try pip-license-checker

2025-04-09 12:30:49 +02:00 · 2024-11-02 02:20:58 -07:00 · 2024-11-02 02:20:58 -07:00 · 40beda30a4
commit 40beda30a4
parent d3062cacea
1 changed files with 37 additions and 7 deletions
--- a/.github/workflows/nightly-scan-licenses.yml
+++ b/.github/workflows/nightly-scan-licenses.yml
@ -25,7 +25,36 @@ jobs:
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
-
+        
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          cache: 'pip'
+          cache-dependency-path: |
+            backend/requirements/default.txt
+            backend/requirements/dev.txt
+            backend/requirements/model_server.txt
+      
+      - name: Get explicit and transitive dependencies
+      - run: |
+          python -m pip install --upgrade pip
+          pip install --retries 5 --timeout 30 -r backend/requirements/default.txt
+          pip install --retries 5 --timeout 30 -r backend/requirements/dev.txt
+          pip install --retries 5 --timeout 30 -r backend/requirements/model_server.txt
+          pip freeze > requirements-all.txt
+                    
+      - name: Check python
+        id: license_check_report
+        uses: pilosus/action-pip-license-checker@v2
+        with:
+          requirements: 'requirements-all.txt'
+          fail: 'Copyleft'
+          exclude: '(?i)^(pylint|aio[-_]*).*'
+      - name: Print report
+        if: ${{ always() }}
+        run: echo "${{ steps.license_check_report.outputs.report }}"
+      
      - name: Install npm dependencies
        working-directory: ./web
        run: npm ci
@ -35,11 +64,12 @@ jobs:
        with:
          scan-type: fs
          scanners: license
-          format: sarif
-          output: trivy-results.sarif
+          format: table
+#           format: sarif
+#           output: trivy-results.sarif
          severity: HIGH,CRITICAL

-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: trivy-results.sarif
+#       - name: Upload Trivy scan results to GitHub Security tab
+#         uses: github/codeql-action/upload-sarif@v3
+#         with:
+#           sarif_file: trivy-results.sarif