diff --git a/.fossa.yml b/.fossa.yml deleted file mode 100644 index cb80534e571..00000000000 --- a/.fossa.yml +++ /dev/null @@ -1,5 +0,0 @@ -version: 3 - -paths: - exclude: - - ./misc/ diff --git a/.github/.fossa.yml b/.github/.fossa.yml new file mode 100644 index 00000000000..d639b393e98 --- /dev/null +++ b/.github/.fossa.yml @@ -0,0 +1,15 @@ +version: 3 + +# https://github.com/fossas/fossa-cli/blob/master/docs/references/files/fossa-yml.md + +project: + id: github.com/gnolang/gno + name: gno + +targets: + only: + - type: gomod + +paths: + exclude: + - ./misc/ diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml new file mode 100644 index 00000000000..17d8bb07930 --- /dev/null +++ b/.github/workflows/fossa.yml @@ -0,0 +1,50 @@ +name: Dependency License Scanning + +on: + workflow_dispatch: + pull_request: + paths: + - ".github/.fossa.yml" + - ".github/workflows/fossa.yml" + schedule: + - cron: '0 0 * * 6' # At 00:00 on saturdays + +permissions: + contents: read + +jobs: + fossa: + name: Fossa + runs-on: ubuntu-latest + if: github.repository == 'gnolang/gno' + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + # we don't know what commit the last tag was it's safer to get entire repo so previousStableVersion resolves + fetch-depth: 0 + + - name: Move .fossa.yml to root dir + run: mv .github/.fossa.yml . + + - name: Cache Coursier cache + uses: coursier/cache-action@v6.4.0 + + - name: Set up JDK 17 + uses: coursier/setup-action@v1.3.0 + with: + jvm: temurin:1.17 + + - name: Set up fossa CLI + run: curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash + + - name: FOSSA analyze + run: fossa analyze + env: + FOSSA_API_KEY: "${{secrets.FOSSA_API_KEY}}" + + - name: FOSSA test + run: fossa test + env: + FOSSA_API_KEY: "${{secrets.FOSSA_API_KEY}}" +