A @tangro action to check whether a dependency uses an allowed license. We use license-checker to retrieve the license of the dependencies.
By default these licenses are allowed:
MITApache-2.0ISCCustom: https://www.telerik.com/kendo-angular-ui/BSD
Important We only check production dependencies and only 0 direct production dependencies
You can use a specific version of this action. The latest published version is v1.0.14. You can also use latest to always get the latest version.
license-check:
runs-on: ubuntu-latest
steps:
- name: Checkout latest code
uses: actions/checkout@v4
- name: Use Node.js 16.x
uses: actions/[email protected]
with:
node-version: 16.x
- name: Authenticate with GitHub package registry
run: echo "//npm.pkg.github.com/:_authToken=${{ secrets.ACCESS_TOKEN }}" >> ~/.npmrc
- name: Run npm install
run: npm install
- name: Check licenses
uses: tangro/[email protected]
with:
allowed-licenses: 'MIT; ISC; Apache-2.0; Custom: https://www.telerik.com/kendo-angular-ui/; Custom: https://www.telerik.com/kendo-react-ui/; BSD'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_CONTEXT: ${{ toJson(github) }}Attention Do not forget to pass
GITHUB_TOKENandGITHUB_CONTEXT
Steps this example job will perform:
- Check out the latest code
- Use node v16
- Run
npm install- Sadly we need to install the dependencies to check the licenses - (this action) Run the license check
This action will run npx license-checker --production --json --onlyAllow=${allowedLicenses} to check the licenses.
This action will set a status to the commit to pending under the context Tangro CI/license-check. When it finishes successfully it will change the status to success and the license-check result will be displayed in the description. If the license check fails the status will set the status to failed.
The action will write the data to ./license-check/index.html. This file can be deployed to a static file server.
You can also publish the test results to a static file server. The action will write the results into dependencies/index.html.
You can publish the results with our custom deploy actions
license-check:
runs-on: ubuntu-latest
steps:
- name: Checkout latest code
uses: actions/checkout@v4
- name: Use Node.js 16.x
uses: actions/[email protected]
with:
node-version: 16.x
- name: Authenticate with GitHub package registry
run: echo "//npm.pkg.github.com/:_authToken=${{ secrets.ACCESS_TOKEN }}" >> ~/.npmrc
- name: Run npm install
run: npm install
- name: Check licenses
uses: tangro/[email protected]
with:
allowed-licenses: 'MIT; ISC; Apache-2.0; Custom: https://www.telerik.com/kendo-angular-ui/; Custom: https://www.telerik.com/kendo-react-ui/; BSD'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_CONTEXT: ${{ toJson(github) }}
- name: Zip license check result
if: always()
run: |
cd license-check
zip --quiet --recurse-paths ../license-check.zip *
- name: Deploy license check result
if: always()
uses: tangro/[email protected]
with:
context: auto
zip-file: license-check.zip
deploy-url: ${{secrets.DEPLOY_URL}}
project: license-check
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_CONTEXT: ${{ toJson(github) }}
DEPLOY_PASSWORD: ${{ secrets.DEPLOY_PASSWORD }}
DEPLOY_USER: ${{ secrets.DEPLOY_USER }}You have to specify the allowed licenses with allowed-licenses�. They have to be separated by a semicolon.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}