Update all non-breaking dependencies #402
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: License Scanning for Maven | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- 'pom.xml' | |
- '.github/workflows/license-scanning.yml' | |
pull_request: | |
paths: | |
- 'pom.xml' | |
- '.github/workflows/license-scanning.yml' | |
# Cancel previous jobs | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
env: | |
ALLOW_LICENSES: " | |
licenses/license/name!='Apache License, Version 2.0' and | |
not(contains(licenses/license/url, '://www.apache.org/licenses/LICENSE-2.0.txt')) and | |
licenses/license/name!='BSD License' and | |
not(contains(licenses/license/url, 'antlr.org/license.html')) and | |
licenses/license/name!='New BSD License' and | |
not(contains(licenses/license/url, '://www.opensource.org/licenses/bsd-license.php')) and | |
licenses/license/name!='BSD-3-Clause' and | |
not(contains(licenses/license/url, '://asm.ow2.io/license.html')) and | |
licenses/license/name!='Eclipse Public License - v 1.0' and | |
not(contains(licenses/license/url, '://www.eclipse.org/legal/epl-v10.html')) and | |
licenses/license/name!='Eclipse Public License - v 2.0' and | |
not(contains(licenses/license/url, '://www.eclipse.org/legal/epl-v20.html')) and | |
not(contains(licenses/license/url, '://www.eclipse.org/legal/epl-2.0')) and | |
licenses/license/name!='GNU Lesser General Public License' and | |
not(contains(licenses/license/url, '://www.gnu.org/licenses/old-licenses/lgpl-2.1.html')) and | |
licenses/license/name!='GNU General Public License (GPL), version 2, with the Classpath exception' and | |
not(contains(licenses/license/url, '://openjdk.java.net/legal/gplv2+ce.html')) and | |
licenses/license/name!='The MIT License' and | |
not(contains(licenses/license/url, '://opensource.org/licenses/MIT')) and | |
not(contains(licenses/license/url, '://www.opensource.org/licenses/mit-license.php')) and | |
licenses/license/name!='CDDL + GPLv2 with classpath exception' and | |
not(contains(licenses/license/url, '://github.com/javaee/javax.annotation/blob/master/LICENSE')) and | |
licenses/license/name!='Public Domain' | |
" | |
REPORT_PATH: "target/generated-resources" | |
jobs: | |
scan: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install XQ | |
run: pip install xq | |
- uses: ./.github/actions/maven-build | |
with: | |
build-command: install | |
run-tests: false | |
- name: License XML report | |
run: mvn org.codehaus.mojo:license-maven-plugin:2.4.0:aggregate-download-licenses | |
- name: Validate XML report | |
run: | | |
LICENSE_REPORT=`xq "//dependency[${{ env.ALLOW_LICENSES }}]" ./${{ env.REPORT_PATH }}/licenses.xml` | |
LINES_FOUND=`echo "$LICENSE_REPORT" | wc -l` | |
if [ $LINES_FOUND -gt 1 ]; then echo "License issues found ..." ; echo "$LICENSE_REPORT" ; exit -1; fi | |
- name: Upload license reports | |
uses: actions/upload-artifact@v4 | |
with: | |
name: license-reports | |
path: '**/${{ env.REPORT_PATH }}/' | |
- name: Upload license XML reports | |
uses: actions/upload-artifact@v4 | |
with: | |
name: license-xml-reports | |
path: '**/${{ env.REPORT_PATH }}/licenses.xml' |