interop with OpenSSL indirect POP #146
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Produce a software bill of materials (SBOM) and ensure that the licenses of the dependencies are compatible | |
| # with the project | |
| name: License compatibility checks | |
| on: push | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 11 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '11' | |
| distribution: 'temurin' | |
| cache: maven | |
| - name: Produce SBOM in CycloneDX format | |
| run: mvn cyclonedx:makeAggregateBom | |
| - name: Produce concise license report | |
| run: /usr/bin/python3 scripts/license-check.py --sbom target/bom.json --report | |
| - name: Check license compliance | |
| run: /usr/bin/python3 scripts/license-check.py --sbom target/bom.json --enforce resources/allowed-licenses.txt |