[Don't merge] Check license finder job by PR from forked repo #126
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: License Compliance | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
pull_request_target: | |
types: [labeled] | |
## hogehoge | |
jobs: | |
license_finder: | |
runs-on: ubuntu-latest | |
if: | | |
github.event.pull_request.head.repo.fork == false | |
|| contains(github.event.pull_request.labels.*.name, 'safe to test') | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
timeout-minutes: 10 | |
env: | |
LICENSE_REPORT: docs/packages-license.md | |
steps: | |
- uses: actions/create-github-app-token@v1 | |
id: app-token | |
with: | |
app-id: ${{ vars.CI_TRIGGER_APP_ID }} | |
private-key: ${{ secrets.CI_TRIGGER_APP_PRIVATE_KEY }} | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.ref }} | |
token: ${{ steps.app-token.outputs.token }} | |
# To make the success of this job a prerequisite for merging into the main branch, | |
# set a filter here instead of on: to determine whether or not to proceed to the next step. | |
- name: Cache dependency files | |
uses: actions/cache@v4 | |
id: cache | |
with: | |
path: | | |
.github/workflows/license.yml | |
bun.lockb | |
config/dependency_decisions.yml | |
config/license_finder.yml | |
package.json | |
key: license-${{ runner.os }}-${{ hashFiles('.github/workflows/license.yml', 'bun.lockb', 'config/dependency_decisions.yml', 'config/license_finder.yml', 'package.json') }} | |
- name: Determine if files changed | |
id: determine | |
run: | | |
if [ "${{ steps.cache.outputs.cache-hit }}" = 'true' ]; then | |
echo "files_changed=false" >> "$GITHUB_OUTPUT" | |
else | |
echo "files_changed=true" >> "$GITHUB_OUTPUT" | |
fi | |
- uses: oven-sh/setup-bun@v2 | |
if: steps.determine.outputs.files_changed == 'true' | |
with: | |
bun-version-file: "package.json" | |
- run: bun install | |
if: steps.determine.outputs.files_changed == 'true' | |
- uses: ruby/setup-ruby@v1 | |
if: steps.determine.outputs.files_changed == 'true' | |
with: | |
ruby-version: '3.3' | |
- name: Install License Finder | |
if: steps.determine.outputs.files_changed == 'true' | |
run: gem install -N license_finder | |
- name: Run License Finder | |
if: steps.determine.outputs.files_changed == 'true' | |
run: license_finder | |
# Commit the License Finder report as docs/packages-license.md | |
- name: Generate license report | |
if: | | |
steps.determine.outputs.files_changed == 'true' | |
&& github.ref_name != github.event.repository.default_branch | |
run: license_finder report --format=markdown | tail -n +2 > "$LICENSE_REPORT" | |
- name: Commit license report and push | |
if: | | |
steps.determine.outputs.files_changed == 'true' | |
&& github.ref_name != github.event.repository.default_branch | |
run: | | |
git config user.name 'github-actions[bot]' | |
git config user.email 'github-actions[bot]@users.noreply.github.com' | |
git add "$LICENSE_REPORT" | |
git commit -m "Update $LICENSE_REPORT" | |
git push origin "$BRANCH_NAME" | |
env: | |
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} | |
BRANCH_NAME: ${{ github.event.pull_request.head.ref }} |