This action will create a SPDX license overview with ORT and SPDX-builder.
THIS IS AN EXPERIMENTAL ACTION
You can specify the configuration in a .spdx-builder.yml in the root of your project.
See instructions in philips-software/spdx-builder.
This action requires a java environment. (See example)
Get SPDX license overview
| parameter | description | required | default |
|---|---|---|---|
| project | project | true |
spdx-builder |
| spdx-builder-version | spdx-builder-version | true |
v0.9.2 |
| mode | Scan mode. Can be 'ort', 'blackduck' or 'tree' | true |
ort |
| scanner-url | scanner-url (license-scanner) | false |
|
| bombase-url | bombase-url (in case of mode: 'tree') | false |
|
| upload-url | upload-url (f.e. BOM-bar) | false |
|
| ort-version | philipssoftware/ort version (in case of mode: 'ort') | false |
2021-11-24 |
| ort-file | Specifies an ort-file to override ORT scanning in this action. (in case of mode: 'