mirror of
https://github.com/arsvendg/Stirling-PDF.git
synced 2026-07-14 10:34:06 +02:00
Bumps [go-task/setup-task](https://github.com/go-task/setup-task) from 2.0.0 to 2.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/go-task/setup-task/releases">go-task/setup-task's releases</a>.</em></p> <blockquote> <h2>v2.1.0</h2> <h2>What's Changed</h2> <ul> <li>Replaced <code>typed-rest-client</code> with <code>@actions/http-client</code> for GitHub API calls to eliminate the Node 24 <code>DEP0169</code> deprecation warning about <code>url.parse()</code> (<a href="https://redirect.github.com/go-task/setup-task/issues/5">#5</a> by <a href="https://github.com/vmaerten"><code>@vmaerten</code></a>).</li> <li>Modernized the TypeScript tooling stack (vitest, oxlint, <code>@actions/core@2</code>, <code>@actions/io@2</code>, updated <code>@types/node</code>, <code>@vercel/ncc</code>, <code>prettier</code>, etc.) (<a href="https://redirect.github.com/go-task/setup-task/issues/5">#5</a> by <a href="https://github.com/vmaerten"><code>@vmaerten</code></a>).</li> <li>Migrated the project to ESM (sources + bundle). Aligns with the new <code>@actions/*</code> ESM-only majors and produces a ~47% smaller <code>dist/index.js</code> (<a href="https://redirect.github.com/go-task/setup-task/issues/5">#5</a> by <a href="https://github.com/vmaerten"><code>@vmaerten</code></a>).</li> <li>Upgraded <code>@actions/core</code> 2 → 3, <code>@actions/http-client</code> 2 → 4, <code>@actions/io</code> 2 → 3, <code>@actions/tool-cache</code> 2 → 4, <code>typescript</code> 5 → 6, and <code>markdownlint-cli</code> 0.47 → 0.48 (<a href="https://redirect.github.com/go-task/setup-task/issues/5">#5</a> by <a href="https://github.com/vmaerten"><code>@vmaerten</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/go-task/setup-task/blob/main/CHANGELOG.md">go-task/setup-task's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>Unreleased</h2> <h2>v2.1.0 - 2026-05-17</h2> <ul> <li>Replaced <code>typed-rest-client</code> with <code>@actions/http-client</code> for GitHub API calls to eliminate the Node 24 <code>DEP0169</code> deprecation warning about <code>url.parse()</code>.</li> <li>Modernized the TypeScript tooling stack (vitest, oxlint, <code>@actions/core@2</code>, <code>@actions/io@2</code>, updated <code>@types/node</code>, <code>@vercel/ncc</code>, <code>prettier</code>, etc.).</li> <li>Migrated the project to ESM (sources + bundle). Aligns with the new <code>@actions/*</code> ESM-only majors and produces a ~47% smaller <code>dist/index.js</code>.</li> <li>Upgraded <code>@actions/core</code> 2 → 3, <code>@actions/http-client</code> 2 → 4, <code>@actions/io</code> 2 → 3, <code>@actions/tool-cache</code> 2 → 4, <code>typescript</code> 5 → 6, and <code>markdownlint-cli</code> 0.47 → 0.48.</li> </ul> <h2>v2.0.0 - 2026-03-18</h2> <ul> <li><strong>BREAKING</strong>: Upgraded to Node 24. Requires a GitHub Actions runner with Node.js 24 support (<a href="https://redirect.github.com/go-task/setup-task/pull/10">#10</a> by <a href="https://github.com/vmaerten"><code>@vmaerten</code></a>).</li> </ul> <h2>v1.1.0 - 2026-03-17</h2> <ul> <li>Added configurable HTTP retry for API requests (<a href="https://redirect.github.com/go-task/setup-task/pull/7">#7</a> by <a href="https://github.com/vmaerten"><code>@vmaerten</code></a>).</li> </ul> <h2>v1.0.0 - 2025-09-12</h2> <ul> <li>Forked <a href="https://github.com/arduino/setup-task">arduino/setup-task</a> (by <a href="https://github.com/pd93"><code>@pd93</code></a>).</li> <li>Default <code>repo-token</code> to <code>{{github.token}}</code> (<a href="https://redirect.github.com/arduino/setup-task/pull/642">arduino/setup-task#642</a> by <a href="https://github.com/shrink"><code>@shrink</code></a>).