + uses: actions/setup-java@v4 + with: + distribution: "temurin" + java-version: "17" + - name: "Run latest Eclipse Dash jar file" + id: "run-checks" + working-directory: ${{github.workspace}} + run: | + wget --quiet -O dash.jar "https://repo.eclipse.org/service/local/artifact/maven/redirect?r=dash-licenses&g=org.eclipse.dash&a=org.eclipse.dash.licenses&v=LATEST" + if java -Dorg.eclipse.dash.timeout=60 -jar dash.jar -batch 90 -summary DEPENDENCIES.txt DEPS.txt + then + echo "checks-failed=0" >> $GITHUB_OUTPUT + echo "License information of 3rd party dependencies has been vetted successfully." >> $GITHUB_STEP_SUMMARY + else + echo "checks-failed=1" >> $GITHUB_OUTPUT + echo "License information of some 3rd party dependencies could not be vetted successfully." >> $GITHUB_STEP_SUMMARY + echo "A DEPENDENCIES file containing the vetted information has been attached to this workflow run." >> $GITHUB_STEP_SUMMARY + fi + - name: Upload DEPENDENCIES file + if: ${{ steps.run-checks.outputs.checks-failed == '1' }} + uses: actions/upload-artifact@v4 + with: + name: 3rd-party-dependencies + path: DEPENDENCIES.txt + - name: "Determine exit code" + env: + EXIT_CODE: ${{ steps.run-checks.outputs.checks-failed }} + run: | + exit $EXIT_CODE