Skip to content

Commit

Permalink
feat: SP-1343 Add configurable Copyleft license options to pipeline
Browse files Browse the repository at this point in the history
  • Loading branch information
@agustingroh
agustingroh committed Aug 20, 2024
1 parent 6b7647e commit 33bcfbb
Show file tree
Hide file tree
Showing 8 changed files with 119 additions and 32 deletions.
25 changes: 14 additions & 11 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,17 +52,20 @@ For example workflow runs, check out our
### Action Input Parameters
| **Parameter** | **Description** | **Required** | **Default** |
|--------------------------|------------------------------------------------------------------------------------|--------------|-------------------------------------|
| output.filepath | Scan output file name. | Optional | `results.json` |
| sbom.enabled | Enable or disable scanning based on the SBOM file | Optional | `true` |
| sbom.filepath | Filepath of the SBOM file to be used for scanning | Optional | `sbom.json` |
| sbom.type | Type of SBOM operation: either 'identify' or 'ignore | Optional | `identify` |
| dependencies.enabled | Option to enable or disable scanning of dependencies. | Optional | `false` |
| policies | List of policies separated by commas, options available are: copyleft, undeclared. | Optional | - |
| policies.halt_on_failure | Halt check on policy failure. If set to false checks will not fail. | Optional | `true` |
| api.url | SCANOSS API URL | Optional | `https://osskb.org/api/scan/direct` |
| api.key | SCANOSS API Key | Optional | - |
| **Parameter** | **Description** | **Required** | **Default** |
|----------------------------|------------------------------------------------------------------------------------------------------|--------------|-------------------------------------|
| output.filepath | Scan output file name. | Optional | `results.json` |
| sbom.enabled | Enable or disable scanning based on the SBOM file | Optional | `true` |
| sbom.filepath | Filepath of the SBOM file to be used for scanning | Optional | `sbom.json` |
| sbom.type | Type of SBOM operation: either 'identify' or 'ignore | Optional | `identify` |
| dependencies.enabled | Option to enable or disable scanning of dependencies. | Optional | `false` |
| policies | List of policies separated by commas, options available are: copyleft, undeclared. | Optional | - |
| policies.halt_on_failure | Halt check on policy failure. If set to false checks will not fail. | Optional | `true` |
| api.url | SCANOSS API URL | Optional | `https://osskb.org/api/scan/direct` |
| api.key | SCANOSS API Key | Optional | - |
| licenses.copyleft.include | List of Copyleft licenses to append to the default list. Provide licenses as a comma-separated list. | Optional | - |
| licenses.copyleft.exclude | List of Copyleft licenses to remove from default list. Provide licenses as a comma-separated list. | Optional | - |
| licenses.copyleft.implicit | Explicit list of Copyleft licenses to consider. Provide licenses as a comma-separated list. | Optional | - |

### Action Output Parameters

Expand Down
9 changes: 9 additions & 0 deletions action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,15 @@ inputs:
description: 'Your GitHub token'
required: false
default: ${{ github.token }}
licenses.copyleft.include:
description: 'List of Copyleft licenses to append to the default list. Provide licenses as a comma-separated list.'
required: false
licenses.copyleft.exclude:
description: 'List of Copyleft licenses to remove from default list. Provide licenses as a comma-separated list.'
required: false
licenses.copyleft.explicit:
description: 'Explicit list of Copyleft licenses to consider. Provide licenses as a comma-separated list.'
required: false

outputs:
result-filepath:
Expand Down
67 changes: 57 additions & 10 deletions dist/index.js
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "scanoss-code-scan-action",
"description": "SCANOSS Code Scan Action",
"version": "0.1.7",
"version": "0.1.8",
"author": "SCANOSS",
"private": true,
"homepage": "https://github.com/scanoss/code-scan-action/",
Expand Down
3 changes: 3 additions & 0 deletions src/app.input.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,4 +33,7 @@ export const API_KEY = core.getInput('api.key');
export const API_URL = core.getInput('api.url');
export const OUTPUT_FILEPATH = core.getInput('output.filepath');
export const GITHUB_TOKEN = core.getInput('github.token');
export const COPYLEFT_LICENSE_INCLUDE = core.getInput('licenses.copyleft.include');
export const COPYLEFT_LICENSE_EXCLUDE = core.getInput('licenses.copyleft.exclude');
export const COPYLEFT_LICENSE_EXPLICIT = core.getInput('licenses.copyleft.explicit');
export const REPO_DIR = process.env.GITHUB_WORKSPACE as string;
18 changes: 10 additions & 8 deletions src/policies/copyleft-policy-check.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,14 +106,16 @@ export class CopyleftPolicyCheck extends PolicyCheck {

components.forEach(component => {
component.licenses.forEach(license => {
const copyleftIcon = licenseUtil.isCopyLeft(license.spdxid?.trim().toLowerCase()) ? 'YES' : 'NO';
rows.push([
component.purl,
component.version,
license.spdxid,
`${licenseUtil.getOSADL(license?.spdxid) || ''}`,
copyleftIcon
]);
if (licenseUtil.isCopyLeft(license.spdxid?.trim().toLowerCase())) {
const copyleftIcon = licenseUtil.isCopyLeft(license.spdxid?.trim().toLowerCase()) ? 'YES' : 'NO';
rows.push([
component.purl,
component.version,
license.spdxid,
`${licenseUtil.getOSADL(license?.spdxid) || ''}`,
copyleftIcon
]);
}
});
});
return `### Copyleft licenses \n ${generateTable(headers, rows, centeredColumns)}`;
Expand Down
23 changes: 23 additions & 0 deletions src/utils/license.utils.ts
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
import * as inputs from '../app.input';
import * as core from '@actions/core';

export class LicenseUtil {
private BASE_OSADL_URL = 'https://spdx.org/licenses';
private HTML = 'html';
Expand Down Expand Up @@ -34,7 +37,27 @@ export class LicenseUtil {
private copyLeftLicenses = new Set<string>();

private init(): void {
if (inputs.COPYLEFT_LICENSE_EXPLICIT) {
const explicitCopyleftLicenses = inputs.COPYLEFT_LICENSE_EXPLICIT.split(',').map(pn => pn.trim().toLowerCase());
core.debug(`Explicit licenses: ${explicitCopyleftLicenses}`);
this.copyLeftLicenses = new Set<string>(explicitCopyleftLicenses);
return;
}

core.debug(`Explicit licenses not defined, setting default licenses...`);
this.copyLeftLicenses = this.defaultCopyleftLicenses;

if (inputs.COPYLEFT_LICENSE_INCLUDE) {
const includedCopyleftLicenses = inputs.COPYLEFT_LICENSE_INCLUDE.split(',').map(pn => pn.trim());
core.debug(`Included copyleft licenses: ${includedCopyleftLicenses}`);
includedCopyleftLicenses.forEach(l => this.copyLeftLicenses.add(l.toLowerCase()));
}

if (inputs.COPYLEFT_LICENSE_EXCLUDE) {
const excludedCopyleftLicenses = inputs.COPYLEFT_LICENSE_EXCLUDE.split(',').map(pn => pn.trim());
core.debug(`Excluded copyleft licenses: ${excludedCopyleftLicenses}`);
excludedCopyleftLicenses.forEach(l => this.copyLeftLicenses.delete(l.toLowerCase()));
}
}

isCopyLeft(spdxid: string): boolean {
Expand Down

0 comments on commit 33bcfbb

Please sign in to comment.