-
Notifications
You must be signed in to change notification settings - Fork 119
78 lines (75 loc) · 3.01 KB
/
doc-examples-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# (C) 2024 GoodData Corporation
# Deploy of ui sdk examples
name: FOSSA ~ Update attribtion file
on:
workflow_dispatch:
jobs:
fossa-scan:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: "IMJ-FOSSA-TEST"
token: ${{ secrets.TOKEN_GITHUB_YENKINS_ADMIN }}
- name: Setup node
uses: actions/setup-node@v4
with:
node-version: 18.17.0
- name: Install rush
run: |
npm install -g @microsoft/rush
- name: Rush install
run: |
rush install
- name: Add repository to git safe directories to avoid dubious ownership issue
run: git config --global --add safe.directory $GITHUB_WORKSPACE
- name: Config user
run: |
git config --global user.email "[email protected]"
git config --global user.name "git-action"
- name: Install fossa
run: |
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | sudo bash
- name: dummy package.json
run: |
echo '{}' > common/config/rush/package.json
- name: Fossa scan
run: fossa analyze --project "gooddata-ui-sdk" --branch "IMJ-FOSSA-TEST"
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
- name: list of target
run: fossa list-targets
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
- name: Generate FOSSA Attribution Report
uses: nick-fields/retry@v3
env:
FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
MINIMUM_LINES: 50000
with:
timeout_minutes: 5
max_attempts: 3
retry_on: error
retry_wait_seconds: 30
command: |
# wait for the scan to finish in fossa app and then download the attribution file
sleep 30
REVISION=$(git rev-parse HEAD)
LINK="https://app.fossa.com/api/revisions/custom%2B13637%2Fgooddata-ui-sdk%24$REVISION/attribution/download?includeProjectLicense=&includeLicenseScan=&includeDependencySummary=true&includeDirectDependencies=true&includeDeepDependencies=true&includeLicenseList=true&includeVulnerabilities=&format=TXT&includeLicenseHeaders=&download=true"
echo $LINK
curl -o NOTICE --header "Authorization: Bearer $FOSSA_API_KEY" $LINK
# check if the NOTICE file has at least 50000 lines
# empty notice has cca 50 lines so 50000 is a good threshold
# current notice has cca 100000 lines so NOTICE has less than 50000 lines its suspicious
lines=$(wc -l < NOTICE)
if (( lines < $MINIMUM_LINES )); then
echo "The NOTICE file has less than 50000 lines."
exit 1
fi
- name: Git commit and push
run: |
# add changelogs
git add NOTICE
git commit -a -m "chore: update attribution file" -m "" -m "TRIVIAL"
git push origin HEAD