Skip to content

Commit

Permalink
feat(ci): reuse dependency check from .github
Browse files Browse the repository at this point in the history
  • Loading branch information
paullatzelsperger committed Jul 14, 2023
1 parent caaf554 commit b92ecda
Showing 1 changed file with 2 additions and 69 deletions.
71 changes: 2 additions & 69 deletions .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,72 +9,5 @@ permissions:
contents: read

jobs:
Check-Allowed-Licenses:
runs-on: ubuntu-latest
continue-on-error: false
steps:
- name: 'Checkout Repository'
uses: actions/checkout@v3
- name: 'Dependency Review'
uses: actions/dependency-review-action@v3
with:
fail-on-severity: critical
# Representation of this list: https://www.eclipse.org/legal/licenses.php#
# Expressed with the help of the following IDs: https://spdx.org/licenses/
allow-licenses: >-
Adobe-Glyph, Apache-1.0, Apache-1.1, Apache-2.0, Artistic-2.0, BSD-2-Clause, BSD-3-Clause,
BSD-4-Clause, 0BSD, BSL-1.0, CDDL-1.0, CDDL-1.1, CPL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-2.5,
CC-BY-SA-3.0, CC-BY-SA-4.0, CC0-1.0, EPL-1.0, EPL-2.0, FTL, GFDL-1.3-only, IPL-1.0, ISC,
MIT, MIT-0, MPL-1.1, MPL-2.0, NTP, OpenSSL, PHP-3.01, PostgreSQL, OFL-1.1, Unlicense,
Unicode-DFS-2015, Unicode-DFS-2016, Unicode-TOU, UPL-1.0, W3C-20150513, W3C-19980720, W3C,
WTFPL, X11, Zlib, ZPL-2.1
Dash-Dependency-Check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-build
- name: Download latest Eclipse Dash
run: |
curl -L https://repo.eclipse.org/service/local/artifact/maven/redirect\?r\=dash-licenses\&g\=org.eclipse.dash\&a\=org.eclipse.dash.licenses\&v\=LATEST --output dash.jar
- name: Regenerate DEPENDENCIES
run: |
# dash returns a nonzero exit code if there are libs that need review. the "|| true" avoids that
./gradlew allDependencies | grep -Poh "(?<=\s)[\w.-]+:[\w.-]+:[^:\s\[\]]+" | sort | uniq | java -jar dash.jar - -summary DEPENDENCIES-gen || true
# log warning if restricted deps are found
grep -E 'restricted' DEPENDENCIES | if test $(wc -l) -gt 0; then
echo "::warning file=DEPENDENCIES,title=Restricted Dependencies found::Some dependencies are marked 'restricted' - please review them"
fi
# log error and fail job if rejected deps are found
grep -E 'rejected' DEPENDENCIES | if test $(wc -l) -gt 0; then
echo "::error file=DEPENDENCIES,title=Rejected Dependencies found::Some dependencies are marked 'rejected', they cannot be used"
exit 1
fi
- name: Check for differences
run: |
if diff DEPENDENCIES DEPENDENCIES-gen ; then
echo "DEPENDENCIES up-do-date"
else
diff DEPENDENCIES DEPENDENCIES-gen
echo "------------------------------------------------------------"
echo "Please copy the following content back to DEPENDENCIES"
cat DEPENDENCIES-gen
echo "end of content"
echo "::error file=DEPENDENCIES,title=Dependencies outdated::The DEPENDENCIES file was outdated and must be regenerated. Check the output of this job for more information"
exit 1
fi

Dependency-Analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/setup-build

- name: Dependency rules report
run: ./gradlew -Dorg.gradle.jvmargs="-Xmx1g" buildHealth

- name: Dependency analysis report
run: cat build/reports/dependency-analysis/build-health-report.txt
dependencies:
uses: eclipse-edc/.github/.github/workflows/dependency-check.yml@main

0 comments on commit b92ecda

Please sign in to comment.