</li> <li>Fixed a bug where the action would fail is Task pushed a tag without a release (<a href="https://redirect.github.com/arduino/setup-task/pull/490">arduino/setup-task#490</a>, <a href="https://redirect.github.com/arduino/setup-task/pull/1193">arduino/setup-task#1193</a> by <a href="https://github.com/trim21"><code>@trim21</code></a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/go-task/setup-task/commit/01a4adf9db2d14c1de7a560f09170b6e0df736aa"><code>01a4adf</code></a> chore: release v2.1.0</li> <li><a href="https://github.com/go-task/setup-task/commit/56fc0886350e15a75ed1e6f4b7a83d3b831b3054"><code>56fc088</code></a> fix(taskfile): make mktemp utilities portable across BSD and GNU</li> <li><a href="https://github.com/go-task/setup-task/commit/4de50203767624993e228e2135c1d13cc156b095"><code>4de5020</code></a> chore(release): add release task automation (<a href="https://redirect.github.com/go-task/setup-task/issues/14">#14</a>)</li> <li><a href="https://github.com/go-task/setup-task/commit/f95f6c5aebc71143d70361ab79d87c447fd4c48f"><code>f95f6c5</code></a> chore(deps): update all dependencies (<a href="https://redirect.github.com/go-task/setup-task/issues/12">#12</a>)</li> <li><a href="https://github.com/go-task/setup-task/commit/dc4f00abd355059e622d428a1a905dfcd1169477"><code>dc4f00a</code></a> chore(deps): update all dependencies (<a href="https://redirect.github.com/go-task/setup-task/issues/2">#2</a>)</li> <li><a href="https://github.com/go-task/setup-task/commit/035a5f11fa6bbb298cc436d4173402c6ebfbc411"><code>035a5f1</code></a> chore: modernize stack (<a href="https://redirect.github.com/go-task/setup-task/issues/5">#5</a>)</li> <li><a href="https://github.com/go-task/setup-task/commit/099972a06751959896ae32ae844ed17001f59da5"><code>099972a</code></a> docs: mark v2.0.0 release in changelog</li> <li>See full diff in <a href="https://github.com/go-task/setup-task/compare/3be4020d41929789a01026e0e427a4321ce0ad44...01a4adf9db2d14c1de7a560f09170b6e0df736aa">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Stirling <[email protected]>
530 lines
22 KiB
YAML
530 lines
22 KiB
YAML
name: License Report Workflow
|
||
|
||
on:
|
||
push:
|
||
branches:
|
||
- main
|
||
pull_request:
|
||
branches:
|
||
- main
|
||
merge_group:
|
||
branches:
|
||
- main
|
||
|
||
concurrency:
|
||
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.ref_name || github.ref }}
|
||
cancel-in-progress: true
|
||
|
||
permissions:
|
||
contents: read
|
||
|
||
jobs:
|
||
pick:
|
||
uses: ./.github/workflows/_runner-pick.yml
|
||
|
||
files-changed:
|
||
name: detect what files changed
|
||
needs: pick
|
||
runs-on: ${{ needs.pick.outputs.is_fork == 'true' && 'ubuntu-latest' || 'depot-ubuntu-24.04-4' }}
|
||
timeout-minutes: 3
|
||
outputs:
|
||
licenses-frontend: ${{ steps.changes.outputs.licenses-frontend }}
|
||
licenses-backend: ${{ steps.changes.outputs.licenses-backend }}
|
||
steps:
|
||
- name: Harden the runner (Audit all outbound calls)
|
||
uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3
|
||
with:
|
||
egress-policy: audit
|
||
|
||
- name: Checkout repository
|
||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||
|
||
- name: Check for file changes
|
||
uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
|
||
id: changes
|
||
with:
|
||
filters: .github/config/.files.yaml
|
||
|
||
generate-frontend-license-report:
|
||
if: needs.files-changed.outputs.licenses-frontend == 'true'
|
||
name: Generate Frontend License Report
|
||
needs: [pick, files-changed]
|
||
runs-on: ${{ needs.pick.outputs.is_fork == 'true' && 'ubuntu-latest' || 'depot-ubuntu-24.04-4' }}
|
||
permissions:
|
||
contents: write
|
||
pull-requests: write
|
||
repository-projects: write # Required for enabling automerge
|
||
steps:
|
||
- name: Harden Runner
|
||
uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3
|
||
with:
|
||
egress-policy: audit
|
||
|
||
- name: Checkout PR head (default)
|
||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||
with:
|
||
fetch-depth: 0
|
||
persist-credentials: false
|
||
|
||
- name: Setup GitHub App Bot
|
||
if: (github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false)) && github.actor != 'dependabot[bot]'
|
||
id: setup-bot
|
||
uses: ./.github/actions/setup-bot
|
||
with:
|
||
app-id: ${{ secrets.GH_APP_ID }}
|
||
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
|
||
|
||
- name: Checkout BASE branch (safe script)
|
||
if: github.event_name == 'pull_request'
|
||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||
with:
|
||
ref: ${{ github.event.pull_request.base.sha }}
|
||
path: base
|
||
fetch-depth: 1
|
||
persist-credentials: false
|
||
|
||
- name: Set up Node.js
|
||
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
|
||
with:
|
||
node-version: "22"
|
||
cache: "npm"
|
||
cache-dependency-path: frontend/package-lock.json
|
||
|
||
- name: Install frontend dependencies
|
||
working-directory: frontend
|
||
env:
|
||
NPM_CONFIG_IGNORE_SCRIPTS: "true"
|
||
run: npm ci --ignore-scripts --audit=false --fund=false
|
||
|
||
- name: Install Task
|
||
uses: go-task/setup-task@01a4adf9db2d14c1de7a560f09170b6e0df736aa # v2.1.0
|
||
- name: Generate frontend license report (internal PR)
|
||
if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false
|
||
env:
|
||
PR_IS_FORK: "false"
|
||
run: task frontend:licenses:generate
|
||
|
||
- name: Generate frontend license report (fork PRs, pinned)
|
||
if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true
|
||
env:
|
||
NPM_CONFIG_IGNORE_SCRIPTS: "true"
|
||
working-directory: frontend
|
||
run: |
|
||
mkdir -p editor/src/assets
|
||
npx --yes license-report --only=prod --output=json > editor/src/assets/3rdPartyLicenses.json
|
||
|
||
- name: Postprocess with project script (BASE version)
|
||
if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true
|
||
env:
|
||
PR_IS_FORK: "true"
|
||
run: |
|
||
node base/frontend/editor/scripts/generate-licenses.js \
|
||
--input frontend/editor/src/assets/3rdPartyLicenses.json
|
||
|
||
- name: Copy postprocessed artifacts back (fork PRs)
|
||
if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true
|
||
run: |
|
||
mkdir -p frontend/editor/src/assets
|
||
if [ -f "base/frontend/editor/src/assets/3rdPartyLicenses.json" ]; then
|
||
cp base/frontend/editor/src/assets/3rdPartyLicenses.json frontend/editor/src/assets/3rdPartyLicenses.json
|
||
fi
|
||
if [ -f "base/frontend/editor/src/assets/license-warnings.json" ]; then
|
||
cp base/frontend/editor/src/assets/license-warnings.json frontend/editor/src/assets/license-warnings.json
|
||
fi
|
||
|
||
- name: Check for license warnings
|
||
run: |
|
||
if [ -f "frontend/editor/src/assets/license-warnings.json" ]; then
|
||
echo "LICENSE_WARNINGS_EXIST=true" >> $GITHUB_ENV
|
||
else
|
||
echo "LICENSE_WARNINGS_EXIST=false" >> $GITHUB_ENV
|
||
fi
|
||
|
||
# PR Event: Check licenses and comment on PR
|
||
- name: Delete previous license check comments
|
||
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false) && github.actor != 'dependabot[bot]'
|
||
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
|
||
with:
|
||
github-token: ${{ steps.setup-bot.outputs.token }}
|
||
script: |
|
||
const { owner, repo } = context.repo;
|
||
const prNumber = context.issue.number;
|
||
|
||
// Get all comments on the PR
|
||
const { data: comments } = await github.rest.issues.listComments({
|
||
owner,
|
||
repo,
|
||
issue_number: prNumber,
|
||
per_page: 100
|
||
});
|
||
|
||
// Filter for license check comments
|
||
const licenseComments = comments.filter(comment =>
|
||
comment.body.includes('## ✅ Frontend License Check Passed') ||
|
||
comment.body.includes('## ❌ Frontend License Check Failed')
|
||
);
|
||
|
||
// Delete old license check comments
|
||
for (const comment of licenseComments) {
|
||
console.log(`Deleting old license check comment: ${comment.id}`);
|
||
await github.rest.issues.deleteComment({
|
||
owner,
|
||
repo,
|
||
comment_id: comment.id
|
||
});
|
||
}
|
||
|
||
- name: Summarize results (fork PRs)
|
||
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == true) || github.actor == 'dependabot[bot]'
|
||
run: |
|
||
{
|
||
echo "## Frontend License Check"
|
||
echo ""
|
||
if [ "${LICENSE_WARNINGS_EXIST}" = "true" ]; then
|
||
echo "❌ **Failed** – incompatible or unknown licenses found."
