From f188bfb66e1ba2231eb1bfc0ba41c8416c878b08 Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 09:33:40 -0700 Subject: [PATCH 01/24] Try out `dependency-review-action`. --- .github/workflows/main.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c86afd452..e6c238bce 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -30,6 +30,17 @@ jobs: - name: Clone repo. uses: actions/checkout@v4 + - name: Dependency Review + uses: actions/dependency-review-action@v4 + with: + warn-only: true + fail-on-scopes: + - runtime + - development + - unknown + allow-licenses: + - Apache-2.0 + - name: Run the linter. run: ./scripts/ubik dev lint From b63a394cf04f0912b4bfc680f27b5bf4e0746593 Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 09:35:27 -0700 Subject: [PATCH 02/24] Is this better? --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e6c238bce..67b881289 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -39,7 +39,7 @@ jobs: - development - unknown allow-licenses: - - Apache-2.0 + - 'Apache-2.0' - name: Run the linter. run: ./scripts/ubik dev lint From 2e81991559711206744064b4a7bdfa3c66c8faa8 Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 09:39:29 -0700 Subject: [PATCH 03/24] Is this better? --- .github/workflows/main.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 67b881289..093ae25b5 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -34,10 +34,7 @@ jobs: uses: actions/dependency-review-action@v4 with: warn-only: true - fail-on-scopes: - - runtime - - development - - unknown + fail-on-scopes: runtime, development, unknown allow-licenses: - 'Apache-2.0' From 53733900cb928d6dc2351ec9cc27ea5b924c4275 Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 09:41:08 -0700 Subject: [PATCH 04/24] Is this better? --- .github/workflows/main.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 093ae25b5..0359fb60b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -35,8 +35,9 @@ jobs: with: warn-only: true fail-on-scopes: runtime, development, unknown - allow-licenses: - - 'Apache-2.0' + allow-licenses: | + Apache-2.0, + Unlicense - name: Run the linter. run: ./scripts/ubik dev lint From 73b2717d65ad9ee93a713b8c3688b0425f168884 Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 09:43:01 -0700 Subject: [PATCH 05/24] Is this better? --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 0359fb60b..d5fa78407 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -34,6 +34,7 @@ jobs: uses: actions/dependency-review-action@v4 with: warn-only: true + base-ref: main fail-on-scopes: runtime, development, unknown allow-licenses: | Apache-2.0, From 934475595408a764f682828afc94020d1e635539 Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 09:44:33 -0700 Subject: [PATCH 06/24] Is this better? --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d5fa78407..f42b0d3fc 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -35,6 +35,7 @@ jobs: with: warn-only: true base-ref: main + head-ref: HEAD fail-on-scopes: runtime, development, unknown allow-licenses: | Apache-2.0, From 7b6460c7c193898e4da4d047a1986e5c6276884e Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 09:48:46 -0700 Subject: [PATCH 07/24] Is this a full report? --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index f42b0d3fc..d575a4435 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -34,7 +34,7 @@ jobs: uses: actions/dependency-review-action@v4 with: warn-only: true - base-ref: main + base-ref: 260014145f head-ref: HEAD fail-on-scopes: runtime, development, unknown allow-licenses: | From c9b539062f3b44c6d0d761c1c990bc44ca92937c Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 09:52:00 -0700 Subject: [PATCH 08/24] Add licenses. --- .github/workflows/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d575a4435..d91ef46a7 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -38,7 +38,13 @@ jobs: head-ref: HEAD fail-on-scopes: runtime, development, unknown allow-licenses: | + 0BSD, Apache-2.0, + BSD-2-Clause, + BSD-3-Clause, + CC-BY-4.0, + ISC, + MIT, Unlicense - name: Run the linter. From 0a84ece8b1a47a629611f6e77a9a2029175b72d7 Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 09:59:02 -0700 Subject: [PATCH 09/24] Add licenses. --- .github/workflows/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d91ef46a7..5af5419bd 