-
Notifications
You must be signed in to change notification settings - Fork 9
46 lines (44 loc) · 1.58 KB
/
check-licenses.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
name: Check used licenses
on:
pull_request:
types:
- opened
- edited
- reopened
- synchronize
paths:
- charts/**
jobs:
getChangedChart:
uses: ./.github/workflows/get-changed-chart.yaml
with:
pr_number: ${{ github.event.pull_request.number }}
check-licenses:
name: check licenses
runs-on: ubuntu-latest
needs: getChangedChart
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- run: pip install yq
- run: /home/linuxbrew/.linuxbrew/bin/brew install trivy
- run: |
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
./.github/scripts/scan-for-licenses.sh ${{ needs.getChangedChart.outputs.chart }}
check-licenses-list:
name: check licenses from list
runs-on: ubuntu-latest
needs: getChangedChart
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- run: pip install yq
- env:
chart: ${{ needs.getChangedChart.outputs.chart }}
run: |
set -ex
set -o pipefail
# shellcheck disable=SC2016
if missingImages="$(yq -r -e -c --argjson usedImages "$(yq -r '.annotations["artifacthub.io/images"]' "charts/${chart?}/Chart.yaml" | yq -r -c 'map(.image | split(":")[0]) | unique')" '$usedImages - (.licenses | keys) | if length == 0 then false else . end' .github/image_licenses.yaml)"; then
echo "The following images have no license, please review:"
echo "$missingImages" | yq -r 'map(" - " + .)[]'
exit 1
fi