Merge pull request #6 from Ablaze-MIRAI/dependabot/npm_and_yarn/next-… #14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Trivy CI | |
| permissions: {} | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| push: | |
| branches: | |
| - "**" | |
| jobs: | |
| eslint: | |
| name: 🔍️ Check license of packages with Trivy | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Use Node.js ${{ matrix.node-version }} | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 24 | |
| - name: Install pnpm | |
| run: corepack disable && npm install -g pnpm | |
| - name: Install dependencies | |
| run: pnpm install | |
| - name: Run Trivy License Scan | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| scanners: 'license' | |
| format: 'json' | |
| output: 'trivy-result.json' | |
| version: latest | |
| - name: Log trivy-result.json | |
| run: cat trivy-result.json | |
| - name: Setup OPA | |
| uses: open-policy-agent/setup-opa@v2 | |
| with: | |
| version: latest | |
| - name: Evaluate Policy | |
| run: | | |
| opa eval -i trivy-result.json -d .github/license.rego "data.user.license_check.deny" --format json > opa-result.json | |
| cat opa-result.json | |
| jq -e '.result[0].expressions[0].value | length == 0' opa-result.json > /dev/null |