From 009ab4f9d043db62b6ebef41aa9ac929bb212610 Mon Sep 17 00:00:00 2001 From: Takashi Masuda Date: Tue, 29 Oct 2024 18:08:25 +0900 Subject: [PATCH 1/4] Revert "Allow license_finder run from forked repo if 'safe to test' label added" This reverts commit 480b091a419bcd6e488bae8302df3eac8e0440c9. --- .github/workflows/license.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index e45d2d83..09a53870 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -5,15 +5,10 @@ on: branches: - main pull_request: - pull_request_target: - types: [labeled] jobs: license_finder: runs-on: ubuntu-latest - if: | - github.event.pull_request.head.repo.fork == false - || contains(github.event.pull_request.labels.*.name, 'safe to test') concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true From 560f05b8c9327a6a86e2566324e08d9996ad0f37 Mon Sep 17 00:00:00 2001 From: Takashi Masuda Date: Tue, 29 Oct 2024 18:20:52 +0900 Subject: [PATCH 2/4] Don't update license report in PR from a forked repository --- .github/workflows/license.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 09a53870..74be10cd 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -16,7 +16,12 @@ jobs: env: LICENSE_REPORT: docs/packages-license.md steps: - - uses: actions/create-github-app-token@v1 + - name: Check if running in a fork + id: fork-check + run: echo "is_fork=${{ github.event.pull_request.head.repo.fork }}" >> "$GITHUB_OUTPUT" + - name: Create GitHub App Token for non-fork PRs + uses: actions/create-github-app-token@v1 + if: steps.fork-check.outputs.is_fork != 'true' id: app-token with: app-id: ${{ vars.CI_TRIGGER_APP_ID }} @@ -24,7 +29,7 @@ jobs: - uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.ref }} - token: ${{ steps.app-token.outputs.token }} + token: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }} # To make the success of this job a prerequisite for merging into the main branch, # set a filter here instead of on: to determine whether or not to proceed to the next step. - name: Cache dependency files @@ -66,12 +71,14 @@ jobs: # Commit the License Finder report as docs/packages-license.md - name: Generate license report if: | - steps.determine.outputs.files_changed == 'true' + steps.fork-check.outputs.is_fork != 'true' + && steps.determine.outputs.files_changed == 'true' && github.ref_name != github.event.repository.default_branch run: license_finder report --format=markdown | tail -n +2 > "$LICENSE_REPORT" - name: Commit license report and push if: | - steps.determine.outputs.files_changed == 'true' + steps.fork-check.outputs.is_fork != 'true' + && steps.determine.outputs.files_changed == 'true' && github.ref_name != github.event.repository.default_branch run: | git config user.name 'github-actions[bot]' From f132dcd5e74c03249a28b9012f6806bc4751ab71 Mon Sep 17 00:00:00 2001 From: Takashi Masuda Date: Tue, 29 Oct 2024 18:43:54 +0900 Subject: [PATCH 3/4] Fix invalid "ref" for forked PRs --- .github/workflows/license.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 74be10cd..1072585b 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -26,10 +26,15 @@ jobs: with: app-id: ${{ vars.CI_TRIGGER_APP_ID }} private-key: ${{ secrets.CI_TRIGGER_APP_PRIVATE_KEY }} - - uses: actions/checkout@v4 + - name: Checkout code for non-fork PRs + if: steps.fork-check.outputs.is_fork != 'true' + uses: actions/checkout@v4 with: ref: ${{ github.event.pull_request.head.ref }} - token: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }} + token: ${{ steps.app-token.outputs.token }} + - name: Checkout code for forked PRs + if: steps.fork-check.outputs.is_fork == 'true' + uses: actions/checkout@v4 # To make the success of this job a prerequisite for merging into the main branch, # set a filter here instead of on: to determine whether or not to proceed to the next step. - name: Cache dependency files From f0868d06ed320de17ecb1ae625d017cec52d0d32 Mon Sep 17 00:00:00 2001 From: Takashi Masuda Date: Tue, 29 Oct 2024 19:19:48 +0900 Subject: [PATCH 4/4] Add Summary to License Compliance workflow --- .github/workflows/license.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/license.yml b/.github/workflows/license.yml index 1072585b..31a1da54 100644 --- a/.github/workflows/license.yml +++ b/.github/workflows/license.yml @@ -1,5 +1,13 @@ name: License Compliance +# ## Summary +# +# This workflow runs the license_finder CLI only when it detects an update to files related to the License Finder. +# It also updates $LICENSE_REPORT and git commit. +# +# When triggered by a PR from a forked repository, $LICENSE_REPORT is not updated. +# When triggered by a push to the default branch, $LICENSE_REPORT is not updated either. + on: push: branches: