From b9b05436e2276665f13afd037df05830b1cf49be Mon Sep 17 00:00:00 2001 From: Sourabh Mehta <73165318+soumeh01@users.noreply.github.com> Date: Wed, 6 Sep 2023 11:59:08 +0200 Subject: [PATCH] Workflow to check TPIP (#205) Co-authored-by: github-actions --- .github/workflows/tpip-check.yml | 76 ++++++++++++++++++++++++++ .goreleaser.yml | 1 + scripts/template/tpip-license.template | 9 +++ third_party_licenses.md | 44 +++++++++++++++ 4 files changed, 130 insertions(+) create mode 100644 .github/workflows/tpip-check.yml create mode 100644 scripts/template/tpip-license.template create mode 100644 third_party_licenses.md diff --git a/.github/workflows/tpip-check.yml b/.github/workflows/tpip-check.yml new file mode 100644 index 0000000..9e276fe --- /dev/null +++ b/.github/workflows/tpip-check.yml @@ -0,0 +1,76 @@ +name: TPIP Check + +on: + # Trigger on pull request any Go package is changed. + pull_request: + paths: + - ".github/workflows/tpip-check.yml" + - "**/go.mod" + - "**/go.sum" + - "scripts/template/**" + workflow_dispatch: + +env: + report_name: "third_party_licenses.md" + +jobs: + check-licenses: + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - uses: actions/checkout@v3 + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version-file: go.mod + check-latest: true + + - name: Go tidy + run: go mod tidy + + - name: Install go-licenses + run: go install github.com/google/go-licenses@latest + + - name: Generate TPIP Report + run: | + go-licenses report . --ignore github.com/Open-CMSIS-Pack/cpackget --template ../scripts/template/tpip-license.template > ../${{ env.report_name }} + date +"%Y/%m/%d %T" >> ../${{ env.report_name }} + working-directory: ./cmd + + - name: Archive tpip report + uses: actions/upload-artifact@v3 + with: + name: tpip-report + path: ./${{ env.report_name }} + + - name: Print TPIP Report + run: cat ${{ env.report_name }} >> $GITHUB_STEP_SUMMARY + + - name: Check Licenses + run: go-licenses check . --ignore github.com/Open-CMSIS-Pack/cpackget --disallowed_types=forbidden,restricted + working-directory: ./cmd + + commit-changes: + needs: [ check-licenses ] + runs-on: ubuntu-latest + timeout-minutes: 5 + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.ref }} + + - name: Restore Changes + uses: actions/download-artifact@v3 + with: + name: tpip-report + + - name: Commit Changes + shell: bash + run: | + git config user.name github-actions + git config user.email github-actions@github.com + git add . + git commit -m "Update TPIP report" + git push + \ No newline at end of file diff --git a/.goreleaser.yml b/.goreleaser.yml index c618368..5d0ae71 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -15,6 +15,7 @@ archives: - LICENSE.txt - README.md - CHANGELOG.md + - third_party_licenses.md format_overrides: - goos: windows diff --git a/scripts/template/tpip-license.template b/scripts/template/tpip-license.template new file mode 100644 index 0000000..4ffc94a --- /dev/null +++ b/scripts/template/tpip-license.template @@ -0,0 +1,9 @@ +# Third Party Intellectual Property (TPIP) Report for [cpackget](https://github.com/Open-CMSIS-Pack/cpackget) + +| __Name__ | __Version__ | __Licence__ | +|----------|-------------|-------------| +{{- range . }} +| {{ .Name }} | {{ .Version }} | [{{ .LicenseName }}]({{ .LicenseURL }}) | +{{- end }} + +Report generated and repository checked for [forbidden](https://github.com/google/licenseclassifier/blob/842c0d70d7027215932deb13801890992c9ba364/license_type.go#L323) and [restricted](https://github.com/google/licenseclassifier/blob/842c0d70d7027215932deb13801890992c9ba364/license_type.go#L176) licenses on: \ No newline at end of file diff --git a/third_party_licenses.md b/third_party_licenses.md new file mode 100644 index 0000000..b79626b --- /dev/null +++ b/third_party_licenses.md @@ -0,0 +1,44 @@ +# Third Party Intellectual Property (TPIP) Report for [cpackget](https://github.com/Open-CMSIS-Pack/cpackget) + +| __Name__ | __Version__ | __Licence__ | +|----------|-------------|-------------| +| github.com/EndFirstCorp/peekingReader | v0.0.0-20171012052444-257fb6f1a1a6 | [MIT](https://github.com/EndFirstCorp/peekingReader/blob/257fb6f1a1a6/LICENSE) | +| github.com/ProtonMail/go-crypto | v0.0.0-20221026131551-cf6655e29de4 | [BSD-3-Clause](https://github.com/ProtonMail/go-crypto/blob/cf6655e29de4/LICENSE) | +| github.com/ProtonMail/go-mime | v0.0.0-20221031134845-8fd9bc37cf08 | [MIT](https://github.com/ProtonMail/go-mime/blob/8fd9bc37cf08/LICENSE) | +| github.com/ProtonMail/gopenpgp/v2 | v2.4.10 | [MIT](https://github.com/ProtonMail/gopenpgp/blob/v2.4.10/LICENSE) | +| github.com/cloudflare/circl | v1.3.3 | [BSD-3-Clause](https://github.com/cloudflare/circl/blob/v1.3.3/LICENSE) | +| github.com/fsnotify/fsnotify | v1.6.0 | [BSD-3-Clause](https://github.com/fsnotify/fsnotify/blob/v1.6.0/LICENSE) | +| github.com/gabriel-vasile/mimetype | v1.4.1 | [MIT](https://github.com/gabriel-vasile/mimetype/blob/v1.4.1/LICENSE) | +| github.com/hashicorp/hcl | v1.0.0 | [MPL-2.0](https://github.com/hashicorp/hcl/blob/v1.0.0/LICENSE) | +| github.com/jroimartin/gocui | v0.5.0 | [BSD-3-Clause](https://github.com/jroimartin/gocui/blob/v0.5.0/LICENSE) | +| github.com/lu4p/cat | v0.1.5 | [Unlicense](https://github.com/lu4p/cat/blob/v0.1.5/LICENSE) | +| github.com/lu4p/cat/rtftxt | v0.1.5 | [MIT](https://github.com/lu4p/cat/blob/v0.1.5/rtftxt/LICENSE) | +| github.com/magiconair/properties | v1.8.7 | [BSD-2-Clause](https://github.com/magiconair/properties/blob/v1.8.7/LICENSE.md) | +| github.com/mattn/go-runewidth | v0.0.14 | [MIT](https://github.com/mattn/go-runewidth/blob/v0.0.14/LICENSE) | +| github.com/mitchellh/colorstring | v0.0.0-20190213212951-d06e56a500db | [MIT](https://github.com/mitchellh/colorstring/blob/d06e56a500db/LICENSE) | +| github.com/mitchellh/mapstructure | v1.5.0 | [MIT](https://github.com/mitchellh/mapstructure/blob/v1.5.0/LICENSE) | +| github.com/nsf/termbox-go | v1.1.1 | [MIT](https://github.com/nsf/termbox-go/blob/v1.1.1/LICENSE) | +| github.com/open-cmsis-pack/cpackget/cmd | Unknown | [Apache-2.0](https://github.com/open-cmsis-pack/cpackget/blob/HEAD/LICENSE.txt) | +| github.com/pelletier/go-toml/v2 | v2.0.6 | [MIT](https://github.com/pelletier/go-toml/blob/v2.0.6/LICENSE) | +| github.com/pkg/errors | v0.9.1 | [BSD-2-Clause](https://github.com/pkg/errors/blob/v0.9.1/LICENSE) | +| github.com/rivo/uniseg | v0.4.3 | [MIT](https://github.com/rivo/uniseg/blob/v0.4.3/LICENSE.txt) | +| github.com/schollz/progressbar/v3 | v3.12.2 | [MIT](https://github.com/schollz/progressbar/blob/v3.12.2/LICENSE) | +| github.com/sirupsen/logrus | v1.9.0 | [MIT](https://github.com/sirupsen/logrus/blob/v1.9.0/LICENSE) | +| github.com/spf13/afero | v1.9.3 | [Apache-2.0](https://github.com/spf13/afero/blob/v1.9.3/LICENSE.txt) | +| github.com/spf13/cast | v1.5.0 | [MIT](https://github.com/spf13/cast/blob/v1.5.0/LICENSE) | +| github.com/spf13/cobra | v1.6.1 | [Apache-2.0](https://github.com/spf13/cobra/blob/v1.6.1/LICENSE.txt) | +| github.com/spf13/jwalterweatherman | v1.1.0 | [MIT](https://github.com/spf13/jwalterweatherman/blob/v1.1.0/LICENSE) | +| github.com/spf13/pflag | v1.0.5 | [BSD-3-Clause](https://github.com/spf13/pflag/blob/v1.0.5/LICENSE) | +| github.com/spf13/viper | v1.14.0 | [MIT](https://github.com/spf13/viper/blob/v1.14.0/LICENSE) | +| github.com/subosito/gotenv | v1.4.1 | [MIT](https://github.com/subosito/gotenv/blob/v1.4.1/LICENSE) | +| golang.org/x/crypto/cast5 | v0.4.0 | [BSD-3-Clause](https://cs.opensource.google/go/x/crypto/+/v0.4.0:LICENSE) | +| golang.org/x/mod/semver | v0.7.0 | [BSD-3-Clause](https://cs.opensource.google/go/x/mod/+/v0.7.0:LICENSE) | +| golang.org/x/net/html | v0.7.0 | [BSD-3-Clause](https://cs.opensource.google/go/x/net/+/v0.7.0:LICENSE) | +| golang.org/x/sync/semaphore | v0.1.0 | [BSD-3-Clause](https://cs.opensource.google/go/x/sync/+/v0.1.0:LICENSE) | +| golang.org/x/sys | v0.5.0 | [BSD-3-Clause](https://cs.opensource.google/go/x/sys/+/v0.5.0:LICENSE) | +| golang.org/x/term | v0.5.0 | [BSD-3-Clause](https://cs.opensource.google/go/x/term/+/v0.5.0:LICENSE) | +| golang.org/x/text | v0.7.0 | [BSD-3-Clause](https://cs.opensource.google/go/x/text/+/v0.7.0:LICENSE) | +| gopkg.in/ini.v1 | v1.67.0 | [Apache-2.0](https://github.com/go-ini/ini/blob/v1.67.0/LICENSE) | +| gopkg.in/yaml.v3 | v3.0.1 | [MIT](https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE) | + +Report generated and repository checked for [forbidden](https://github.com/google/licenseclassifier/blob/842c0d70d7027215932deb13801890992c9ba364/license_type.go#L323) and [restricted](https://github.com/google/licenseclassifier/blob/842c0d70d7027215932deb13801890992c9ba364/license_type.go#L176) licenses on: 2023/09/06 09:03:00