Skip to content
License Compatibility (LCC dogfooding)

Release/v1.0.0 prep #4

Sign in to view logs

Release/v1.0.0 prep

Release/v1.0.0 prep #4

Workflow file for this run

.github/workflows/license-compatibility.yml at 285644e
name: License Compatibility (LCC dogfooding)
# AiExponent dogfooding gate: every released tool runs LCC against itself
# to surface license compatibility issues across the dependency tree.
# Initially warn-only — promote to gating once the baseline is clean.
#
# Source obligation: PRD-v2.0 section 5.5 (Dependency scanning via LCC's
# own eu-ai-act-compliance policy at every release).
on:
push:
branches: [main]
pull_request:
schedule:
- cron: "0 4 * * 1"
permissions:
contents: read
jobs:
lcc-scan:
name: LCC self-scan (warn-only)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/setup-python@v6
with:
python-version: "3.11"
- name: Install License Compliance Checker
run: |
python -m pip install --upgrade pip
pip install license-compliance-checker
- name: Run LCC scan (permissive policy, warn-only)
run: |
lcc scan . \
--format json \
--output lcc-report.json \
--policy permissive \
--exclude "tests/**" \
--exclude ".git/**" \
--exclude "dist/**" \
--exclude "build/**" \
|| true
- name: Upload LCC report
if: always()
uses: actions/upload-artifact@v7
with:
name: lcc-report
path: lcc-report.json
if-no-files-found: warn
- name: Summarise LCC findings
if: always()
run: |
python - <<'PY'
import json, sys
try:
report = json.load(open("lcc-report.json", encoding="utf-8"))
except Exception as e:
print(f"::warning::could not read lcc-report.json: {e}")
sys.exit(0)
summary = report.get("summary", {})
violations = summary.get("violations", 0)
components = summary.get("component_count", 0)
if violations:
print(f"::warning::LCC found {violations} license violation(s) across {components} components.")
else:
print(f"LCC scan clean: {components} components, 0 violations.")
PY