gewuyou/GFramework
1
0
Fork 0
mirror of https://github.com/GeWuYou/GFramework.git synced 2026-03-24 12:33:30 +08:00
Code Issues Packages Projects Releases Wiki Activity
GFramework/.github/workflows/license-compliance.yml
GeWuYou 222c481ffa chore(workflow): 更新工作流配置 
- 修改 auto-tag.yml 中的触发工作流名称从 "License Compliance (Feluda)" 到 "CI - Build & Test"
- 移除 license-compliance.yml 中的上传合规产物步骤
- 在 publish-docs.yml 中启用 workflow_dispatch 触发方式
2026-02-03 21:39:30 +08:00

70 lines
2.2 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: License Compliance (Feluda)
on:
workflow_run:
workflows: ["CI - Build & Test"]
types:
- completed
permissions:
contents: write
jobs:
compliance:
runs-on: ubuntu-latest
if: >
github.event.workflow_run.conclusion == 'success' &&
github.event.workflow_run.head_branch == 'main'&&
contains(github.event.workflow_run.head_commit.message, '[release ci]')
steps:
- name: Checkout repository
uses: actions/checkout@v4
# 使用Feluda许可证扫描器检查项目依赖的许可证合规性
# 配置参数:
# - project-license: 设置项目许可证为Apache-2.0
# - fail-on-restrictive: 发现限制性许可证时失败
# - fail-on-incompatible: 发现不兼容许可证时失败
# - update-badge: 自动更新许可证徽章
- name: Feluda License Scanner
uses: anistark/feluda@v1.11.1
with:
project-license: 'Apache-2.0'
fail-on-restrictive: false
fail-on-incompatible: false
update-badge: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
- name: Feluda License Scanner Incompatible Licenses
run: |
feluda --incompatible
# 生成合规性文件NOTICE / THIRD_PARTY_LICENSES
- name: Generate compliance files
run: |
echo "1" | feluda generate
echo "2" | feluda generate
# 生成 SBOMSPDX + CycloneDX
- name: Generate SBOM
run: |
feluda sbom spdx --output sbom.spdx.json
feluda sbom cyclonedx --output sbom.cyclonedx.json
# 校验 SBOM
- name: Validate SBOM files
run: |
feluda sbom validate sbom.spdx.json --output sbom-spdx-validation.txt
feluda sbom validate sbom.cyclonedx.json --output sbom-cyclonedx-validation.txt
# 上传合规产物
- name: Upload compliance artifacts
uses: actions/upload-artifact@v4
with:
name: license-compliance
path: |
NOTICE
THIRD_PARTY_LICENSES.md
sbom.spdx.json
sbom.cyclonedx.json
sbom-spdx-validation.txt
sbom-cyclonedx-validation.txt
Reference in New Issue View Git Blame Copy Permalink