-
Notifications
You must be signed in to change notification settings - Fork 54
149 lines (116 loc) · 5.33 KB
/
licensecheck.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
name: License check
on:
push:
branches-ignore: # build all branches except:
- 'dependabot/**' # prevent GHA triggered twice (once for commit to the branch and once for opening/syncing the PR)
tags-ignore: # don't build tags
- '**'
pull_request:
workflow_dispatch:
# https://github.blog/changelog/2020-07-06-github-actions-manual-triggers-with-workflow_dispatch/
inputs:
dash-iplab-token:
description: "Gitlab Personal Access Token (https://gitlab.eclipse.org/-/user_settings/personal_access_tokens) with 'api'' scope for Automatic IP Team Review Requests via org.eclipse.dash:license-tool-plugin, see https://github.com/eclipse/dash-licenses#automatic-ip-team-review-requests"
default: ""
type: string
defaults:
run:
shell: bash
env:
JAVA_VERSION: 17
jobs:
###########################################################
license_check:
###########################################################
runs-on: ubuntu-latest
steps:
- name: Mask Dash IP Token
if: ${{ inputs.dash-iplab-token != '' }}
run: |
DASH_IPLAB_TOKEN=$(jq -r '.inputs.dash-iplab-token' $GITHUB_EVENT_PATH)
DASH_IPLAB_TOKEN=$(echo "$DASH_IPLAB_TOKEN" | xargs) # trim string
echo "::add-mask::$DASH_IPLAB_TOKEN"
echo "DASH_IPLAB_TOKEN=$DASH_IPLAB_TOKEN" >> $GITHUB_ENV
- name: "Show: GitHub context"
env:
GITHUB_CONTEXT: ${{ toJSON(github) }}
run: echo $GITHUB_CONTEXT
- name: "Show: environment variables"
run: env | sort
- name: Git Checkout
uses: actions/checkout@v4 # https://github.com/actions/checkout
- name: "Install: JDK ${{ env.JAVA_VERSION }} ☕"
uses: actions/setup-java@v4 # https://github.com/actions/setup-java
with:
distribution: temurin
java-version: ${{ env.JAVA_VERSION }}
- name: "Cache: Local Maven Repository"
uses: actions/cache/restore@v4
with:
# Excluded sub directory not working https://github.com/actions/toolkit/issues/713
path: |
~/.m2/repository/*
!~/.m2/repository/.cache/tycho
!~/.m2/repository/.meta/p2-artifacts.properties
!~/.m2/repository/p2
!~/.m2/repository/*SNAPSHOT*
key: ${{ runner.os }}-${{ runner.arch }}-repo-mvn-${{ hashFiles('**/pom.xml') }}
- name: "Cache: Local Tycho Repository"
uses: actions/cache/restore@v4
with:
path: |
~/.m2/repository/.cache/tycho
~/.m2/repository/.meta/p2-artifacts.properties
~/.m2/repository/p2
key: ${{ runner.os }}-${{ runner.arch }}-repo-tycho-${{ hashFiles('target-platforms/target-platform-latest/target-platform-latest.target') }}
- name: "Install: Maven"
uses: stCarolas/setup-maven@v5 # https://github.com/stCarolas/setup-maven
with:
maven-version: 3.9.8
- name: Dash License check # see https://github.com/eclipse/dash-licenses
run: |
set -eu
MAVEN_OPTS="${MAVEN_OPTS:-}"
if [[ "${{ runner.os }}" == "Windows" ]]; then
MAVEN_OPTS+=" -Djava.security.egd=file:/dev/urandom" # https://www.baeldung.com/java-security-egd#bd-testing-the-effect-of-javasecurityegd
else
MAVEN_OPTS+=" -Djava.security.egd=file:/dev/./urandom" # https://stackoverflow.com/questions/58991966/what-java-security-egd-option-is-for/59097932#59097932
fi
MAVEN_OPTS+=" -Dorg.slf4j.simpleLogger.showDateTime=true -Dorg.slf4j.simpleLogger.dateTimeFormat=HH:mm:ss,SSS" # https://stackoverflow.com/questions/5120470/how-to-time-the-different-stages-of-maven-execution/49494561#49494561
MAVEN_OPTS+=" -Xmx1024m -Djava.awt.headless=true -Djava.net.preferIPv4Stack=true -Dhttps.protocols=TLSv1.3,TLSv1.2"
export MAVEN_OPTS
echo "MAVEN_OPTS: $MAVEN_OPTS"
if [[ ${ACT:-} == "true" ]]; then # when running locally using nektos/act
maven_args="-Djgit.dirtyWorkingTree=warning"
else
maven_args="--no-transfer-progress"
fi
if [[ -n ${DASH_IPLAB_TOKEN:-} ]]; then
dash_iplab_token_arg="-Ddash.iplab.token=$DASH_IPLAB_TOKEN"
fi
# "excludeArtifactIds" parameter is to prevent builds from failing with:
# License information could not be automatically verified for the following content:
# p2/orbit/p2.p2.installable.unit/org.eclipse.rcp_root/4.24.0.v20220607-0700
# p2/orbit/p2.eclipse.plugin/org.eclipse.ui.tests.harness/1.10.0.v20230220-1021
# This content is either not correctly mapped by the system, or requires review.
# Error: Dependency license check failed. Some dependencies need to be vetted.
(set -x; mvn \
--errors \
--update-snapshots \
--batch-mode \
--show-version \
-Dtycho.disableP2Mirrors=true \
$maven_args \
org.eclipse.dash:license-tool-plugin:license-check \
-Dtycho.target.eager=true \
-Ddash.projectId=technology.lsp4e \
${dash_iplab_token_arg:-} \
-Ddash.fail=true \
-Ddash.summary=DEPENDENCIES \
-DexcludeArtifactIds=\
org.eclipse.rcp_root,\
org.eclipse.ui.tests.harness)
- name: Dash Summary
if: always()
run: cat DEPENDENCIES