Skip to content

Security Work Order Repair #2461

Security Work Order Repair

Security Work Order Repair #2461

# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
name: Third-party Dependencies Check
on: [push, pull_request]
env:
MAVEN_OPTS: -Dhttp.keepAlive=false -Dmaven.wagon.http.pool=false -Dmaven.wagon.http.retryHandler.class=standard -Dmaven.wagon.http.retryHandler.count=3 -Dmaven.wagon.httpconnectionManager.ttlSeconds=120
jobs:
third-party-dependencies-check-:
runs-on: ubuntu-latest
steps:
- name: Checkout source
uses: actions/checkout@v2
- name: Set up JDK 8
uses: actions/setup-java@v2
with:
java-version: '8'
distribution: 'adopt'
- name: mvn install
run:
#pom.xml also introduce linkis related jar,so run mvn install in first time
./mvnw install -Dmaven.test.skip=true -Dmaven.javadoc.skip=true
- name: mvn dependency:copy-dependencies
run:
./mvnw dependency:copy-dependencies -DincludeScope=runtime -DoutputDirectory=${{ github.workspace }}/current_dependencies
- name: generate current_dependencies.txt
run: |
ls ${{ github.workspace }}/current_dependencies |egrep -v "^linkis" |sort > ~/current_dependencies.txt
cat ~/current_dependencies.txt
- name: check third dependencies
run: |
#by using commond join ,to check whether there are new third-party dependencies,compared with file(tool/dependencies/known-dependencies.txt)
sort ${{ github.workspace }}/tool/dependencies/known-dependencies.txt > ~/known-dependencies.txt
join -t : -o 1.1 2.1 -a2 ~/known-dependencies.txt ~/current_dependencies.txt > ~/result.txt
#print new third-party dependencies name if it exists
awk -F ":" '{if($1=="")print $2" is not in file known-dependencies.txt!\n You can refer to this guide to repair it(你可以参考这个执行进行修复):https://linkis.apache.org/zh-CN/docs/latest/development/development-specification/license"}' ~/result.txt
result=`awk -F ":" '{if($1=="")print $2}' ~/result.txt |wc -l`
#if has new third-party,the Action will fail
if [[ $result == 0 ]];then echo "All third dependencies is known!" ;else exit 1;fi