From e6701eecdb88eebd2776683edd187b600f7cc5f1 Mon Sep 17 00:00:00 2001 From: Saad Rafiq Date: Tue, 4 Mar 2025 16:29:11 +0100 Subject: [PATCH 1/4] chore: refactor dependency conflict resolution logic --- .github/workflows/dependencies.yaml | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) diff --git a/.github/workflows/dependencies.yaml b/.github/workflows/dependencies.yaml index 4238b6ff..8d996fbf 100644 --- a/.github/workflows/dependencies.yaml +++ b/.github/workflows/dependencies.yaml @@ -49,19 +49,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Generate Dependencies file - run: java -jar ./scripts/download/org.eclipse.dash.licenses-1.1.1.jar yarn.lock -project automotive.tractusx -summary DEPENDENCIES - - - name: Check if dependencies were changed - id: dependencies-changed - run: | - changed=$(git diff DEPENDENCIES) - if [[ -n "$changed" ]]; then - echo "dependencies changed" - echo "changed=true" >> $GITHUB_OUTPUT - else - echo "dependencies not changed" - echo "changed=false" >> $GITHUB_OUTPUT - fi + run: java -jar ./scripts/download/org.eclipse.dash.licenses-1.1.1.jar yarn.lock -project automotive.tractusx -summary DEPENDENCIES || true - name: Check for restricted dependencies run: | @@ -70,16 +58,12 @@ jobs: echo "The following dependencies are restricted: $restricted" exit 1 fi - if: steps.dependencies-changed.outputs.changed == 'true' - name: Upload DEPENDENCIES file uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0 with: path: DEPENDENCIES - if: steps.dependencies-changed.outputs.changed == 'true' - name: Signal need to update DEPENDENCIES run: | - echo "Dependencies need to be updated (updated DEPENDENCIES file has been uploaded to workflow run)" - exit 1 - if: steps.dependencies-changed.outputs.changed == 'true' + echo "Dependencies need to be updated (updated DEPENDENCIES file has been uploaded to workflow run)" \ No newline at end of file From a8266c86c7aaad336de1c6693592e30ae78dcd28 Mon Sep 17 00:00:00 2001 From: Saad Rafiq Date: Tue, 4 Mar 2025 16:47:10 +0100 Subject: [PATCH 2/4] chore: yarn pretty --- .github/workflows/dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dependencies.yaml b/.github/workflows/dependencies.yaml index 8d996fbf..446a2c3a 100644 --- a/.github/workflows/dependencies.yaml +++ b/.github/workflows/dependencies.yaml @@ -66,4 +66,4 @@ jobs: - name: Signal need to update DEPENDENCIES run: | - echo "Dependencies need to be updated (updated DEPENDENCIES file has been uploaded to workflow run)" \ No newline at end of file + echo "Dependencies need to be updated (updated DEPENDENCIES file has been uploaded to workflow run)" From e8f0120b4e35020e32b20a201f91e5a7469f1ec8 Mon Sep 17 00:00:00 2001 From: Saad Rafiq Date: Wed, 12 Mar 2025 11:20:46 +0100 Subject: [PATCH 3/4] fix: fixed the typo for exit 1 for workflow --- .github/workflows/dependencies.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/dependencies.yaml b/.github/workflows/dependencies.yaml index 446a2c3a..cad5f3a5 100644 --- a/.github/workflows/dependencies.yaml +++ b/.github/workflows/dependencies.yaml @@ -67,3 +67,4 @@ jobs: - name: Signal need to update DEPENDENCIES run: | echo "Dependencies need to be updated (updated DEPENDENCIES file has been uploaded to workflow run)" + exit 1 From 96a3f3a23273de1b8ec8391655a5c7f92219b295 Mon Sep 17 00:00:00 2001 From: Saad Rafiq Date: Wed, 12 Mar 2025 11:24:57 +0100 Subject: [PATCH 4/4] chore: artifact updated --- DEPENDENCIES | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index 454d2d2e..3481b3af 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -89,7 +89,7 @@ npm/npmjs/-/function-bind/1.1.2, MIT, approved, #11063 npm/npmjs/-/get-caller-file/2.0.5, ISC, approved, clearlydefined npm/npmjs/-/get-intrinsic/1.2.4, MIT, approved, #8453 npm/npmjs/-/glob-parent/6.0.2, ISC, approved, clearlydefined -npm/npmjs/-/glob/7.2.3, ISC, approved, clearlydefined +npm/npmjs/-/glob/7.2.3, ISC AND (CC-BY-SA-4.0 AND ISC) AND (ISC AND MIT) AND CC-BY-SA-4.0, approved, #19366 npm/npmjs/-/globals/13.24.0, MIT, approved, #11962 npm/npmjs/-/gopd/1.0.1, MIT, approved, #4863 npm/npmjs/-/graphemer/1.4.0, MIT, approved, clearlydefined @@ -109,7 +109,7 @@ npm/npmjs/-/husky/9.1.7, MIT, approved, clearlydefined npm/npmjs/-/iconv-lite/0.4.24, MIT, approved, clearlydefined npm/npmjs/-/iconv-lite/0.6.3, MIT, approved, clearlydefined npm/npmjs/-/ignore/5.3.2, MIT, approved, #11665 -npm/npmjs/-/import-fresh/3.3.0, MIT, approved, clearlydefined +npm/npmjs/-/import-fresh/3.3.0, MIT, approved, #19299 npm/npmjs/-/imurmurhash/0.1.4, MIT, approved, clearlydefined npm/npmjs/-/inflight/1.0.6, ISC, approved, clearlydefined npm/npmjs/-/inherits/2.0.4, ISC, approved, clearlydefined @@ -128,7 +128,7 @@ npm/npmjs/-/json-stable-stringify-without-jsonify/1.0.1, MIT, approved, clearlyd npm/npmjs/-/keyv/4.5.4, MIT, approved, #4674 npm/npmjs/-/levn/0.4.1, MIT, approved, clearlydefined npm/npmjs/-/locate-path/6.0.0, MIT, approved, clearlydefined -npm/npmjs/-/lodash.camelcase/4.3.0, MIT, approved, clearlydefined +npm/npmjs/-/lodash.camelcase/4.3.0, CC0-1.0 AND MIT, approved, clearlydefined npm/npmjs/-/lodash.merge/4.6.2, MIT, approved, clearlydefined npm/npmjs/-/lodash/4.17.21, CC0-1.0 AND MIT, approved, #2096 npm/npmjs/-/media-typer/0.3.0, MIT, approved, clearlydefined @@ -206,7 +206,7 @@ npm/npmjs/-/toidentifier/1.0.1, MIT, approved, clearlydefined npm/npmjs/-/tree-kill/1.2.2, MIT, approved, clearlydefined npm/npmjs/-/tslib/2.7.0, 0BSD, approved, clearlydefined npm/npmjs/-/type-check/0.4.0, MIT, approved, clearlydefined -npm/npmjs/-/type-fest/0.20.2, MIT OR (CC0-1.0 AND MIT), approved, clearlydefined +npm/npmjs/-/type-fest/0.20.2, CC0-1.0 AND MIT, approved, clearlydefined npm/npmjs/-/type-is/1.6.18, MIT, approved, clearlydefined npm/npmjs/-/typical/4.0.0, MIT, approved, clearlydefined npm/npmjs/-/typical/5.2.0, MIT, approved, clearlydefined