gewuyou/GFramework
1
0
Fork 0
mirror of https://github.com/GeWuYou/GFramework.git synced 2026-03-23 03:04:29 +08:00
Code Issues Packages Projects Releases Wiki Activity
GFramework/.github/workflows/license-compliance.yml
Workflow config file is invalid. Please check your config file: yaml: line 8: mapping values are not allowed in this context
GeWuYou 3571ba8ced chore(workflow): 更新工作流配置以优化许可证合规检查 
- 修改 auto-tag 工作流触发器从 "CI - Build & Test" 到 "License Compliance (Feluda)"
- 移除 license-compliance 工作流中的依赖和权限设置
- 将 license-compliance 工作流的触发方式改为 workflow_run
- 调整 ci 工作流中的内容权限从 write 改为 read
- 在 license-compliance 工作流中添加分支和提交消息条件检查
2026-02-02 22:35:15 +08:00

72 lines
2.3 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: License Compliance (Feluda)
on:
workflow_run:
workflows: ["CI - Build & Test"]
types:
- completed
default: true
permissions:
contents: write
jobs:
compliance:
runs-on: ubuntu-latest
if: >
github.event.workflow_run.conclusion == 'success' &&
github.event.workflow_run.head_branch == 'main'&&
contains(github.event.workflow_run.head_commit.message, '[release ci]')
steps:
- name: Checkout repository
uses: actions/checkout@v4
# 使用Feluda许可证扫描器检查项目依赖的许可证合规性
# 配置参数:
# - project-license: 设置项目许可证为Apache-2.0
# - fail-on-restrictive: 发现限制性许可证时失败
# - fail-on-incompatible: 发现不兼容许可证时失败
# - update-badge: 自动更新许可证徽章
- name: Feluda License Scanner
uses: anistark/feluda@v1.11.1
with:
project-license: 'Apache-2.0'
fail-on-restrictive: false
fail-on-incompatible: false
update-badge: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
- name: Feluda License Scanner Incompatible Licenses
run: |
feluda --incompatible --config .feluda.yaml
# 生成合规性文件NOTICE / THIRD_PARTY_LICENSES
- name: Generate compliance files
run: |
echo "1" | feluda generate
echo "2" | feluda generate
# 生成 SBOMSPDX + CycloneDX
- name: Generate SBOM
run: |
feluda sbom spdx --output sbom.spdx.json
feluda sbom cyclonedx --output sbom.cyclonedx.json
# 校验 SBOM
- name: Validate SBOM files
run: |
feluda sbom validate sbom.spdx.json --output sbom-spdx-validation.txt
feluda sbom validate sbom.cyclonedx.json --output sbom-cyclonedx-validation.txt
# 上传合规产物
- name: Upload compliance artifacts
if: inputs.upload-artifacts
uses: actions/upload-artifact@v4
with:
name: license-compliance
path: |
NOTICE
THIRD_PARTY_LICENSES.md
sbom.spdx.json
sbom.cyclonedx.json
sbom-spdx-validation.txt
sbom-cyclonedx-validation.txt
Reference in New Issue View Git Blame Copy Permalink