|
||
if [ -f "frontend/editor/src/assets/license-warnings.json" ]; then
|
||
echo ""
|
||
echo "### Warnings"
|
||
jq -r '.warnings[] | "- \(.message)"' frontend/editor/src/assets/license-warnings.json || true
|
||
fi
|
||
else
|
||
echo "✅ **Passed** – no license warnings detected."
|
||
fi
|
||
echo ""
|
||
echo "_Note: This is a fork PR. PR comments are disabled; use this summary._"
|
||
} >> "$GITHUB_STEP_SUMMARY"
|
||
|
||
- name: Comment on PR - License Check Results
|
||
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false) && github.actor != 'dependabot[bot]'
|
||
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
|
||
with:
|
||
github-token: ${{ steps.setup-bot.outputs.token }}
|
||
script: |
|
||
const { owner, repo } = context.repo;
|
||
const prNumber = context.issue.number;
|
||
const hasWarnings = process.env.LICENSE_WARNINGS_EXIST === 'true';
|
||
|
||
let commentBody;
|
||
|
||
if (hasWarnings) {
|
||
// Read warnings file to get specific issues
|
||
const fs = require('fs');
|
||
let warningDetails = '';
|
||
try {
|
||
const warnings = JSON.parse(fs.readFileSync('frontend/editor/src/assets/license-warnings.json', 'utf8'));
|
||
warningDetails = warnings.warnings.map(w => `- ${w.message}`).join('\n');
|
||
} catch (e) {
|
||
warningDetails = 'Unable to read warning details';
|
||
}
|
||
|
||
commentBody = `## ❌ Frontend License Check Failed
|
||
|
||
The frontend license check has detected compatibility warnings that require review:
|
||
|
||
${warningDetails}
|
||
|
||
**Action Required:** Please review these licenses to ensure they are acceptable for your use case before merging.
|
||
|
||
_This check will fail the PR until license issues are resolved._`;
|
||
} else {
|
||
commentBody = `## ✅ Frontend License Check Passed
|
||
|
||
All frontend licenses have been validated and no compatibility warnings were detected.
|
||
|
||
The frontend license report has been updated successfully.`;
|
||
}
|
||
|
||
await github.rest.issues.createComment({
|
||
owner,
|
||
repo,
|
||
issue_number: prNumber,
|
||
body: commentBody
|
||
});
|
||
|
||
- name: Fail workflow if license warnings exist (PR only)
|
||
if: github.event_name == 'pull_request' && env.LICENSE_WARNINGS_EXIST == 'true'
|
||
run: |
|
||
echo "❌ License warnings detected. Failing the workflow."
|
||
exit 1
|
||
|
||
# Push Event: Commit license files and create PR
|
||
- name: Commit changes (Push only)
|
||
if: github.event_name == 'push'
|
||
run: |
|
||
git add frontend/editor/src/assets/3rdPartyLicenses.json
|
||
# Note: Do NOT commit license-warnings.json - it's only for PR review
|
||
git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV
|
||
|
||
- name: Prepare PR body (Push only)
|
||
if: github.event_name == 'push'
|
||
run: |
|
||
PR_BODY="Auto-generated by ${{ steps.setup-bot.outputs.app-slug }}[bot]
|
||
|
||
This PR updates the frontend license report based on changes to package.json dependencies."
