constellation/.github/workflows/check-licenses.yml
Fabian Kammel 85f33b2140
ci: fix scorecard/pinned-dependencies findings (#967)
* fix scorecard/pinned-dependencies findings
* make renovate update go install
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-17 16:12:23 +01:00

39 lines
1.0 KiB
YAML

name: Check licenses
on:
workflow_dispatch:
push:
branches: [main]
paths:
- "**.go"
- "**/go.mod"
- "**/go.sum"
pull_request:
paths:
- "**.go"
- "**/go.mod"
- "**/go.sum"
jobs:
check:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
with:
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
- name: Setup Go environment
uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # v3.5.0
with:
go-version: "1.19.5"
cache: true
- name: Install go-licenses
run: go install github.com/google/go-licenses@0e0ec3a03d2277ffa8161963486f03bb58a6358c # v1.5.0
- name: Check licenses
run: hack/check-licenses.sh
- name: Check for files without license header
run: "! grep -rL --include='*.go' -e'SPDX-License-Identifier: AGPL-3.0-only' -e'DO NOT EDIT' | grep ''"