Skip to content

add license checker GH action #193

add license checker GH action

add license checker GH action #193

Workflow file for this run

# Copyright 2024 Eclipse Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
name: SignSBOM
on:
pull_request:
branches: [master]
paths:
- ".github/workflows/signsbom.yml"
- "cyclonedx-lib/**"
# Cancel existing runs if user makes another push.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
test_sbom_sign:
name: sign_sbom
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
# Build with jdk17 to ensure TemurinSignSBOM meets min compatibility
- uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
id: setup-java
with:
java-version: 17
distribution: 'temurin'
- name: Build TemurinSignSBOM.java
run: |
ant -noinput -buildfile cyclonedx-lib/build.xml clean
ant -noinput -buildfile cyclonedx-lib/build.xml build-sign-sbom
ant -noinput -buildfile cyclonedx-lib/build.xml build
- name: Run TemurinSignSBOM Unit test
run: |
ant -noinput -buildfile cyclonedx-lib/build.xml runSignAndVerifySBOM
- uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
name: Collect and Archive TemurinSignSBOM Artifacts
with:
name: testSBOM
path: cyclonedx-lib/build/testSBOM.json