This action will create a SPDX license overview with ORT and SPDX-builder.
THIS IS AN EXPERIMENTAL ACTION
You can specify the configuration in a .spdx-builder.yml
in the root of your project.
See instructions in philips-software/spdx-builder.
This action requires a java environment. (See example)
Get SPDX license overview
parameter | description | required | default |
---|---|---|---|
project | project | true |
spdx-builder |
spdx-builder-version | spdx-builder-version | true |
v0.9.2 |
mode | Scan mode. Can be 'ort', 'blackduck' or 'tree' | true |
ort |
scanner-url | scanner-url (license-scanner) | false |
|
bombase-url | bombase-url (in case of mode: 'tree') | false |
|
upload-url | upload-url (f.e. BOM-bar) | false |
|
ort-version | philipssoftware/ort version (in case of mode: 'ort') | false |
2021-11-24 |
ort-file | Specifies an ort-file to override ORT scanning in this action. (in case of mode: 'ort') | false |
|
tree | file with tree input (in case of mode: 'tree') | false |
|
format | format input (in case of mode: 'tree') | false |
|
blackduck-url | Blackduck url (in case of mode: 'blackduck') | false |
|
blackduck-token | Blackduck token (in case of mode: 'blackduck') | false |
|
blackduck-project | Blackduck project (in case of mode: 'blackduck') | false |
|
blackduck-version | Blackduck version (in case of mode: 'blackduck') | false |
|
optional-arguments | Optional arguments like --tree , --release , --force and --custom |
false |
|
capture-stdout-file | Capture stdout in a file. When given, this will be used as the filename of the output | false |
parameter | description |
---|---|
spdx-file | spdx-license file |
ort-file | ort-license file |
This action is an composite
action.
Make sure you have a proper .spdx-builder.yml
file in your project.
- uses: actions/checkout@v2
- uses: actions/setup-java@v1
with:
java-version: '11.0.13'
- name: Create spdx-file
id: spdx-builder
uses: philips-software/[email protected]
with:
project: my-project
mode: ort
- uses: actions/upload-artifact@v2
with:
name: licenses
path: ${{ steps.spdx-builder.outputs.spdx-file }}
- uses: actions/checkout@v2
- uses: actions/setup-java@v1
with:
java-version: '11.0.13'
- name: Create tree
run: |
npm list --all --production > npm-dependencies.txt
- name: Create spdx-file
id: spdx-builder
uses: philips-software/[email protected]
with:
project: my-project
mode: 'tree'
tree: 'npm-dependencies.txt'
format: 'npm'
bombase-url: <bombase-url> # Optional
- uses: actions/upload-artifact@v2
with:
name: licenses
path: ${{ steps.spdx-builder.outputs.spdx-file }}
- uses: actions/checkout@v2
- uses: actions/setup-java@v1
with:
java-version: '11.0.13'
- name: Create spdx-file
id: spdx-builder
uses: philips-software/[email protected]
with:
project: my-project
mode: 'blackduck'
blackduck-url: <blackduck-url>
blackduck-token: ${{ secrets.BLACKDUCK_TOKEN }}
blackduck-project: <project-name>
blackduck-version: <project-version>
- uses: actions/upload-artifact@v2
with:
name: licenses
path: ${{ steps.spdx-builder.outputs.spdx-file }}
This module is part of the Philips Forest.
___ _
/ __\__ _ __ ___ ___| |_
/ _\/ _ \| '__/ _ \/ __| __|
/ / | (_) | | | __/\__ \ |_
\/ \___/|_| \___||___/\__|
CI