diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d20c18d..bec526e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -49,7 +49,7 @@ jobs: base: ${{ github.event.before }} # 当前提交哈希,作为扫描的目标版本 head: ${{ github.sha }} - + # 安装和配置.NET SDK版本 - name: Setup .NET 8 uses: actions/setup-dotnet@v5 @@ -79,6 +79,52 @@ jobs: # 恢复.NET本地工具 - name: Restore .NET tools run: dotnet tool restore + + # 使用Feluda许可证扫描器检查项目依赖的许可证合规性 + # 配置参数: + # - project-license: 设置项目许可证为Apache-2.0 + # - fail-on-restrictive: 发现限制性许可证时失败 + # - fail-on-incompatible: 发现不兼容许可证时失败 + # - update-badge: 自动更新许可证徽章 + - name: Feluda License Scanner + uses: anistark/feluda@v1.11.1 + with: + project-license: 'Apache-2.0' + fail-on-restrictive: true + fail-on-incompatible: true + update-badge: true + + # 生成合规性文件,执行两次feluda generate命令 + - name: Generate compliance files + run: | + echo "1" | feluda generate + echo "2" | feluda generate + + # 生成软件物料清单(SBOM)文件,输出SPDX和CycloneDX两种格式 + - name: Generate SBOM + run: | + feluda sbom spdx --output sbom.spdx.json + feluda sbom cyclonedx --output sbom.cyclonedx.json + + # 验证生成的SBOM文件的有效性,并输出验证结果到文本文件 + - name: Validate SBOM files + run: | + feluda sbom validate sbom.spdx.json --output sbom-spdx-validation.txt + feluda sbom validate sbom.cyclonedx.json --output sbom-cyclonedx-validation.txt + + # 上传许可证合规相关的工件文件,包括通知文件、第三方许可证、SBOM文件及验证结果 + - name: Upload compliance artifacts + uses: actions/upload-artifact@v4 + with: + name: license-compliance + path: | + NOTICE + THIRD_PARTY_LICENSES.md + sbom.spdx.json + sbom.cyclonedx.json + sbom-spdx-validation.txt + sbom-cyclonedx-validation.txt + # 构建项目,使用Release配置且跳过恢复步骤 - name: Build run: dotnet build -c Release --no-restore diff --git a/README.md b/README.md index e49fc74..d02f435 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,8 @@ [![License](https://img.shields.io/badge/License-Apache%202.0-blue)](LICENSE) [![zread](https://img.shields.io/badge/Ask_Zread-_.svg?style=flat&color=00b0aa&labelColor=000000&logo=data%3Aimage%2Fsvg%2Bxml%3Bbase64%2CPHN2ZyB3aWR0aD0iMTYiIGhlaWdodD0iMTYiIHZpZXdCb3g9IjAgMCAxNiAxNiIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPHBhdGggZD0iTTQuOTYxNTYgMS42MDAxSDIuMjQxNTZDMS44ODgxIDEuNjAwMSAxLjYwMTU2IDEuODg2NjQgMS42MDE1NiAyLjI0MDFWNC45NjAxQzEuNjAxNTYgNS4zMTM1NiAxLjg4ODEgNS42MDAxIDIuMjQxNTYgNS42MDAxSDQuOTYxNTZDNS4zMTUwMiA1LjYwMDEgNS42MDE1NiA1LjMxMzU2IDUuNjAxNTYgNC45NjAxVjIuMjQwMUM1LjYwMTU2IDEuODg2NjQgNS4zMTUwMiAxLjYwMDEgNC45NjE1NiAxLjYwMDFaIiBmaWxsPSIjZmZmIi8%2BCjxwYXRoIGQ9Ik00Ljk2MTU2IDEwLjM5OTlIMi4yNDE1NkMxLjg4ODEgMTAuMzk5OSAxLjYwMTU2IDEwLjY4NjQgMS42MDE1NiAxMS4wMzk5VjEzLjc1OTlDMS42MDE1NiAxNC4xMTM0IDEuODg4MSAxNC4zOTk5IDIuMjQxNTYgMTQuMzk5OUg0Ljk2MTU2QzUuMzE1MDIgMTQuMzk5OSA1LjYwMTU2IDE0LjExMzQgNS42MDE1NiAxMy43NTk5VjExLjAzOTlDNS42MDE1NiAxMC42ODY0IDUuMzE1MDIgMTAuMzk5OSA0Ljk2MTU2IDEwLjM5OTlaIiBmaWxsPSIjZmZmIi8%2BCjxwYXRoIGQ9Ik0xMy43NTg0IDEuNjAwMUgxMS4wMzg0QzEwLjY4NSAxLjYwMDEgMTAuMzk4NCAxLjg4NjY0IDEwLjM5ODQgMi4yNDAxVjQuOTYwMUMxMC4zOTg0IDUuMzEzNTYgMTAuNjg1IDUuNjAwMSAxMS4wMzg0IDUuNjAwMUgxMy43NTg0QzE0LjExMTkgNS42MDAxIDE0LjM5ODQgNS4zMTM1NiAxNC4zOTg0IDQuOTYwMVYyLjI0MDFDMTQuMzk4NCAxLjg4NjY0IDE0LjExMTkgMS42MDAxIDEzLjc1ODQgMS42MDAxWiIgZmlsbD0iI2ZmZiIvPgo8cGF0aCBkPSJNNCAxMkwxMiA0TDQgMTJaIiBmaWxsPSIjZmZmIi8%2BCjxwYXRoIGQ9Ik00IDEyTDEyIDQiIHN0cm9rZT0iI2ZmZiIgc3Ryb2tlLXdpZHRoPSIxLjUiIHN0cm9rZS1saW5lY2FwPSJyb3VuZCIvPgo8L3N2Zz4K&logoColor=ffffff)](https://zread.ai/GeWuYou/GFramework) +[![Scanned with Feluda](https://img.shields.io/badge/Scanned%20with-Feluda-brightgreen)](https://github.com/anistark/feluda) + 本项目参考(CV)自[QFramework](https://github.com/liangxiegame/QFramework),并进行了模块化重构和功能增强。 ## 🚀 快速导航