Skip to content

Commit

Permalink
feat(ci): add dash dependency check
Browse files Browse the repository at this point in the history
  • Loading branch information
paullatzelsperger committed Jul 12, 2023
1 parent 535fa6d commit 20ecf1d
Showing 1 changed file with 58 additions and 0 deletions.
58 changes: 58 additions & 0 deletions .github/workflows/dependency-check.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
name: 'Dependency Review'
on:
push:
branches:
- main
pull_request:

permissions:
contents: read

jobs:
Check-Allowed-Licenses:
runs-on: ubuntu-latest
continue-on-error: false
if: ${{ github.event_name == 'pull_request' }}
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
fail-on-severity: critical
# Representation of this list: https://www.eclipse.org/legal/licenses.php#
# Expressed with the help of the following IDs: https://spdx.org/licenses/
allow-licenses: >-
Adobe-Glyph, Apache-1.0, Apache-1.1, Apache-2.0, Artistic-2.0, BSD-2-Clause, BSD-3-Clause,
BSD-4-Clause, 0BSD, BSL-1.0, CDDL-1.0, CDDL-1.1, CPL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-2.5,
CC-BY-SA-3.0, CC-BY-SA-4.0, CC0-1.0, EPL-1.0, EPL-2.0, FTL, GFDL-1.3-only, IPL-1.0, ISC,
MIT, MIT-0, MPL-1.1, MPL-2.0, NTP, OpenSSL, PHP-3.01, PostgreSQL, OFL-1.1, Unlicense,
Unicode-DFS-2015, Unicode-DFS-2016, Unicode-TOU, UPL-1.0, W3C-20150513, W3C-19980720, W3C,
WTFPL, X11, Zlib, ZPL-2.1
Dash-Dependency-Check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-build
- name: Download latest Eclipse Dash
run: |
curl -L https://repo.eclipse.org/service/local/artifact/maven/redirect\?r\=dash-licenses\&g\=org.eclipse.dash\&a\=org.eclipse.dash.licenses\&v\=LATEST --output dash.jar
- name: Regenerate DEPENDENCIES
run: |
# dash returns a nonzero exit code if there are libs that need review. the "|| true" avoids that
./gradlew allDependencies | grep -Poh "(?<=\s)[\w.-]+:[\w.-]+:[^:\s\[\]]+" | sort | uniq | java -jar dash.jar - -summary DEPENDENCIES-gen || true
# log warning if restricted deps are found
grep -E 'restricted' DEPENDENCIES | if test $(wc -l) -gt 0; then
echo "::warning file=DEPENDENCIES,title=Restricted Dependencies found::Some dependencies are marked 'restricted' - please review them"
fi
# log error and fail job if rejected deps are found
grep -E 'rejected' DEPENDENCIES | if test $(wc -l) -gt 0; then
echo "::error file=DEPENDENCIES,title=Rejected Dependencies found::Some dependencies are marked 'rejected', they cannot be used"
exit 1
fi
- name: Check for differences
run: |
diff DEPENDENCIES DEPENDENCIES-gen

0 comments on commit 20ecf1d

Please sign in to comment.