|
| 1 | +name: pr check |
| 2 | + |
| 3 | +description: | |
| 4 | + Check for new issues introduced by a pull request. |
| 5 | +
|
| 6 | + Note: Currently limited to license-related issues. |
| 7 | +
|
| 8 | +inputs: |
| 9 | + api-key: |
| 10 | + description: The API key to access fossa.com |
| 11 | + required: true |
| 12 | + base-ref: |
| 13 | + description: | |
| 14 | + The ref (name) of the base branch in the context of a pull request. |
| 15 | + Only for display purposes, not required. |
| 16 | + required: false |
| 17 | + base-revision: |
| 18 | + description: | |
| 19 | + The revision (commit SHA) of the base branch in the context of a pull request. |
| 20 | + required: true |
| 21 | + configuration-file: |
| 22 | + description: Path to the FOSSA configuration file |
| 23 | + required: false |
| 24 | + default: .fossa.yml |
| 25 | + path: |
| 26 | + description: Path to the directory for scanning |
| 27 | + default: . |
| 28 | + required: false |
| 29 | + revision: |
| 30 | + description: | |
| 31 | + The revision (commit sha) of the HEAD branch in the context of a pull request. |
| 32 | + required: true |
| 33 | + |
| 34 | +runs: |
| 35 | + using: composite |
| 36 | + steps: |
| 37 | + - name: Check for new issues against the base ref=${{ inputs.base-ref }} |
| 38 | + id: check |
| 39 | + env: |
| 40 | + BASE_REF: ${{ inputs.base-ref }} |
| 41 | + BASE_REVISION: ${{ inputs.base-revision }} |
| 42 | + CONFIGURATION_FILE: ${{ inputs.configuration-file }} |
| 43 | + DIRECTORY_PATH: ${{ inputs.path }} |
| 44 | + FOSSA_API_KEY: ${{ inputs.api-key }} |
| 45 | + REVISION: ${{ inputs.revision }} |
| 46 | + run: | |
| 47 | + # Run fossa test |
| 48 | + results=$(fossa test "${DIRECTORY_PATH}" --config "${CONFIGURATION_FILE}" --diff "${BASE_REVISION}" --revision "${REVISION}" --format json || true) |
| 49 | +
|
| 50 | + license_issues=$(echo "$results" | jq -c '.issues | map(select(.type == "policy_flag"))') |
| 51 | + license_issues_count=$(echo "$license_issues" | jq '. | length') |
| 52 | + security_issues=$(echo "$results" | jq -c '.issues | map(select(.type == "vulnerability"))') |
| 53 | + security_issues_count=$(echo "$security_issues" | jq '. | length') |
| 54 | +
|
| 55 | + echo "License issues: ${license_issues_count}" |
| 56 | + echo "Security issues: ${security_issues_count} (non-license issues are currently ignored)" |
| 57 | +
|
| 58 | + echo "license-issues=${license_issues}" >> $GITHUB_OUTPUT |
| 59 | + echo "license-issues-count=${license_issues_count}" >> $GITHUB_OUTPUT |
| 60 | + shell: bash |
| 61 | + - name: License Issues found - Action needed |
| 62 | + if: fromJSON(steps.check.outputs.license-issues-count) > 0 |
| 63 | + env: |
| 64 | + FOSSA_API_KEY: ${{ inputs.api-key }} |
| 65 | + LICENSE_ISSUES: ${{ steps.check.outputs.license-issues }} |
| 66 | + LICENSE_ISSUES_COUNT: ${{ steps.check.outputs.license-issues-count }} |
| 67 | + run: | |
| 68 | + echo "This PR introduces new license issues that must be addressed prior to merging." |
| 69 | + echo "HOW-TO: https://confluence.camunda.com/spaces/HAN/pages/277024795/FOSSA#FOSSA-Handlelicenseissues" |
| 70 | + echo "License Issues:" |
| 71 | + echo "${LICENSE_ISSUES}" | jq -r '.[] | "- Package: \(.revisionId)\n License: \(.license)\n Issue URL: \(.issueDashURL)\n"' |
| 72 | + echo "Adding an annotation to the GitHub job for visibility and exiting with error..." |
| 73 | + echo "::error title=License Check (job=${{ github.job }})::${LICENSE_ISSUES_COUNT} issue found. Please check the logs and resolve before merging." |
| 74 | + exit 1 |
| 75 | + shell: bash |
0 commit comments