Skip to content

Commit cd3f56b

Browse files
committed
Added licensed check workflow
1 parent b4e4711 commit cd3f56b

File tree

1 file changed

+171
-0
lines changed

1 file changed

+171
-0
lines changed
Lines changed: 171 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,171 @@
1+
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-npm-dependencies-task.md
2+
name: Check npm Dependencies
3+
4+
# See: https://docs.github.com/actions/reference/workflows-and-actions/events-that-trigger-workflows
5+
on:
6+
create:
7+
push:
8+
paths:
9+
- ".github/workflows/check-npm-dependencies-task.ya?ml"
10+
- ".licenses/**"
11+
- ".licensed.json"
12+
- ".licensed.ya?ml"
13+
- ".npmrc"
14+
- "go.mod"
15+
- "go.sum"
16+
- "Taskfile.ya?ml"
17+
- "**/.gitmodules"
18+
- "**/package.json"
19+
- "**/package-lock.json"
20+
pull_request:
21+
paths:
22+
- ".github/workflows/check-npm-dependencies-task.ya?ml"
23+
- ".licenses/**"
24+
- ".npmrc"
25+
- ".licensed.json"
26+
- ".licensed.ya?ml"
27+
- "go.mod"
28+
- "go.sum"
29+
- "Taskfile.ya?ml"
30+
- "**/.gitmodules"
31+
- "**/package.json"
32+
- "**/package-lock.json"
33+
schedule:
34+
# Run periodically to catch breakage caused by external changes.
35+
- cron: "0 8 * * WED"
36+
workflow_dispatch:
37+
repository_dispatch:
38+
39+
jobs:
40+
run-determination:
41+
runs-on: ubuntu-latest
42+
permissions: {}
43+
outputs:
44+
result: ${{ steps.determination.outputs.result }}
45+
steps:
46+
- name: Determine if the rest of the workflow should run
47+
id: determination
48+
run: |
49+
RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x"
50+
# The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead.
51+
if [[
52+
"${{ github.event_name }}" != "create" ||
53+
"${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX
54+
]]; then
55+
# Run the other jobs.
56+
RESULT="true"
57+
else
58+
# There is no need to run the other jobs.
59+
RESULT="false"
60+
fi
61+
62+
echo "result=$RESULT" >>$GITHUB_OUTPUT
63+
64+
check-cache:
65+
needs: run-determination
66+
if: needs.run-determination.outputs.result == 'true'
67+
runs-on: ubuntu-latest
68+
permissions:
69+
contents: read
70+
71+
steps:
72+
- name: Checkout repository
73+
uses: actions/checkout@v6
74+
with:
75+
submodules: recursive
76+
77+
# This is required to allow licensee/setup-licensed to install licensed via Ruby gem.
78+
- name: Install Ruby
79+
uses: ruby/setup-ruby@v1
80+
with:
81+
ruby-version: ruby # Install latest version
82+
83+
- name: Install licensed
84+
uses: licensee/setup-licensed@v1.3.2
85+
with:
86+
github_token: ${{ secrets.GITHUB_TOKEN }}
87+
version: 5.x
88+
89+
- name: Install Go
90+
uses: actions/setup-go@v6
91+
with:
92+
go-version-file: go.mod
93+
94+
- name: Setup Node.js
95+
uses: actions/setup-node@v6
96+
with:
97+
node-version-file: package.json
98+
99+
- name: Update dependencies license metadata cache
100+
run: |
101+
go tool \
102+
github.com/go-task/task/v3/cmd/task \
103+
--silent \
104+
general:cache-dep-licenses
105+
106+
- name: Check for outdated cache
107+
id: diff
108+
run: |
109+
git add .
110+
if
111+
! git diff \
112+
--cached \
113+
--color \
114+
--exit-code
115+
then
116+
echo
117+
echo "::error::Dependency license metadata out of sync. See: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-go-dependencies-task.md#metadata-cache"
118+
exit 1
119+
fi
120+
121+
# Some might find it convenient to have CI generate the cache rather than setting up for it locally
122+
- name: Upload cache to workflow artifact
123+
if: failure() && steps.diff.outcome == 'failure'
124+
uses: actions/upload-artifact@v6
125+
with:
126+
if-no-files-found: error
127+
include-hidden-files: true
128+
name: dep-licenses-cache
129+
path: .licenses/
130+
131+
check-deps:
132+
needs: run-determination
133+
if: needs.run-determination.outputs.result == 'true'
134+
runs-on: ubuntu-latest
135+
permissions:
136+
contents: read
137+
138+
steps:
139+
- name: Checkout repository
140+
uses: actions/checkout@v6
141+
with:
142+
submodules: recursive
143+
144+
# This is required to allow licensee/setup-licensed to install licensed via Ruby gem.
145+
- name: Install Ruby
146+
uses: ruby/setup-ruby@v1
147+
with:
148+
ruby-version: ruby # Install latest version
149+
150+
- name: Install licensed
151+
uses: licensee/setup-licensed@v1.3.2
152+
with:
153+
github_token: ${{ secrets.GITHUB_TOKEN }}
154+
version: 5.x
155+
156+
- name: Install Go
157+
uses: actions/setup-go@v6
158+
with:
159+
go-version-file: go.mod
160+
161+
- name: Setup Node.js
162+
uses: actions/setup-node@v6
163+
with:
164+
node-version-file: package.json
165+
166+
- name: Check for dependencies with unapproved licenses
167+
run: |
168+
go tool \
169+
github.com/go-task/task/v3/cmd/task \
170+
--silent \
171+
general:check-dep-licenses

0 commit comments

Comments
 (0)