Skip to content

Commit

Permalink
Merge pull request #21 from philips-software/develop
Browse files Browse the repository at this point in the history 
Add support for mode 'tree' and 'blackduck'
  • Loading branch information
@JeroenKnoops
JeroenKnoops authored Jun 18, 2021
2 parents 4092cd9 + 23ca5cf commit 7449aee
Show file tree
Hide file tree
Showing 2 changed files with 197 additions and 13 deletions.
64 changes: 61 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,19 @@ Get SPDX license overview
| parameter | description | required | default |
| - | - | - | - |
| project | project | `true` | spdx-builder |
| spdx-builder-version | spdx-builder-version | `true` | v0.6.0 |
| ort-version | philipssoftware/ort version | `false` | 2021-05-31 |
| ort-file | Specifies an ort-file to override ORT scanning in this action. | `true` | |
| spdx-builder-version | spdx-builder-version | `true` | v0.7.0 |
| mode | Scan mode. Can be 'ort', 'blackduck' or 'tree' | `true` | ort |
| scanner-url | scanner-url (license-scanner) | `false` | |
| bombase-url | bombase-url (in case of mode: 'tree') | `false` | |
| upload-url | upload-url (f.e. BOM-bar) | `false` | |
| ort-version | philipssoftware/ort version (in case of mode: 'ort') | `false` | 2021-05-31 |
| ort-file | Specifies an ort-file to override ORT scanning in this action. (in case of mode: 'ort') | `false` | |
| tree | file with tree input (in case of mode: 'tree') | `false` | |
| format | format input (in case of mode: 'tree') | `false` | |
| blackduck-url | Blackduck url (in case of mode: 'blackduck') | `false` | |
| blackduck-token | Blackduck token (in case of mode: 'blackduck') | `false` | |
| blackduck-project | Blackduck project (in case of mode: 'blackduck') | `false` | |
| blackduck-version | Blackduck version (in case of mode: 'blackduck') | `false` | |



Expand Down Expand Up @@ -62,6 +70,51 @@ This action is an `composite` action.

## GitHub workflow

Make sure you have a proper `.spdx-builder.yml` file in your project.

### `ORT` mode
```yml
- uses: actions/checkout@v2
- uses: actions/setup-java@v1
with:
java-version: '11.0.1'
- name: Create spdx-file
id: spdx-builder
uses: philips-software/[email protected]
with:
project: my-project
mode: ort
- uses: actions/upload-artifact@v2
with:
name: licenses
path: ${{ steps.spdx-builder.outputs.spdx-file }}
```
### `tree` mode
```yml
- uses: actions/checkout@v2
- uses: actions/setup-java@v1
with:
java-version: '11.0.1'
- name: Create tree
run: |
npm list --all --production > npm-dependencies.txt
- name: Create spdx-file
id: spdx-builder
uses: philips-software/[email protected]
with:
project: my-project
mode: 'tree'
tree: 'npm-dependencies.txt'
format: 'npm'
bombase-url: <bombase-url> # Optional
- uses: actions/upload-artifact@v2
with:
name: licenses
path: ${{ steps.spdx-builder.outputs.spdx-file }}
```

