From b039e3bd6fd186a27aade2764170c55af90b9ba8 Mon Sep 17 00:00:00 2001 From: GeWuYou <95328647+GeWuYou@users.noreply.github.com> Date: Sat, 7 Feb 2026 21:59:04 +0800 Subject: [PATCH] =?UTF-8?q?feat(workflow):=20=E6=B7=BB=E5=8A=A0=E8=AE=B8?= =?UTF-8?q?=E5=8F=AF=E8=AF=81=E5=90=88=E8=A7=84=E6=96=87=E4=BB=B6=E6=89=93?= =?UTF-8?q?=E5=8C=85=E5=8A=9F=E8=83=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 在 license-compliance 工作流中增加 ZIP 压缩包创建步骤 - 将 NOTICE、第三方许可证列表和 SBOM 验证文件打包为 license-compliance.zip - 更新 GitHub Release 上传配置以包含新的合规打包文件 - 添加详细的注释说明打包内容和用途 - 优化工作流步骤顺序和可读性 --- .github/workflows/license-compliance.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/.github/workflows/license-compliance.yml b/.github/workflows/license-compliance.yml index 0af4f6b..febe4da 100644 --- a/.github/workflows/license-compliance.yml +++ b/.github/workflows/license-compliance.yml @@ -70,6 +70,27 @@ jobs: sbom-spdx-validation.txt sbom-cyclonedx-validation.txt + # 将合规文件打包为 ZIP 压缩包 + # 此步骤通过 zip 命令将多个合规文件压缩为一个 ZIP 文件,便于分发或存档 + # 压缩包中包含以下文件: + # - NOTICE: 项目声明文件 + # - THIRD_PARTY_LICENSES.md: 第三方许可证列表 + # - sbom.spdx.json: SPDX 格式的软件物料清单 + # - sbom.cyclonedx.json: CycloneDX 格式的软件物料清单 + # - sbom-spdx-validation.txt: SPDX 格式验证结果 + # - sbom-cyclonedx-validation.txt: CycloneDX 格式验证结果 + - name: Package compliance bundle + run: | + zip license-compliance.zip \ + NOTICE \ + THIRD_PARTY_LICENSES.md \ + sbom.spdx.json \ + sbom.cyclonedx.json \ + sbom-spdx-validation.txt \ + sbom-cyclonedx-validation.txt + + + # 将合规产物上传至 GitHub Release # 此步骤将指定的合规文件附加到当前标签对应的 GitHub Release 中 # 参数说明: @@ -91,5 +112,6 @@ jobs: sbom.cyclonedx.json sbom-spdx-validation.txt sbom-cyclonedx-validation.txt + license-compliance.zip env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}