Skip to content

Consolidate dependabot PRs #1058

Consolidate dependabot PRs

Consolidate dependabot PRs #1058

Workflow file for this run

on:
push:
branches:
- main
pull_request:
env:
TRIVY_VERSION: 0.47.0
name: License scan
jobs:
license:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: '^1.20.0'
- name: Install Go deps
run: go mod download
- name: Setup Node.js
uses: actions/setup-node@v4
with:
cache: yarn
cache-dependency-path: web/yarn.lock
- name: Install Node.js deps
working-directory: web
run: yarn install
- name: Install trivy
run: |
wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.deb"
sudo dpkg -i "trivy_${TRIVY_VERSION}_Linux-64bit.deb"
- name: Create license report artifact
run: trivy fs --scanners license --skip-dirs ".github" --skip-files "package-lock.json,bin/scan-images/package-lock.json" . | tee license-report.txt
- name: Upload license report artifact
uses: actions/upload-artifact@v4
with:
name: license-report
path: license-report.txt
- name: Check for unknown licenses
run: |
trivy fs --scanners license --skip-dirs ".github" --skip-files "package-lock.json,bin/scan-images/package-lock.json" --exit-code 1 --severity UNKNOWN . || echo "::warning::Unknown licenses found, please verify"
- name: Check for forbidden licenses and fail
run: trivy fs --scanners license --skip-dirs ".github" --skip-files "package-lock.json,bin/scan-images/package-lock.json" --exit-code 1 --severity CRITICAL,HIGH .