### `blackduck` mode
```yml
- uses: actions/checkout@v2
- uses: actions/setup-java@v1
Expand All @@ -72,6 +125,11 @@ This action is an `composite` action.
uses: philips-software/[email protected]
with:
project: my-project
mode: 'blackduck'
blackduck-url: <blackduck-url>
blackduck-token: ${{ secrets.BLACKDUCK_TOKEN }}
blackduck-project: <project-name>
blackduck-version: <project-version>
- uses: actions/upload-artifact@v2
with:
name: licenses
Expand Down
146 changes: 136 additions & 10 deletions action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ branding:
outputs:
spdx-file:
description: "spdx-license file"
value: ${{ steps.spdx.outputs.spdx-file }}
value: ${{ steps.spdx-ort.outputs.spdx-file }} ${{ steps.spdx-tree.outputs.spdx-file }} ${{ steps.spdx-blackduck.outputs.spdx-file }}
ort-file:
description: "ort-license file"
value: ${{ steps.spdx.outputs.ort-file }}
Expand All @@ -21,26 +21,55 @@ inputs:
spdx-builder-version:
description: "spdx-builder-version"
required: true
default: 'v0.6.0'
ort-version:
description: "philipssoftware/ort version"
required: false
default: '2021-05-31'
ort-file:
description: "Specifies an ort-file to override ORT scanning in this action."
default: 'v0.7.0'
mode:
description: "Scan mode. Can be 'ort', 'blackduck' or 'tree'"
required: true
default: 'ort'
scanner-url:
description: "scanner-url (license-scanner)"
required: false
bombase-url:
description: "bombase-url (in case of mode: 'tree')"
required: false
upload-url:
description: "upload-url (f.e. BOM-bar)"
required: false
# ORT specific inputs
ort-version:
description: "philipssoftware/ort version (in case of mode: 'ort')"
required: false
default: '2021-05-31'
ort-file:
description: "Specifies an ort-file to override ORT scanning in this action. (in case of mode: 'ort')"
required: false
# tree specific inputs
tree:
description: "file with tree input (in case of mode: 'tree')"
required: false
format:
description: "format input (in case of mode: 'tree')"
required: false
# blackduck specific inputs
blackduck-url:
description: "Blackduck url (in case of mode: 'blackduck')"
required: false
blackduck-token:
description: "Blackduck token (in case of mode: 'blackduck')"
required: false
blackduck-project:
description: "Blackduck project (in case of mode: 'blackduck')"
required: false
blackduck-version:
description: "Blackduck version (in case of mode: 'blackduck')"
required: false

runs:
using: "composite"
steps:
- name: Scan with ORT
run: |
[ "${MODE}" != 'ort' ] && { echo "mode is not 'ort' so don't perform this step"; exit 0; }
[ -n "${ORT_FILE}" ] && { echo "We have our own ORT_FILE so we don't need to scan it here"; exit 0; }
# Allow ORT to fail. When one repository can't be found, the rest still makes sense to analyse
echo "--------------------------------------------------------------------"
Expand All @@ -52,9 +81,11 @@ runs:
shell: bash
env:
ORT_FILE: ${{ inputs.ort-file }}
- name: Create SPDX file
id: spdx
MODE: ${{ inputs.mode }}
- name: Create SPDX file with ORT
id: spdx-ort
run: |
[ "${MODE}" != 'ort' ] && { echo "mode is not 'ort' so don't perform this step"; exit 0; }
echo "--------------------------------------------------------------------"
echo " Creating SPDX file for ${PROJECT}. "
echo "--------------------------------------------------------------------"
Expand Down Expand Up @@ -98,4 +129,99 @@ runs:
SCANNER_URL: ${{ inputs.scanner-url }}
ORT_FILE: ${{ inputs.ort-file }}
UPLOAD_URL: ${{ inputs.upload-url }}
MODE: ${{ inputs.mode }}
shell: bash
- name: Create SPDX file with tree
id: spdx-tree
run: |
[ "${MODE}" != 'tree' ] && { echo "mode is not 'tree' so don't perform this step"; exit 0; }
echo "--------------------------------------------------------------------"
echo " Creating SPDX file for ${PROJECT} based on tree import."
echo "--------------------------------------------------------------------"
echo " Inputs: "
echo " PROJECT : ${PROJECT} "
echo " BOMBASE_URL : ${BOMBASE_URL} "
echo " UPLOAD_URL : ${UPLOAD_URL} "
echo " TREE : ${TREE} "
echo " FORMAT : ${FORMAT} "
echo "--------------------------------------------------------------------"
echo ""
echo "--------------------------------------------------------------------"