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -42,9 +42,12 @@ jobs: Apache-2.0, BSD-2-Clause, BSD-3-Clause, + CC0-1.0, + CC-BY-3.0, CC-BY-4.0, ISC, MIT, + Python-2.0, Unlicense - name: Run the linter. From 686b2c2dc7ae92e9dd6e8361a3984f7d89b77fed Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 10:00:33 -0700 Subject: [PATCH 10/24] Tweak. --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 5af5419bd..29a5de6c8 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,6 +37,7 @@ jobs: base-ref: 260014145f head-ref: HEAD fail-on-scopes: runtime, development, unknown + warn-on-openssf-scorecard-level: 2 allow-licenses: | 0BSD, Apache-2.0, From 2d7508414d0f9880f623566a9c95367d8976b1ca Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 10:01:24 -0700 Subject: [PATCH 11/24] Tweak. --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 29a5de6c8..d8a228e3b 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -36,7 +36,7 @@ jobs: warn-only: true base-ref: 260014145f head-ref: HEAD - fail-on-scopes: runtime, development, unknown + fail-on-scopes: runtime, unknown warn-on-openssf-scorecard-level: 2 allow-licenses: | 0BSD, From 0a5496752db38c7e1ce71b9320e4983090888555 Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 10:01:37 -0700 Subject: [PATCH 12/24] Tweak. --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d8a228e3b..95fd958e2 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,7 +37,7 @@ jobs: base-ref: 260014145f head-ref: HEAD fail-on-scopes: runtime, unknown - warn-on-openssf-scorecard-level: 2 + warn-on-openssf-scorecard-level: 2.75 allow-licenses: | 0BSD, Apache-2.0, From a536c653c06af5c8142e80fa5bd8a7cb65dfada5 Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 10:04:42 -0700 Subject: [PATCH 13/24] Add licenses. --- .github/workflows/main.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 95fd958e2..dd8e4f8ea 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -43,10 +43,12 @@ jobs: Apache-2.0, BSD-2-Clause, BSD-3-Clause, + BSD-3-Clause AND BSD-3-Clause-Clear, CC0-1.0, CC-BY-3.0, CC-BY-4.0, ISC, + ISC AND MIT, MIT, Python-2.0, Unlicense From 38293412d2913fa7fb00e5267cad991731a302cc Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 10:04:53 -0700 Subject: [PATCH 14/24] Tweak. --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index dd8e4f8ea..df0e146c5 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,7 +37,7 @@ jobs: base-ref: 260014145f head-ref: HEAD fail-on-scopes: runtime, unknown - warn-on-openssf-scorecard-level: 2.75 + warn-on-openssf-scorecard-level: 2 allow-licenses: | 0BSD, Apache-2.0, From 8df86eee4dbb5ce39bd419796bab38b78426ca19 Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 10:06:01 -0700 Subject: [PATCH 15/24] Tweak. --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index df0e146c5..44ac7a880 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -37,6 +37,7 @@ jobs: base-ref: 260014145f head-ref: HEAD fail-on-scopes: runtime, unknown + show-openssf-scorecard: false warn-on-openssf-scorecard-level: 2 allow-licenses: | 0BSD, From e947bb29c1ab203921ae08f82e604cf1501e28a8 Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 10:09:48 -0700 Subject: [PATCH 16/24] Tweak. --- .github/workflows/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 44ac7a880..94783880d 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -44,12 +44,12 @@ jobs: Apache-2.0, BSD-2-Clause, BSD-3-Clause, - BSD-3-Clause AND BSD-3-Clause-Clear, + 'BSD-3-Clause AND BSD-3-Clause-Clear', CC0-1.0, CC-BY-3.0, CC-BY-4.0, ISC, - ISC AND MIT, + 'ISC AND MIT', MIT, Python-2.0, Unlicense From 64f030e5549bd9fbbd64e5d0058b4a0eeea07846 Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 10:11:45 -0700 Subject: [PATCH 17/24] Tweak. --- .github/workflows/main.