The OSS Review Toolkit (ORT) #92

Workflow file for this run

	name: The OSS Review Toolkit (ORT)

	permissions:
	contents: write
	pull-requests: write
	actions: read

	on:
	create:
	push:
	branches:
	- "release-*"
	pull_request:
	paths:
	- .github/workflows/ort.yml
	workflow_dispatch:

	concurrency:
	group: ORT-${{ github.head_ref \|\| github.ref }}
	cancel-in-progress: true

	jobs:
	check-condition:
	name: Check condition
	# workaround for https://github.com/orgs/community/discussions/54860 (`create` event filter)
	if: >
	github.repository_owner == 'valkey-io' &&
	(github.event_name != 'create' \|\|
	(github.event_name == 'create' &&
	((github.event.ref_type == 'branch' && startsWith(github.event.ref, 'release-')) \|\|
	github.event.ref_type == 'tag')
	)
	)
	runs-on: ubuntu-latest
	steps:
	- run:

	run-ort:
	needs: [check-condition]
	name: Create attribution files
	runs-on: ubuntu-latest
	env:
	ATTRIBUTIONS_FILE: THIRD_PARTY_LICENSES
	steps:
	- uses: actions/checkout@v5
	with:
	submodules: true

	- name: Setup target commit
	run: \|
	echo "TARGET_COMMIT=`git rev-parse HEAD`" >> $GITHUB_ENV

	- name: Set up JDK 11 for the ORT package
	uses: actions/setup-java@v5
	with:
	distribution: "temurin"
	java-version: 11

	- name: Cache ORT and Gradle packages
	uses: actions/cache@v4
	id: cache-ort
	with:
	path: \|
	/tmp/ort
	~/.gradle/caches
	~/.gradle/wrapper
	key: ${{ runner.os }}-ort

	- name: Checkout ORT Repository
	if: steps.cache-ort.outputs.cache-hit != 'true'
	uses: actions/checkout@v5
	with:
	repository: oss-review-toolkit/ort
	path: ./ort
	ref: "46.0.0"
	submodules: recursive

	# Move ORT outside of repo, otherwise it will try to analyze itself (can't checkout straight to /tmp)
	- name: Move ORT Repository
	if: steps.cache-ort.outputs.cache-hit != 'true'
	run: mv ./ort /tmp

	- name: Install Rust toolchain
	uses: dtolnay/rust-toolchain@stable

	- name: Build and install ORT
	if: steps.cache-ort.outputs.cache-hit != 'true'
	working-directory: /tmp/ort
	run: \|
	export JAVA_OPTS="$JAVA_OPTS -Xmx8g"
	./gradlew installDist

	- name: Create ORT config file
	run: \|
	mkdir -p ~/.ort/config
	cat << EOF > ~/.ort/config/config.yml
	ort:
	analyzer:
	skip_excluded: true
	allowDynamicVersions: true
	enabledPackageManagers: [Cargo, NuGet]
	EOF
	cat ~/.ort/config/config.yml

	- name: Set up dotnet
	uses: actions/setup-dotnet@v4
	with:
	dotnet-version: \|
	6
	8
	9

	# Install it somewhere outside of repo, otherwise ORT will try to process inspector's sources too
	- name: Set up nuget-inspector
	working-directory: /tmp
	run: \|
	wget -q https://github.com/aboutcode-org/nuget-inspector/releases/download/v0.9.12/nuget-inspector-v0.9.12-linux-x64.tar.gz
	tar xf nuget-inspector-*.tar.gz
	echo /tmp/nuget-inspector >> $GITHUB_PATH

	# Add SER, because >50% of glide C# client's code is copied from there for compatibility purposes
	- name: Add SER dependency
	working-directory: sources/Valkey.Glide
	run: \|
	dotnet add package StackExchange.Redis --version 2.8.58

	- name: Run ORT tools
	working-directory: /tmp/ort
	run: \|
	mkdir -p $GITHUB_WORKSPACE/ort_results
	# Analyzer (analyzer-result.json)
	./gradlew cli:run --args="--info analyze -i $GITHUB_WORKSPACE -o $GITHUB_WORKSPACE/ort_results -f JSON"

	# NOTICE DEFAULT
	./gradlew cli:run --args="--info report -i $GITHUB_WORKSPACE/ort_results/analyzer-result.json -o $GITHUB_WORKSPACE/ort_results/ -f PlainTextTemplate"

	- name: Upload ORT results
	if: always()
	continue-on-error: true
	uses: actions/upload-artifact@v4
	with:
	name: ort_results
	path: \|
	ort_results/**