echo " Downloading spdx-builder"
echo "--------------------------------------------------------------------"
curl -L https://github.com/philips-software/spdx-builder/releases/download/${{ inputs.spdx-builder-version }}/spdx-builder.jar -o spdx-builder.jar
echo "--------------------------------------------------------------------"
echo " Set BOMBASE_ARG"
echo "--------------------------------------------------------------------"
[ -z "$BOMBASE_URL" ] && BOMBASE_ARG="" || BOMBASE_ARG="--bombase ${BOMBASE_URL}"
echo " BOMBASE_ARG: ${BOMBASE_ARG}"
echo "--------------------------------------------------------------------"
echo " Set UPLOAD_ARG"
echo "--------------------------------------------------------------------"
[ -z "$UPLOAD_URL" ] && UPLOAD_ARG="" || UPLOAD_ARG="--upload ${UPLOAD_URL}"
echo " UPLOAD_ARG: ${UPLOAD_ARG}"
echo "--------------------------------------------------------------------"
echo " Running SPDX-builder"
echo "--------------------------------------------------------------------"
cat "${TREE}" | java -jar spdx-builder.jar tree -f ${FORMAT} -c .spdx-builder.yml -o ${PROJECT}.spdx ${BOMBASE_ARG} ${UPLOAD_ARG}
echo "--------------------------------------------------------------------"
echo "Finished!"
echo "--------------------------------------------------------------------"
echo "::set-output name=spdx-file::${PROJECT}.spdx"
env:
PROJECT: ${{ inputs.project }}
BOMBASE_URL: ${{ inputs.bombase-url }}
TREE: ${{ inputs.tree }}
FORMAT: ${{ inputs.format }}
UPLOAD_URL: ${{ inputs.upload-url }}
MODE: ${{ inputs.mode }}
shell: bash
- name: Create SPDX file with blackduck
id: spdx-blackduck
run: |
[ "${MODE}" != 'blackduck' ] && { echo "mode is not 'blackduck' so don't perform this step"; exit 0; }
echo "--------------------------------------------------------------------"
echo " Creating SPDX file for ${PROJECT} based on blackduck import."
echo "--------------------------------------------------------------------"
echo " Inputs: "
echo " PROJECT : ${PROJECT} "
echo " BOMBASE_URL : ${BOMBASE_URL} "
echo " UPLOAD_URL : ${UPLOAD_URL} "
echo " BLACKDUCK_PROJECT : ${BLACKUCK_PROJECT} "
echo " BLACKDUCK_VERSION : ${BLACKUCK_VERSION} "
echo " BLACKDUCK_URL : ${BLACKUCK_URL} "
echo " BLACKDUCK_TOKEN : ${BLACKUCK_TOKEN} "
echo "--------------------------------------------------------------------"
echo ""
echo "--------------------------------------------------------------------"
echo " Downloading spdx-builder"
echo "--------------------------------------------------------------------"
curl -L https://github.com/philips-software/spdx-builder/releases/download/${{ inputs.spdx-builder-version }}/spdx-builder.jar -o spdx-builder.jar
echo "--------------------------------------------------------------------"
echo " Set BOMBASE_ARG"
echo "--------------------------------------------------------------------"
[ -z "$BOMBASE_URL" ] && BOMBASE_ARG="" || BOMBASE_ARG="--bombase ${BOMBASE_URL}"
echo " BOMBASE_ARG: ${BOMBASE_ARG}"
echo "--------------------------------------------------------------------"
echo " Set UPLOAD_ARG"
echo "--------------------------------------------------------------------"
[ -z "$UPLOAD_URL" ] && UPLOAD_ARG="" || UPLOAD_ARG="--upload ${UPLOAD_URL}"
echo " UPLOAD_ARG: ${UPLOAD_ARG}"
echo "--------------------------------------------------------------------"
echo " Running SPDX-builder"
echo "--------------------------------------------------------------------"
java -jar spdx-builder.jar blackduck -o ${PROJECT}.spdx --url ${BLACKDUCK_URL} --token ${BLACKDUCK_TOKEN} ${BLACKDUCK_PROJECT} ${BLACKDUCK_VERSION} ${BOMBASE_ARG} ${UPLOAD_ARG}
echo "--------------------------------------------------------------------"
echo "Finished!"
echo "--------------------------------------------------------------------"
echo "::set-output name=spdx-file::${PROJECT}.spdx"
env:
PROJECT: ${{ inputs.project }}
BOMBASE_URL: ${{ inputs.bombase-url }}
UPLOAD_URL: ${{ inputs.upload-url }}
MODE: ${{ inputs.mode }}
BLACKDUCK_PROJECT: ${{ inputs.blackduck-project }}
BLACKDUCK_VERSION: ${{ inputs.blackduck-version }}
BLACKDUCK_URL: ${{ inputs.blackduck-url }}
BLACKDUCK_TOKEN: ${{ inputs.blackduck-token }}
shell: bash

0 comments on commit 7449aee

Please sign in to comment.