Skip to content

License Scanning for Maven #732

License Scanning for Maven

License Scanning for Maven #732

name: License Scanning for Maven
on:
schedule:
- cron: '0 8,18 * * 1-5'
push:
paths:
- 'maven/pom.xml'
- '.github/workflows/license-scanning-maven.yml'
env:
ALLOW_LICENSES: "'The Apache Software License, Version 2.0' and licenses/license/name!='BSD' and licenses/license/name!='BSD-style license' and licenses/license/name!='Apache License, Version 2.0'"
REPORT_PATH: "target/generated-resources/licenses.xml"
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
java-version: 11
cache: maven
distribution: 'adopt'
- name: Install XQ
run: pip install xq
- name: Build with Maven
run: mvn clean install -Dmaven.test.skip=true
working-directory: maven
- name: License XML report
run: mvn org.codehaus.mojo:license-maven-plugin:2.0.0:download-licenses
working-directory: maven
- name: Validate XML report
run: |
LICENSE_REPORT=`xq "//dependency[licenses/license/name!=${{ env.ALLOW_LICENSES }}]" ./${{ env.REPORT_PATH }}`
LINES_FOUND=`echo $LICENSE_REPORT | wc -l`
echo "License issues found ..."
if [ $LINES_FOUND -gt 1 ]; then echo $LICENSE_REPORT ; exit -1; fi
working-directory: maven
- name: Upload license XML reports
uses: actions/upload-artifact@v3
with:
name: license-xml-report
path: 'maven/**/${{ env.REPORT_PATH }}'