	### Get licenses ###
	- name: Retrieve licenses list
	working-directory: utils
	run: \|
	{
	echo 'LICENSES_LIST<<EOF'
	python3 get_licenses_from_ort.py
	echo EOF
	} >> "$GITHUB_ENV"

	### Upload licenses ###
	- name: Get current date
	id: date
	run: \|
	CURR_DATE=$(date +'%Y-%m-%d-%H')
	echo "date=${CURR_DATE}" >> $GITHUB_OUTPUT

	- name: Upload the final package list
	continue-on-error: true
	uses: actions/upload-artifact@v4
	with:
	name: final-package-list-${{ steps.date.outputs.date }}
	path: \|
	utils/final_package_list.txt
	retention-days: 30

	- name: Upload the skipped package list
	continue-on-error: true
	uses: actions/upload-artifact@v4
	with:
	name: skipped-package-list-${{ steps.date.outputs.date }}
	path: \|
	utils/skipped_package_list.txt
	retention-days: 30

	- name: Upload the unknown/unapproved package list
	continue-on-error: true
	uses: actions/upload-artifact@v4
	with:
	name: unapproved-package-list-${{ steps.date.outputs.date }}
	path: \|
	utils/unapproved_package_list.txt
	retention-days: 30

	- name: Check for unapproved packages
	run: \|
	if [ -s utils/unapproved_package_list.txt ]; then
	echo "::error::Found unapproved packages. Please review unapproved package list"
	cat utils/unapproved_package_list.txt
	exit 1
	else
	echo "No unapproved packages found."
	fi

	### Check for ATTRIBUTIONS_FILE diff ###
	- name: Check for diff
	run: \|
	cp ort_results/NOTICE_DEFAULT $ATTRIBUTIONS_FILE
	GIT_DIFF=`git diff $ATTRIBUTIONS_FILE`
	if [ -n "$GIT_DIFF" ]; then
	echo "FOUND_DIFF=true" >> $GITHUB_ENV
	else
	echo "FOUND_DIFF=false" >> $GITHUB_ENV
	fi

	### Create PR, Note a potential race on the source branch ###
	- name: Create or update pull request
	if: ${{ env.FOUND_DIFF == 'true' }}
	run: \|
	TARGET_BRANCH=`git branch --show-current`
	ORT_DIFF_BRANCH_NAME="ort-diff-for-$TARGET_BRANCH"
	echo "Creating pull request from branch $ORT_DIFF_BRANCH_NAME to branch $TARGET_BRANCH"
	git config --global user.email "[email protected]"
	git config --global user.name "ort-bot"
	git checkout -b ${ORT_DIFF_BRANCH_NAME}
	git add $ATTRIBUTIONS_FILE
	git commit -m "Updated attribution files" -s
	git push --set-upstream origin ${ORT_DIFF_BRANCH_NAME} -f

	# Check if PR already exists
	existing_pr=$(gh pr list --base ${TARGET_BRANCH} --head ${ORT_DIFF_BRANCH_NAME} --json number --jq '.[0].number')

	if [ -z "$existing_pr" ]; then
	# Create a new PR if none exists
	title="Updated attribution files for branch \`$TARGET_BRANCH\`"
	gh pr create -B ${TARGET_BRANCH} -H ${ORT_DIFF_BRANCH_NAME} --title "${title}" --body "Created by Github action. ${{ env.LICENSES_LIST }}"
	echo "Pull request created successfully."
	else
	# Update the existing PR
	echo "Pull request #$existing_pr already exists. Updating branch."
	gh pr edit $existing_pr --title "Updated attribution files for commit ${TARGET_COMMIT}" --body "Created by Github action. ${{ env.LICENSES_LIST }}"
	echo "Pull request updated successfully."
	fi
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	INPUT_VERSION: ${{ github.event.inputs.version }}

	### Warn of outdated ATTRIBUTIONS_FILE ###
	- name: Warn of outdated ATTRIBUTIONS_FILE
	if: ${{ env.FOUND_DIFF == 'true' }}
	run: \|
	MESSAGE="WARNING! The attribution files is outdated on this branch. Please ensure updating it by manually running of this workflow!"

	# Echo the message to the console
	echo "$MESSAGE"

	# Emit a general warning in the action log
	echo "::warning::$MESSAGE"

	if git diff --quiet $ATTRIBUTIONS_FILE; then
	continue
	else
	# Emit a warning associated with the changed file
	echo "::warning file=$FILE::WARNING! The attribution file is outdated."
	fi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

The OSS Review Toolkit (ORT) #92

Workflow file

The OSS Review Toolkit (ORT) #92

Uh oh!

Jobs

Run details

Workflow file for this run