|
||
|
||
if [ "${{ env.LICENSE_WARNINGS_EXIST }}" = "true" ]; then
|
||
PR_BODY="$PR_BODY
|
||
|
||
## ⚠️ License Compatibility Warnings
|
||
|
||
The following licenses may require review for corporate compatibility:
|
||
|
||
$(cat frontend/editor/src/assets/license-warnings.json | jq -r '.warnings[].message')
|
||
|
||
Please review these licenses to ensure they are acceptable for your use case."
|
||
fi
|
||
|
||
echo "PR_BODY<<EOF" >> $GITHUB_ENV
|
||
echo "$PR_BODY" >> $GITHUB_ENV
|
||
echo "EOF" >> $GITHUB_ENV
|
||
|
||
- name: Create Pull Request (Push only)
|
||
id: cpr
|
||
if: github.event_name == 'push' && env.CHANGES_DETECTED == 'true'
|
||
uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
|
||
with:
|
||
token: ${{ steps.setup-bot.outputs.token }}
|
||
commit-message: "Update Frontend 3rd Party Licenses"
|
||
committer: ${{ steps.setup-bot.outputs.committer }}
|
||
author: ${{ steps.setup-bot.outputs.committer }}
|
||
signoff: true
|
||
branch: update-frontend-3rd-party-licenses
|
||
base: main
|
||
title: "Update Frontend 3rd Party Licenses"
|
||
body: ${{ env.PR_BODY }}
|
||
labels: Licenses,github-actions,frontend
|
||
draft: false
|
||
delete-branch: true
|
||
sign-commits: true
|
||
|
||
- name: Enable Pull Request Automerge (Push only)
|
||
if: github.event_name == 'push' && steps.cpr.outputs.pull-request-operation == 'created' && env.LICENSE_WARNINGS_EXIST == 'false'
|
||
run: gh pr merge --squash --auto "${{ steps.cpr.outputs.pull-request-number }}"
|
||
env:
|
||
GH_TOKEN: ${{ steps.setup-bot.outputs.token }}
|
||
|
||
- name: Add review required label (Push only)
|
||
if: github.event_name == 'push' && steps.cpr.outputs.pull-request-operation == 'created' && env.LICENSE_WARNINGS_EXIST == 'true'
|
||
run: gh pr edit "${{ steps.cpr.outputs.pull-request-number }}" --add-label "license-review-required"
|
||
env:
|
||
GH_TOKEN: ${{ steps.setup-bot.outputs.token }}
|
||
|
||
generate-backend-license-report:
|
||
if: needs.files-changed.outputs.licenses-backend == 'true'
|
||
needs: [pick, files-changed]
|
||
name: Generate Backend License Report
|
||
runs-on: ${{ needs.pick.outputs.is_fork == 'true' && 'ubuntu-latest' || 'depot-ubuntu-24.04-4' }}
|
||
permissions:
|
||
contents: write
|
||
pull-requests: write
|
||
repository-projects: write # Required for enabling automerge
|
||
env:
|
||
DEPOT_TOKEN: ${{ secrets.DEPOT_TOKEN }}
|
||
steps:
|
||
- name: Harden Runner
|
||
uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2.19.3
|
||
with:
|
||
egress-policy: audit
|
||
|
||
- name: Checkout repository
|
||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
||
with:
|
||
fetch-depth: 0
|
||
persist-credentials: false
|
||
|
||
- name: Setup GitHub App Bot
|
||
if: (github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false)) && github.actor != 'dependabot[bot]'
|
||
id: setup-bot
|
||
uses: ./.github/actions/setup-bot
|
||
with:
|
||
app-id: ${{ secrets.GH_APP_ID }}
|
||
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
|
||
|
||
- name: Set up JDK 25
|
||
uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
|
||
with:
|
||
java-version: "25"
|
||
distribution: "temurin"
|
||
|
||
- name: Setup Gradle
|
||
uses: gradle/actions/setup-gradle@50e97c2cd7a37755bbfafc9c5b7cafaece252f6e # v6.1.0
|
||
with:
|
||
gradle-version: 9.5.1
|
||
|
||
- name: Install Task
|
||
uses: go-task/setup-task@01a4adf9db2d14c1de7a560f09170b6e0df736aa # v2.1.0
|
||
- name: Check licenses and generate report
|
||
id: license-check
|
||
run: task backend:licenses:generate || echo "LICENSE_CHECK_FAILED=true" >> $GITHUB_ENV
|
||
env:
|
||
MAVEN_USER: ${{ secrets.MAVEN_USER }}
|
||
MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }}
|
||
MAVEN_PUBLIC_URL: ${{ secrets.MAVEN_PUBLIC_URL }}
