gewuyou/GFramework
1
0
Fork 0
mirror of https://github.com/GeWuYou/GFramework.git synced 2026-03-25 21:34:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(workflow): 添加许可证合规文件打包功能

Browse Source 
- 在 license-compliance 工作流中增加 ZIP 压缩包创建步骤
- 将 NOTICE、第三方许可证列表和 SBOM 验证文件打包为 license-compliance.zip
- 更新 GitHub Release 上传配置以包含新的合规打包文件
- 添加详细的注释说明打包内容和用途
- 优化工作流步骤顺序和可读性
This commit is contained in:
GeWuYou 2026-02-07 21:59:04 +08:00
parent 43eacc1e4a
commit b039e3bd6f
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
.github/workflows/license-compliance.yml vendored
View File

@ -70,6 +70,27 @@ jobs:
sbom-spdx-validation.txt sbom-spdx-validation.txt
sbom-cyclonedx-validation.txt sbom-cyclonedx-validation.txt
# 将合规文件打包为 ZIP 压缩包
# 此步骤通过 zip 命令将多个合规文件压缩为一个 ZIP 文件,便于分发或存档
# 压缩包中包含以下文件:
# - NOTICE: 项目声明文件
# - THIRD_PARTY_LICENSES.md: 第三方许可证列表
# - sbom.spdx.json: SPDX 格式的软件物料清单
# - sbom.cyclonedx.json: CycloneDX 格式的软件物料清单
# - sbom-spdx-validation.txt: SPDX 格式验证结果
# - sbom-cyclonedx-validation.txt: CycloneDX 格式验证结果
- name: Package compliance bundle
run: |
zip license-compliance.zip \
NOTICE \
THIRD_PARTY_LICENSES.md \
sbom.spdx.json \
sbom.cyclonedx.json \
sbom-spdx-validation.txt \
sbom-cyclonedx-validation.txt
# 将合规产物上传至 GitHub Release # 将合规产物上传至 GitHub Release
# 此步骤将指定的合规文件附加到当前标签对应的 GitHub Release 中 # 此步骤将指定的合规文件附加到当前标签对应的 GitHub Release 中
# 参数说明: # 参数说明:
@ -91,5 +112,6 @@ jobs:
sbom.cyclonedx.json sbom.cyclonedx.json
sbom-spdx-validation.txt sbom-spdx-validation.txt
sbom-cyclonedx-validation.txt sbom-cyclonedx-validation.txt
license-compliance.zip
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}