discourse/.github/workflows/licenses.yml
Jarek Radosz 89d43235c4
DEV: Set permissions for GitHub actions (#17733)
Included permissions for the action.

https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Co-authored-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
2022-07-30 17:22:03 +02:00

90 lines
2.3 KiB
YAML

name: Licenses
on:
pull_request:
push:
branches:
- main
concurrency:
group: licenses-${{ format('{0}-{1}', github.head_ref || github.run_number, github.job) }}
cancel-in-progress: true
permissions:
contents: read
jobs:
build:
name: run
runs-on: ubuntu-latest
container: discourse/discourse_test:slim
timeout-minutes: 10
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 1
- name: Setup Git
run: |
git config --global user.email "ci@ci.invalid"
git config --global user.name "Discourse CI"
- name: Bundler cache
uses: actions/cache@v3
with:
path: vendor/bundle
key: ${{ runner.os }}-gem-${{ hashFiles('**/Gemfile.lock') }}
restore-keys: |
${{ runner.os }}-gem-
- name: Setup gems
run: |
bundle config --local path vendor/bundle
bundle config --local deployment true
bundle config --local without development
bundle install --jobs 4
bundle clean
- name: Setup licensed
run: |
# gem install licensed
# Workaround for https://github.com/github/licensed/issues/521
gem install specific_install
gem specific_install https://github.com/CvX/licensed.git -b bundler-compat
- name: Get yarn cache directory
id: yarn-cache-dir
run: echo "::set-output name=dir::$(yarn cache dir)"
- name: Yarn cache
uses: actions/cache@v3
id: yarn-cache
with:
path: ${{ steps.yarn-cache-dir.outputs.dir }}
key: ${{ runner.os }}-yarn-${{ hashFiles('**/yarn.lock') }}
restore-keys: |
${{ runner.os }}-yarn-
- name: Check RubyGems Licenses
if: ${{ always() }}
run: |
licensed cache
licensed status
- name: Yarn install
run: yarn install
- name: Check Yarn Licenses
if: ${{ always() }}
run: |
yarn global add licensee
yarn global upgrade licensee
licensee --errors-only
- name: Check Ember CLI Workspace Licenses
if: ${{ always() }}
working-directory: ./app/assets/javascripts
run: |
licensee --errors-only