|
||
DISABLE_ADDITIONAL_FEATURES: false
|
||
STIRLING_PDF_DESKTOP_UI: true
|
||
|
||
- name: Check for license compatibility issues
|
||
run: |
|
||
if [ -f build/reports/dependency-license/dependencies-without-allowed-license.json ] && \
|
||
jq '.dependenciesWithoutAllowedLicenses | length > 0' build/reports/dependency-license/dependencies-without-allowed-license.json | grep -q true; then
|
||
echo "LICENSE_WARNINGS_EXIST=true" >> $GITHUB_ENV
|
||
else
|
||
echo "LICENSE_WARNINGS_EXIST=false" >> $GITHUB_ENV
|
||
fi
|
||
if: always()
|
||
|
||
- name: Upload artifact on license issues
|
||
if: env.LICENSE_WARNINGS_EXIST == 'true'
|
||
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
|
||
with:
|
||
name: backend-dependencies-without-allowed-license.json
|
||
path: build/reports/dependency-license/dependencies-without-allowed-license.json
|
||
|
||
- name: Move license file
|
||
if: env.LICENSE_CHECK_FAILED != 'true' && env.LICENSE_WARNINGS_EXIST == 'false'
|
||
run: |
|
||
mkdir -p app/core/src/main/resources/static
|
||
cp build/reports/dependency-license/index.json app/core/src/main/resources/static/3rdPartyLicenses.json
|
||
|
||
- name: Delete previous backend license check comments
|
||
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false) && github.actor != 'dependabot[bot]'
|
||
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
|
||
with:
|
||
github-token: ${{ steps.setup-bot.outputs.token }}
|
||
script: |
|
||
const { owner, repo } = context.repo;
|
||
const prNumber = context.issue.number;
|
||
|
||
const { data: comments } = await github.rest.issues.listComments({
|
||
owner,
|
||
repo,
|
||
issue_number: prNumber,
|
||
per_page: 100
|
||
});
|
||
|
||
const backendLicenseComments = comments.filter(comment =>
|
||
comment.body.includes('## ✅ Backend License Check Passed') ||
|
||
comment.body.includes('## ❌ Backend License Check Failed')
|
||
);
|
||
|
||
for (const comment of backendLicenseComments) {
|
||
console.log(`Deleting old backend license comment: ${comment.id}`);
|
||
await github.rest.issues.deleteComment({
|
||
owner,
|
||
repo,
|
||
comment_id: comment.id
|
||
});
|
||
}
|
||
|
||
- name: Comment on PR - Backend License Check Results
|
||
if: (github.event_name == 'pull_request' && github.event.pull_request.head.repo.fork == false) && github.actor != 'dependabot[bot]'
|
||
uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
|
||
with:
|
||
github-token: ${{ steps.setup-bot.outputs.token }}
|
||
script: |
|
||
const hasWarnings = process.env.LICENSE_WARNINGS_EXIST === 'true';
|
||
const fs = require('fs');
|
||
let warningDetails = '';
|
||
|
||
if (hasWarnings) {
|
||
try {
|
||
const warningsFile = 'build/reports/dependency-license/dependencies-without-allowed-license.json';
|
||
if (fs.existsSync(warningsFile)) {
|
||
const data = JSON.parse(fs.readFileSync(warningsFile, 'utf8'));
|
||
if (data.length > 0) {
|
||
warningDetails = data.map(dep => `- **${dep.moduleName}@${dep.moduleVersion}** – ${dep.moduleLicenses.map(l => l.licenseName).join(', ')}`).join('\n');
|
||
}
|
||
}
|
||
} catch (e) {
|
||
warningDetails = 'Unable to parse warning details.';
|
||
}
|
||
}
|
||
|
||
let commentBody;
|
||
if (hasWarnings) {
|
||
commentBody = `## ❌ Backend License Check Failed
|
||
|
||
The backend license check has detected dependencies with incompatible or unallowed licenses:
|
||
|
||
${warningDetails || 'See uploaded artifact for details.'}
|
||
|
||
**Action Required:** Please review these licenses and resolve before merging.
|
||
|
||
_This check will fail the PR until license issues are resolved._`;
|
||
} else {
|
||
commentBody = `## ✅ Backend License Check Passed
|
||
|
||
All backend dependencies have valid and allowed licenses.
