Skip to content

chore: add license review to CI #12981

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 25 commits into from
Apr 17, 2024
Merged

chore: add license review to CI #12981

Changes from 1 commit
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
7f47fd8
chore: add license review to CI
sreya Apr 16, 2024
8a8300c
report on invalid licenses
sreya Apr 16, 2024
3775d6d
test omitting MIT
sreya Apr 16, 2024
b7e7bb9
whoops
sreya Apr 16, 2024
c5c6ffa
try omitting apache
sreya Apr 16, 2024
58e39ee
attempt adding a GPL go pkg
sreya Apr 16, 2024
6d7a0dc
Revert "attempt adding a GPL go pkg"
sreya Apr 16, 2024
4404ea1
fmt
sreya Apr 16, 2024
444db54
gpl npm
sreya Apr 16, 2024
fcde457
always run report
sreya Apr 17, 2024
d9e72ad
quote
sreya Apr 17, 2024
d7ad1e8
add nested dependency
sreya Apr 17, 2024
bce7115
Revert "gpl npm"
sreya Apr 17, 2024
c252fb1
add a gpl go package to be sure we detect both
sreya Apr 17, 2024
71e6924
Revert "add a gpl go package to be sure we detect both"
sreya Apr 17, 2024
eed768f
Revert "add nested dependency"
sreya Apr 17, 2024
a227f0f
update license list
sreya Apr 17, 2024
37833aa
try a valid dependency
sreya Apr 17, 2024
84de36a
update action to support checking all fields in the payload
sreya Apr 17, 2024
419f1e8
Reapply "add nested dependency"
sreya Apr 17, 2024
bd799d6
format output
sreya Apr 17, 2024
7d7220f
Revert "Reapply "add nested dependency""
sreya Apr 17, 2024
428ac03
Revert "try a valid dependency"
sreya Apr 17, 2024
e450103
Reapply "add a gpl go package to be sure we detect both"
sreya Apr 17, 2024
245d44e
Revert "Reapply "add a gpl go package to be sure we detect both""
sreya Apr 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fmt
  • Loading branch information
@sreya
sreya committed Apr 16, 2024
commit 4404ea100f52cb4bf104189f5f0db5fa7c84e15f
8 changes: 4 additions & 4 deletions .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -899,22 +899,22 @@ jobs:
run: |
make sqlc-vet

# dependency-license-review checks that no license-incompatible dependencies have been introduced.
# dependency-license-review checks that no license-incompatible dependencies have been introduced.
# This action is not intended to do a vulnerability check since that is handled by a separate action.
dependency-license-review:
runs-on: ubuntu-latest
steps:
- name: 'Checkout Repository'
- name: "Checkout Repository"
uses: actions/checkout@v4
- name: 'Dependency Review'
- name: "Dependency Review"
id: review
uses: actions/dependency-review-action@v4
with:
#allow-licenses: Apache-2.0, BSD-2-Clause, BSD-3-Clause, CC0-1.0, ISC, MIT, MIT-0, MPL-2.0
allow-licenses: BSD-2-Clause, BSD-3-Clause, CC0-1.0, ISC, MIT, MIT-0, MPL-2.0
license-check: true
vulnerability-check: false
- name: 'Report'
- name: "Report"
# make sure this step runs even if the previous failed
if: ${{ failure() && steps.review.conclusion == 'failure' }}
shell: bash
Expand Down