github: Use IAM Roles to push files on AWS S3 #159
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-license.md | |
name: Check License | |
env: | |
EXPECTED_LICENSE_FILENAME: LICENSE.txt | |
# SPDX identifier: https://spdx.org/licenses/ | |
EXPECTED_LICENSE_TYPE: Apache-2.0 | |
# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows | |
on: | |
create: | |
push: | |
paths: | |
- ".github/workflows/check-license.ya?ml" | |
# See: https://github.com/licensee/licensee/blob/master/docs/what-we-look-at.md#detecting-the-license-file | |
- "[cC][oO][pP][yY][iI][nN][gG]*" | |
- "[cC][oO][pP][yY][rR][iI][gG][hH][tH]*" | |
- "[lL][iI][cC][eE][nN][cCsS][eE]*" | |
- "[oO][fF][lL]*" | |
- "[pP][aA][tT][eE][nN][tT][sS]*" | |
pull_request: | |
paths: | |
- ".github/workflows/check-license.ya?ml" | |
- "[cC][oO][pP][yY][iI][nN][gG]*" | |
- "[cC][oO][pP][yY][rR][iI][gG][hH][tH]*" | |
- "[lL][iI][cC][eE][nN][cCsS][eE]*" | |
- "[oO][fF][lL]*" | |
- "[pP][aA][tT][eE][nN][tT][sS]*" | |
schedule: | |
# Run periodically to catch breakage caused by external changes. | |
- cron: "0 6 * * WED" | |
workflow_dispatch: | |
repository_dispatch: | |
jobs: | |
run-determination: | |
runs-on: ubuntu-latest | |
outputs: | |
result: ${{ steps.determination.outputs.result }} | |
steps: | |
- name: Determine if the rest of the workflow should run | |
id: determination | |
run: | | |
RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x" | |
# The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead. | |
if [[ | |
"${{ github.event_name }}" != "create" || | |
"${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX | |
]]; then | |
# Run the other jobs. | |
RESULT="true" | |
else | |
# There is no need to run the other jobs. | |
RESULT="false" | |
fi | |
echo "::set-output name=result::$RESULT" | |
check-license: | |
needs: run-determination | |
if: needs.run-determination.outputs.result == 'true' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Install Ruby | |
uses: ruby/setup-ruby@v1 | |
with: | |
ruby-version: ruby # Install latest version | |
- name: Install licensee | |
run: gem install licensee | |
- name: Check license file | |
run: | | |
EXIT_STATUS=0 | |
# See: https://github.com/licensee/licensee | |
LICENSEE_OUTPUT="$(licensee detect --json --confidence=100)" | |
DETECTED_LICENSE_FILE="$(echo "$LICENSEE_OUTPUT" | jq .matched_files[0].filename | tr --delete '\r')" | |
echo "Detected license file: $DETECTED_LICENSE_FILE" | |
if [ "$DETECTED_LICENSE_FILE" != "\"${EXPECTED_LICENSE_FILENAME}\"" ]; then | |
echo "::error file=${DETECTED_LICENSE_FILE}::detected license file $DETECTED_LICENSE_FILE doesn't match expected: $EXPECTED_LICENSE_FILENAME" | |
EXIT_STATUS=1 | |
fi | |
DETECTED_LICENSE_TYPE="$(echo "$LICENSEE_OUTPUT" | jq .matched_files[0].matched_license | tr --delete '\r')" | |
echo "Detected license type: $DETECTED_LICENSE_TYPE" | |
if [ "$DETECTED_LICENSE_TYPE" != "\"${EXPECTED_LICENSE_TYPE}\"" ]; then | |
echo "::error file=${DETECTED_LICENSE_FILE}::detected license type $DETECTED_LICENSE_TYPE doesn't match expected \"${EXPECTED_LICENSE_TYPE}\"" | |
EXIT_STATUS=1 | |
fi | |
exit $EXIT_STATUS |