From 32c0b09f59c78fe593c7ddb1cf9ab5a24d789665 Mon Sep 17 00:00:00 2001 From: zhujian Date: Fri, 14 Feb 2025 16:51:12 +0800 Subject: [PATCH 1/3] Add a FOSSA scanning action Signed-off-by: zhujian --- .github/workflows/fossa-license-scanning.yml | 27 ++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/fossa-license-scanning.yml diff --git a/.github/workflows/fossa-license-scanning.yml b/.github/workflows/fossa-license-scanning.yml new file mode 100644 index 000000000..fcd0fd482 --- /dev/null +++ b/.github/workflows/fossa-license-scanning.yml @@ -0,0 +1,27 @@ + +name: FOSSA License Scanning + +on: + push: + branches: + - main + - release-* + pull_request: + branches: + - main + - release-* + +permissions: + contents: read + +jobs: + fossa-scan: + runs-on: ubuntu-latest + steps: + - name: Checkout tree + uses: actions/checkout@v4 + + - name: Run FOSSA scan and upload build data + uses: fossas/fossa-action@v1.5.0 + with: + api-key: ${{ secrets.FOSSA_API_KEY }} From 41179170ce995972ae43d36f5223d4a410d050a9 Mon Sep 17 00:00:00 2001 From: zhujian Date: Fri, 14 Feb 2025 17:01:57 +0800 Subject: [PATCH 2/3] Debug fossa action Signed-off-by: zhujian --- .github/workflows/fossa-license-scanning.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/fossa-license-scanning.yml b/.github/workflows/fossa-license-scanning.yml index fcd0fd482..aa6e1ab6f 100644 --- a/.github/workflows/fossa-license-scanning.yml +++ b/.github/workflows/fossa-license-scanning.yml @@ -13,15 +13,25 @@ on: permissions: contents: read + actions: read jobs: fossa-scan: runs-on: ubuntu-latest steps: + - name: Debug secrets + run: echo "FOSSA_API_KEY is set" + env: + fossa_api_key: ${{ secrets.FOSSA_API_KEY }} - name: Checkout tree uses: actions/checkout@v4 - name: Run FOSSA scan and upload build data - uses: fossas/fossa-action@v1.5.0 + uses: fossas/fossa-action@main with: api-key: ${{ secrets.FOSSA_API_KEY }} + debug: true + - uses: actions/upload-artifact@v4 + with: + name: fossa.debug.json.gz + path: ./fossa.debug.json.gz From 8778c254d1381c67cf01374658790e54920ae7b7 Mon Sep 17 00:00:00 2001 From: zhujian Date: Mon, 17 Feb 2025 15:56:49 +0800 Subject: [PATCH 3/3] Use env for fossa api key Signed-off-by: zhujian --- .github/workflows/fossa-license-scanning.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/fossa-license-scanning.yml b/.github/workflows/fossa-license-scanning.yml index aa6e1ab6f..6738edbea 100644 --- a/.github/workflows/fossa-license-scanning.yml +++ b/.github/workflows/fossa-license-scanning.yml @@ -29,8 +29,10 @@ jobs: - name: Run FOSSA scan and upload build data uses: fossas/fossa-action@main with: - api-key: ${{ secrets.FOSSA_API_KEY }} + api-key: ${{ env.fossa_api_key }} debug: true + env: + fossa_api_key: ${{ secrets.FOSSA_API_KEY }} - uses: actions/upload-artifact@v4 with: name: fossa.debug.json.gz