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 94783880d..0c5d32835 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -44,12 +44,10 @@ jobs: Apache-2.0, BSD-2-Clause, BSD-3-Clause, - 'BSD-3-Clause AND BSD-3-Clause-Clear', CC0-1.0, CC-BY-3.0, CC-BY-4.0, ISC, - 'ISC AND MIT', MIT, Python-2.0, Unlicense From d4a61ea2aba2c882d64e3ebf39c1d78109b54cba Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 10:16:58 -0700 Subject: [PATCH 18/24] Tweak. --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 0c5d32835..aa6c1fae2 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -44,6 +44,7 @@ jobs: Apache-2.0, BSD-2-Clause, BSD-3-Clause, + BSD-3-Clause-Clear, CC0-1.0, CC-BY-3.0, CC-BY-4.0, From 002b7fcdca43b2e1ccb2f40c8b426453c5a75de6 Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 10:18:17 -0700 Subject: [PATCH 19/24] Split out a job. --- .github/workflows/main.yml | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index aa6c1fae2..a96ad2898 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -17,20 +17,14 @@ on: # Workflow. Jobs run in parallel by default, but that is moot here: there's only # one job. jobs: - # Build the project! - build: + # Check dependencies. + check-dependencies: runs-on: ubuntu-latest steps: - - name: Get Node. - uses: actions/setup-node@v4 - with: - node-version: '20.x' - - # Note: Checks out into `$GITHUB_WORKSPACE`, which is also the `$CWD`. - name: Clone repo. uses: actions/checkout@v4 - - name: Dependency Review + - name: Check dependencies. uses: actions/dependency-review-action@v4 with: warn-only: true @@ -53,6 +47,19 @@ jobs: Python-2.0, Unlicense + # Build the project. + build: + runs-on: ubuntu-latest + steps: + - name: Get Node. + uses: actions/setup-node@v4 + with: + node-version: '20.x' + + # Note: Checks out into `$GITHUB_WORKSPACE`, which is also the `$CWD`. + - name: Clone repo. + uses: actions/checkout@v4 + - name: Run the linter. run: ./scripts/ubik dev lint From 99177b87bab36adddcb9bdb0d870a432c9a18398 Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 10:22:48 -0700 Subject: [PATCH 20/24] Debug. --- .github/workflows/main.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a96ad2898..c7502dc29 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -21,6 +21,10 @@ jobs: check-dependencies: runs-on: ubuntu-latest steps: + - name: zzz_debug + run: | + echo "#### EVENT ${{ github.event_name }}" + - name: Clone repo. uses: actions/checkout@v4 From 66e913f460e728d05daede93c10f9031ba227477 Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 10:31:47 -0700 Subject: [PATCH 21/24] Not yet. --- .github/workflows/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index c7502dc29..7753f625c 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,6 +19,7 @@ on: jobs: # Check dependencies. check-dependencies: + # if: ${{ github.event_name == "pull_request" }} runs-on: ubuntu-latest steps: - name: zzz_debug From 933b231660ff09fe1b0a9f4ee4de01c34aec7291 Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 10:47:28 -0700 Subject: [PATCH 22/24] Only run on pull requests. ...unless edited in a branch. --- .github/workflows/main.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 7753f625c..b3ec15e54 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,13 +19,9 @@ on: jobs: # Check dependencies. check-dependencies: - # if: ${{ github.event_name == "pull_request" }} + if: ${{ github.event_name == "pull_request" }} runs-on: ubuntu-latest steps: - - name: zzz_debug - run: | - echo "#### EVENT ${{ github.event_name }}" - - name: Clone repo. uses: actions/checkout@v4 @@ -33,8 +29,9 @@ jobs: uses: actions/dependency-review-action@v4 with: warn-only: true - base-ref: 260014145f - head-ref: HEAD + # Use these if you want to run a "from-scratch" check. + # base-ref: 260014145f + # head-ref: HEAD fail-on-scopes: runtime, unknown show-openssf-scorecard: false warn-on-openssf-scorecard-level: 2 From af25bb145aaab244c83fa77f5fe833ac337c17e4 Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 10:52:26 -0700 Subject: [PATCH 23/24] No need for braces. --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index b3ec15e54..4d412bf78 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,7 +19,7 @@ on: jobs: # Check dependencies. check-dependencies: - if: ${{ github.event_name == "pull_request" }} + if: github.event_name == "pull_request" runs-on: ubuntu-latest steps: - name: Clone repo. From f169c959ce05bf1d0640db29555c6d8a45dbb914 Mon Sep 17 00:00:00 2001 From: Dan Bornstein Date: Wed, 11 Sep 2024 10:53:06 -0700 Subject: [PATCH 24/24] Only single quotes are allowed here. --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 4d412bf78..a939a2d98 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -19,7 +19,7 @@ on: jobs: # Check dependencies. check-dependencies: - if: github.event_name == "pull_request" + if: github.event_name == 'pull_request' runs-on: ubuntu-latest steps: - name: Clone repo.