|
||
|
||
The backend license report has been updated successfully.`;
|
||
}
|
||
|
||
await github.rest.issues.createComment({
|
||
owner: context.repo.owner,
|
||
repo: context.repo.repo,
|
||
issue_number: context.issue.number,
|
||
body: commentBody
|
||
});
|
||
|
||
- name: Fail workflow if license warnings exist (PR only)
|
||
if: github.event_name == 'pull_request' && env.LICENSE_WARNINGS_EXIST == 'true'
|
||
run: |
|
||
echo "❌ Backend license warnings detected. Failing the workflow."
|
||
exit 1
|
||
|
||
- name: Commit changes (push only)
|
||
if: github.event_name == 'push' && env.LICENSE_WARNINGS_EXIST == 'false'
|
||
run: |
|
||
git config user.name "${{ steps.setup-bot.outputs.committer }}"
|
||
git config user.email "${{ steps.setup-bot.outputs.committer-email || '[email protected]' }}"
|
||
git add app/core/src/main/resources/static/3rdPartyLicenses.json
|
||
git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV
|
||
|
||
- name: Prepare PR body (push only)
|
||
if: github.event_name == 'push' && env.CHANGES_DETECTED == 'true'
|
||
run: |
|
||
PR_BODY="Auto-generated by ${{ steps.setup-bot.outputs.app-slug }}[bot]
|
||
|
||
This PR updates the backend license report based on dependency changes."
|
||
|
||
if [ "${{ env.LICENSE_WARNINGS_EXIST }}" = "true" ]; then
|
||
PR_BODY="$PR_BODY
|
||
|
||
## ⚠️ License Compatibility Warnings
|
||
|
||
Incompatible licenses detected – manual review required before merge."
|
||
fi
|
||
echo "PR_BODY<<EOF" >> $GITHUB_ENV
|
||
echo "$PR_BODY" >> $GITHUB_ENV
|
||
echo "EOF" >> $GITHUB_ENV
|
||
|
||
- name: Create Pull Request (push only)
|
||
if: github.event_name == 'push' && env.CHANGES_DETECTED == 'true'
|
||
id: cpr
|
||
uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
|
||
with:
|
||
token: ${{ steps.setup-bot.outputs.token }}
|
||
commit-message: "Update Backend 3rd Party Licenses"
|
||
committer: ${{ steps.setup-bot.outputs.committer }}
|
||
author: ${{ steps.setup-bot.outputs.committer }}
|
||
signoff: true
|
||
branch: update-backend-3rd-party-licenses
|
||
base: main
|
||
title: "Update Backend 3rd Party Licenses"
|
||
body: ${{ env.PR_BODY }}
|
||
labels: Licenses,github-actions,backend
|
||
delete-branch: true
|
||
sign-commits: true
|
||
|
||
- name: Enable Pull Request Automerge (push only, no warnings)
|
||
if: github.event_name == 'push' && steps.cpr.outputs.pull-request-operation == 'created' && env.LICENSE_WARNINGS_EXIST == 'false'
|
||
run: gh pr merge --squash --auto "${{ steps.cpr.outputs.pull-request-number }}"
|
||
env:
|
||
GH_TOKEN: ${{ steps.setup-bot.outputs.token }}
|
||
|
||
- name: Add review required label (push only, with warnings)
|
||
if: github.event_name == 'push' && steps.cpr.outputs.pull-request-operation == 'created' && env.LICENSE_WARNINGS_EXIST == 'true'
|
||
run: gh pr edit "${{ steps.cpr.outputs.pull-request-number }}" --add-label "license-review-required"
|
||
env:
|
||
GH_TOKEN: ${{ steps.setup-bot.outputs.token }}
|