.github/workflows/tpip-check.yml
name: TPIP Check
on:
# Trigger on pull request any Go package is changed.
pull_request:
paths:
- ".github/workflows/tpip-check.yml"
- "**/go.mod"
- "**/go.sum"
- "scripts/template/**"
workflow_dispatch:
schedule:
- cron: '0 0 * * *'
env:
report_name: "third_party_licenses.md"
jobs:
check-licenses:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version-file: go.mod
check-latest: true
- name: Go tidy
run: go mod tidy
- name: Install go-licenses
run: go install github.com/google/go-licenses@latest
- name: Generate TPIP Report
run: |
go-licenses report . --ignore github.com/Open-CMSIS-Pack/cpackget --template ../scripts/template/tpip-license.template > ../${{ env.report_name }}
working-directory: ./cmd
- name: Archive tpip report
uses: actions/upload-artifact@v4
with:
name: tpip-report
path: ./${{ env.report_name }}
- name: Print TPIP Report
run: cat ${{ env.report_name }} >> $GITHUB_STEP_SUMMARY
- name: Check Licenses
run: go-licenses check . --ignore github.com/Open-CMSIS-Pack/cpackget --disallowed_types=forbidden,restricted
working-directory: ./cmd
commit-changes:
# Running this job only on specific event
# in order to have workaround for issue
# related to deletion of GH checks/status data
if: (github.event_name == 'schedule') || (github.event_name == 'workflow_dispatch')
needs: [ check-licenses ]
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.ref }}
- name: Restore Changes
uses: actions/download-artifact@v4
with:
name: tpip-report
- name: Create Pull Request
uses: peter-evans/create-pull-request@v7
with:
commit-message: Update TPIP report
title: ':robot: [TPIP] Automated report updates'
body: |
Third party IP report updates
branch: update-tpip
delete-branch: true
labels: TPIP
reviewers: soumeh01