1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
# Source: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-go-dependencies-task.md
name: Check Go Dependencies
env:
# See: https://github.com/actions/setup-go/tree/v3#readme
GO_VERSION: "1.16"
# See: https://docs.github.com/actions/using-workflows/events-that-trigger-workflows
on:
create:
push:
paths:
- ".github/workflows/check-go-dependencies-task.ya?ml"
- ".licenses/**"
- ".licensed.json"
- ".licensed.ya?ml"
- "Taskfile.ya?ml"
- "**/.gitmodules"
- "**/go.mod"
- "**/go.sum"
pull_request:
paths:
- ".github/workflows/check-go-dependencies-task.ya?ml"
- ".licenses/**"
- ".licensed.json"
- ".licensed.ya?ml"
- "Taskfile.ya?ml"
- "**/.gitmodules"
- "**/go.mod"
- "**/go.sum"
schedule:
# Run periodically to catch breakage caused by external changes.
- cron: "0 8 * * WED"
workflow_dispatch:
repository_dispatch:
jobs:
run-determination:
runs-on: ubuntu-latest
outputs:
result: ${{ steps.determination.outputs.result }}
steps:
- name: Determine if the rest of the workflow should run
id: determination
run: |
RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x"
# The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead.
if [[
"${{ github.event_name }}" != "create" ||
"${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX
]]; then
# Run the other jobs.
RESULT="true"
else
# There is no need to run the other jobs.
RESULT="false"
fi
echo "::set-output name=result::$RESULT"
check-cache:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
submodules: recursive
- name: Install licensed
uses: jonabc/setup-licensed@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
version: 3.x
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- name: Install Task
uses: arduino/setup-task@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: 3.x
- name: Update dependencies license metadata cache
run: task --silent general:cache-dep-licenses
- name: Check for outdated cache
id: diff
run: |
git add .
if ! git diff --cached --color --exit-code; then
echo
echo "::error::Dependency license metadata out of sync. See: https://github.com/arduino/tooling-project-assets/blob/main/workflow-templates/check-go-dependencies-task.md#metadata-cache"
exit 1
fi
# Some might find it convenient to have CI generate the cache rather than setting up for it locally
- name: Upload cache to workflow artifact
if: failure() && steps.diff.outcome == 'failure'
uses: actions/upload-artifact@v3
with:
if-no-files-found: error
name: dep-licenses-cache
path: .licenses/
check-deps:
needs: run-determination
if: needs.run-determination.outputs.result == 'true'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
submodules: recursive
- name: Install licensed
uses: jonabc/setup-licensed@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
version: 3.x
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ env.GO_VERSION }}
- name: Install Task
uses: arduino/setup-task@v1
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
version: 3.x
- name: Check for dependencies with unapproved licenses
run: task --silent general:check-dep-licenses
|
