gewuyou/GFramework
1
0
Fork 0
mirror of https://github.com/GeWuYou/GFramework.git synced 2026-03-22 10:34:30 +08:00
Code Issues Packages Projects Releases Wiki Activity
GFramework/.github/workflows/license-compliance.yml
GeWuYou 624f193a2c chore(workflow): 更新许可证合规工作流配置 
- 移除 completed 状态检查
- 删除默认值设置
- 调整权限配置结构
- [release doc]
2026-02-03 08:37:39 +08:00

71 lines
2.2 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: License Compliance (Feluda)
on:
workflow_run:
workflows: ["CI - Build & Test"]
types:
- completed
permissions:
contents: write
jobs:
compliance:
runs-on: ubuntu-latest
if: >
github.event.workflow_run.conclusion == 'success' &&
github.event.workflow_run.head_branch == 'main'&&
contains(github.event.workflow_run.head_commit.message, '[release ci]')
steps:
- name: Checkout repository
uses: actions/checkout@v4
# 使用Feluda许可证扫描器检查项目依赖的许可证合规性
# 配置参数:
# - project-license: 设置项目许可证为Apache-2.0
# - fail-on-restrictive: 发现限制性许可证时失败
# - fail-on-incompatible: 发现不兼容许可证时失败
# - update-badge: 自动更新许可证徽章
- name: Feluda License Scanner
uses: anistark/feluda@v1.11.1
with:
project-license: 'Apache-2.0'
fail-on-restrictive: false
fail-on-incompatible: false
update-badge: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
- name: Feluda License Scanner Incompatible Licenses
run: |
feluda --incompatible --config .feluda.yaml
# 生成合规性文件NOTICE / THIRD_PARTY_LICENSES
- name: Generate compliance files
run: |
echo "1" | feluda generate
echo "2" | feluda generate
# 生成 SBOMSPDX + CycloneDX
- name: Generate SBOM
run: |
feluda sbom spdx --output sbom.spdx.json
feluda sbom cyclonedx --output sbom.cyclonedx.json
# 校验 SBOM
- name: Validate SBOM files
run: |
feluda sbom validate sbom.spdx.json --output sbom-spdx-validation.txt
feluda sbom validate sbom.cyclonedx.json --output sbom-cyclonedx-validation.txt
# 上传合规产物
- name: Upload compliance artifacts
if: inputs.upload-artifacts
uses: actions/upload-artifact@v4
with:
name: license-compliance
path: |
NOTICE
THIRD_PARTY_LICENSES.md
sbom.spdx.json
sbom.cyclonedx.json
sbom-spdx-validation.txt
sbom-cyclonedx-validation.txt
Reference in New Issue View Git Blame Copy Permalink