Skip to content
License Compliance

fix: sbom on docs pipeline (#39) #55

Sign in to view logs

fix: sbom on docs pipeline (#39)

fix: sbom on docs pipeline (#39) #55

Workflow file for this run

.github/workflows/license.yml at 2756fd0
name: License Compliance
on:
push:
branches: [main]
pull_request:
branches: [main]
schedule:
# Check license compliance weekly
- cron: '0 3 * * 1'
permissions:
contents: write
pull-requests: write
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
FORCE_COLOR: 1
jobs:
license-headers:
name: License Header Compliance
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
fetch-depth: 0
- name: Setup Go for license tooling
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
with:
go-version: '1.24'
- name: Install skywalking-eyes license checker
run: |
go install github.com/apache/skywalking-eyes/cmd/license-eye@latest
echo "$(go env GOPATH)/bin" >> "$GITHUB_PATH"
- name: Check license headers
run: |
echo "Checking license headers in source files..."
if license-eye header check; then
echo "✅ All source files have proper license headers"
else
echo "❌ Some files are missing license headers"
echo "::error::License headers are missing. Please run pre-commit hooks locally to fix them."
echo "::notice::Run 'mise run license-headers-fix' or ensure pre-commit hooks are enabled"
exit 1
fi
dependency-licenses:
name: Dependency License Audit (Node.js ${{ matrix.node-version }})
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
node-version: [22, 24]
steps:
- name: Checkout code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Setup pnpm
uses: pnpm/action-setup@f2b2b233b538f500472c7274c7012f57857d8ce0 # v4.1.0
- name: Setup Node.js ${{ matrix.node-version }}
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
with:
node-version: ${{ matrix.node-version }}
- name: Setup mise
uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0
with:
install: true
cache: true
- name: Install dependencies
run: pnpm install --frozen-lockfile
- name: Check dependency licenses
run: pnpm run license-check
- name: Generate license report
run: |
{
echo "# Dependency License Report";
echo "";
echo "Generated on: $(date -u)";
echo "";
echo "## Approved Licenses";
echo "- MIT";
echo "- ISC";
echo "- BSD-2-Clause";
echo "- BSD-3-Clause";
echo "- Apache-2.0";
echo "";
echo "## License Summary";
} >> license-report.md
# Generate license summary table
pnpm exec license-checker --summary --onlyAllow 'MIT;ISC;BSD-2-Clause;BSD-3-Clause;Apache-2.0;UNLICENSED' --excludePrivatePackages >> license-report.md
- name: Upload license report
uses: actions/upload-artifact@de65e23aa2b7e23d713bb51fbfcb6d502f8667d8 # v4.6.2
with:
name: license-report-${{ matrix.node-version }}-${{ github.sha }}
path: license-report.md
retention-days: 30
license-compliance-gate:
name: License Compliance Gate
runs-on: ubuntu-latest
needs: [license-headers, dependency-licenses]
if: always()
steps:
- name: Check all compliance jobs
run: |
if [[ "${{ needs.license-headers.result }}" != "success" ]] || [[ "${{ needs.dependency-licenses.result }}" != "success" ]]; then
echo "❌ License compliance check failed"
echo "License headers: ${{ needs.license-headers.result }}"
echo "Dependency licenses: ${{ needs.dependency-licenses.result }}"
exit 1
fi
echo "✅ All license compliance checks passed"