From fdfec603a572245edd5ef699f14ec9baba5ee2e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fl=C3=A1vio=20Ramalho?= Date: Tue, 25 Jan 2022 14:44:54 -0300 Subject: [PATCH] CI: add job for checking licenses from dependencies The check is implemented using wwhrd [1] and the allowed licenses are listed on the `.wwhrd.yml` file. 1. https://github.com/frapposelli/wwhrd --- .github/workflows/ci-cd.yaml | 128 ++++++++++++++++++++--------------- .gitignore | 3 +- .wwhrd.yaml | 7 ++ Makefile | 9 +++ 4 files changed, 90 insertions(+), 57 deletions(-) create mode 100644 .wwhrd.yaml diff --git a/.github/workflows/ci-cd.yaml b/.github/workflows/ci-cd.yaml index ef094a36e..acb874bb2 100644 --- a/.github/workflows/ci-cd.yaml +++ b/.github/workflows/ci-cd.yaml @@ -3,9 +3,9 @@ concurrency: ci-${{ github.ref }} on: push: tags-ignore: - - '*' + - "*" branches: - - 'main' + - "main" pull_request: release: types: [published] @@ -66,7 +66,7 @@ jobs: run: make fmt-check - name: frontend lint and coding style check run: make web-check - + test-checks: runs-on: ubuntu-20.04 steps: @@ -88,6 +88,16 @@ jobs: - name: trento checks ID sanity test run: python3 hack/id_checker.py + check-licenses: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-go@v2 + with: + go-version: 1.16 + - name: Run check + run: make check-licenses + test-e2e: needs: build-static-binary runs-on: ubuntu-20.04 @@ -289,10 +299,10 @@ jobs: with: name: trento-binaries path: | - build/trento-amd64.tgz - build/trento-arm64.tgz - build/trento-ppc64le.tgz - build/trento-s390x.tgz + build/trento-amd64.tgz + build/trento-arm64.tgz + build/trento-ppc64le.tgz + build/trento-s390x.tgz release-rolling: needs: [test-binary, test-checks, test-e2e] @@ -330,8 +340,14 @@ jobs: repo-token: ${{ secrets.GITHUB_TOKEN }} deploy-server: - runs-on: [ self-hosted, trento-gh-runner ] - needs: [ smoke-test-container-images, build-and-push-container-images, test-helm-charts, release-rolling ] + runs-on: [self-hosted, trento-gh-runner] + needs: + [ + smoke-test-container-images, + build-and-push-container-images, + test-helm-charts, + release-rolling, + ] if: (github.event_name == 'push' && github.ref == 'refs/heads/main') || github.event_name == 'workflow_dispatch' environment: AZURE_DEMO env: @@ -352,8 +368,8 @@ jobs: run: ssh "$TRENTO_USER@$TRENTO_SERVER_HOST" "TRENTO_REPO_OWNER=$TRENTO_REPO_OWNER sudo --preserve-env=PATH,TRENTO_REPO_OWNER bash -s" -- < ./install-server.sh -r -p ~/.ssh/id_rsa deploy-agents: - runs-on: [ self-hosted, trento-gh-runner ] - needs: [ deploy-server ] + runs-on: [self-hosted, trento-gh-runner] + needs: [deploy-server] if: github.ref_name == 'main' environment: AZURE_DEMO env: @@ -379,36 +395,36 @@ jobs: container: image: ghcr.io/trento-project/continuous-delivery:master env: - GITHUB_OAUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_OAUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: configure OSC - # OSC credentials must be configured beforehand as the HOME variables cannot be changed from /github/home - # that is used to run osc commands - run: | - /scripts/init_osc_creds.sh - mkdir -p $HOME/.config/osc - cp /root/.config/osc/oscrc $HOME/.config/osc - - name: Prepare trento.changes file - # The .changes file is updated only in release creation. This current task should be improved - # in order to add the current rolling release notes - if: github.event_name == 'release' - run: | - osc checkout $OBS_PROJECT trento trento.changes - mv trento.changes $FOLDER - VERSION=$(./hack/get_version_from_git.sh) - TAG=$(echo $VERSION | cut -f1 -d+) - hack/gh_release_to_obs_changeset.py $REPOSITORY -a shap-staff@suse.de -t $TAG -f $FOLDER/trento.changes - - name: prepare _service file - run: | - VERSION=$(./hack/get_version_from_git.sh) - sed -i 's~%%REVISION%%~${{ github.sha }}~' $FOLDER/_service && \ - sed -i 's~%%REPOSITORY%%~${{ github.repository }}~' $FOLDER/_service && \ - sed -i 's~%%VERSION%%~'"${VERSION}"'~' $FOLDER/_service - - name: commit changes into OBS - run: cp $FOLDER/_service . && /scripts/upload.sh + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: configure OSC + # OSC credentials must be configured beforehand as the HOME variables cannot be changed from /github/home + # that is used to run osc commands + run: | + /scripts/init_osc_creds.sh + mkdir -p $HOME/.config/osc + cp /root/.config/osc/oscrc $HOME/.config/osc + - name: Prepare trento.changes file + # The .changes file is updated only in release creation. This current task should be improved + # in order to add the current rolling release notes + if: github.event_name == 'release' + run: | + osc checkout $OBS_PROJECT trento trento.changes + mv trento.changes $FOLDER + VERSION=$(./hack/get_version_from_git.sh) + TAG=$(echo $VERSION | cut -f1 -d+) + hack/gh_release_to_obs_changeset.py $REPOSITORY -a shap-staff@suse.de -t $TAG -f $FOLDER/trento.changes + - name: prepare _service file + run: | + VERSION=$(./hack/get_version_from_git.sh) + sed -i 's~%%REVISION%%~${{ github.sha }}~' $FOLDER/_service && \ + sed -i 's~%%REPOSITORY%%~${{ github.repository }}~' $FOLDER/_service && \ + sed -i 's~%%VERSION%%~'"${VERSION}"'~' $FOLDER/_service + - name: commit changes into OBS + run: cp $FOLDER/_service . && /scripts/upload.sh obs-submit: needs: obs-commit @@ -417,19 +433,19 @@ jobs: container: image: ghcr.io/trento-project/continuous-delivery:master steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: configure OSC - run: | - /scripts/init_osc_creds.sh - mkdir -p $HOME/.config/osc - cp /root/.config/osc/oscrc $HOME/.config/osc - - name: prepare _service file - run: | - VERSION=$(./hack/get_version_from_git.sh) - sed -i 's~%%REVISION%%~${{ github.sha }}~' $FOLDER/_service && \ - sed -i 's~%%REPOSITORY%%~${{ github.repository }}~' $FOLDER/_service && \ - sed -i 's~%%VERSION%%~'"${VERSION}"'~' $FOLDER/_service - - name: submit package - run: cp $FOLDER/_service . && /scripts/submit.sh + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: configure OSC + run: | + /scripts/init_osc_creds.sh + mkdir -p $HOME/.config/osc + cp /root/.config/osc/oscrc $HOME/.config/osc + - name: prepare _service file + run: | + VERSION=$(./hack/get_version_from_git.sh) + sed -i 's~%%REVISION%%~${{ github.sha }}~' $FOLDER/_service && \ + sed -i 's~%%REPOSITORY%%~${{ github.repository }}~' $FOLDER/_service && \ + sed -i 's~%%VERSION%%~'"${VERSION}"'~' $FOLDER/_service + - name: submit package + run: cp $FOLDER/_service . && /scripts/submit.sh diff --git a/.gitignore b/.gitignore index 6214b50ac..d89d97ea4 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,5 @@ /packaging/helm/trento-server/charts/*.tgz /hack/helm/trento-dev/charts/*.tgz /test/e2e/cypress/videos -/test/e2e/cypress/screenshots/ \ No newline at end of file +/test/e2e/cypress/screenshots/ +/vendor \ No newline at end of file diff --git a/.wwhrd.yaml b/.wwhrd.yaml new file mode 100644 index 000000000..b8cae2823 --- /dev/null +++ b/.wwhrd.yaml @@ -0,0 +1,7 @@ +allowlist: + - Apache-2.0 + - BSD-2-Clause + - BSD-3-Clause + - ISC + - MIT + - MPL-2.0 diff --git a/Makefile b/Makefile index d389c635f..b89b972c2 100644 --- a/Makefile +++ b/Makefile @@ -148,3 +148,12 @@ web/frontend/assets/images: .PHONY: helm-lint helm-lint: docker run --rm -ti --name trento-chart-test -w /workdir -v $(shell pwd):/workdir quay.io/helmpack/chart-testing:v3.4.0 ct lint + +.PHONY: install-wwhrd +install-wwhrd: + which wwhrd || go install github.com/frapposelli/wwhrd@latest + +.PHONY: check-licenses +check-licenses: install-wwhrd + go mod vendor + wwhrd check -q -f .wwhrd.yaml \ No newline at end of file