Skip to content
License Compliance

License checks #17

Sign in to view logs

License checks

License checks #17

Workflow file for this run

.github/workflows/license-compliance.yml at 25cccde
name: License Compliance
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
license-compliance:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: 3.9
- name: Install dependencies
run: |
python -m venv venv
. venv/bin/activate
pip install -r requirements.txt
- name: Check licenses
run: |
. venv/bin/activate
pip install pip-licenses
pip-licenses --from=mixed --output-file=dependency_licenses.json --format=json
- name: 'Parse Dependency licenses'
id: parse-dependency-licenses
run: |
dependency_licenses=$(cat dependency_licenses.json)
echo "::set-output name=dependency-licenses::${dependency_licenses}"
- name: 'Compare Dependency licenses'
id: compare-dependency-licenses
run: |
dependency_licenses=${{ steps.parse-dependency-licenses.outputs.dependency-licenses }}
permitted_licenses="MIT,Apache-2.0,BSD,EPL1"
non_compliant_packages=""
for package in $(echo "${dependency_licenses}" | jq -r '.[] | .Package')
do
license=$(echo "${dependency_licenses}" | jq -r --arg package "$package" '.[] | select(.Package == $package) | .License')
if [[ ! ",${permitted_licenses}," =~ ",${license}," ]]; then
echo "Error: Package $package has an unrecognized license: $license"
non_compliant_packages+="Package $package has an unrecognized license: $license\n"
fi
done
echo "::set-output name=non-compliant-packages::${non_compliant_packages}"
if [ -n "${non_compliant_packages}" ]; then
exit 1
fi
- name: 'Upload Dependency License Report'
if: always()
uses: actions/upload-artifact@v2
with:
name: dependency-license-report
path: dependency_licenses.json
- name: 'Upload License Compliance Results'
if: always()
uses: actions/upload-artifact@v2
with:
name: license-compliance-results
path: license_compliance_results.txt
- name: License compliance summary
run: echo "License compliance check completed. See artifacts for details."