Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitf3ff172

Browse files
authored
chore: remove dependency license review (#14131)
- It's bafflingly buggy and is a source of annoyance for virtually the whole team.- Will revisit if we don't have alternatives to catching invalid licenses.
1 parent98202b3 commitf3ff172

File tree

1 file changed

+0
-42
lines changed

1 file changed

+0
-42
lines changed

‎.github/workflows/ci.yaml

Lines changed: 0 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -709,7 +709,6 @@ jobs:
709709
-test-e2e
710710
-offlinedocs
711711
-sqlc-vet
712-
-dependency-license-review
713712
# Allow this job to run even if the needed jobs fail, are skipped or
714713
# cancelled.
715714
if:always()
@@ -726,7 +725,6 @@ jobs:
726725
echo "- test-js: ${{ needs.test-js.result }}"
727726
echo "- test-e2e: ${{ needs.test-e2e.result }}"
728727
echo "- offlinedocs: ${{ needs.offlinedocs.result }}"
729-
echo "- dependency-license-review: ${{ needs.dependency-license-review.result }}"
730728
echo
731729
732730
# We allow skipped jobs to pass, but not failed or cancelled jobs.
@@ -968,43 +966,3 @@ jobs:
968966
-name:Setup and run sqlc vet
969967
run:|
970968
make sqlc-vet
971-
972-
# dependency-license-review checks that no license-incompatible dependencies have been introduced.
973-
# This action is not intended to do a vulnerability check since that is handled by a separate action.
974-
dependency-license-review:
975-
runs-on:ubuntu-latest
976-
if:github.ref != 'refs/heads/main' && github.actor != 'dependabot[bot]'
977-
steps:
978-
-name:"Checkout Repository"
979-
uses:actions/checkout@v4
980-
-name:"Dependency Review"
981-
id:review
982-
uses:actions/dependency-review-action@v4.3.2
983-
with:
984-
allow-licenses:Apache-2.0, 0BSD, BSD-2-Clause, BSD-3-Clause, CC0-1.0, ISC, MIT, MIT-0, MPL-2.0, OFL-1.1, BSD-3-Clause-Clear
985-
allow-dependencies-licenses:"pkg:golang/github.com/coder/wgtunnel@0.1.13-0.20240522110300-ade90dfb2da0, pkg:npm/pako@1.0.11, pkg:npm/caniuse-lite@1.0.30001639, pkg:githubactions/alwaysmeticulous/report-diffs-action/cloud-compute"
986-
license-check:true
987-
vulnerability-check:false
988-
-name:"Report"
989-
# make sure this step runs even if the previous failed
990-
if:always()
991-
shell:bash
992-
env:
993-
VULNERABLE_CHANGES:${{ steps.review.outputs.invalid-license-changes }}
994-
run:|
995-
fields=( "unlicensed" "unresolved" "forbidden" )
996-
997-
# This is unfortunate that we have to do this but the action does not support failing on
998-
# an unknown license. The unknown dependency could easily have a GPL license which
999-
# would be problematic for us.
1000-
# Track https://github.com/actions/dependency-review-action/issues/672 for when
1001-
# we can remove this brittle workaround.
1002-
for field in "${fields[@]}"; do
1003-
# Use jq to check if the array is not empty
1004-
if [[ $(echo "$VULNERABLE_CHANGES" | jq ".${field} | length") -ne 0 ]]; then
1005-
echo "Invalid or unknown licenses detected, contact @sreya to ensure your added dependency falls under one of our allowed licenses."
1006-
echo "$VULNERABLE_CHANGES" | jq
1007-
exit 1
1008-
fi
1009-
done
1010-
echo "No incompatible licenses detected"

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp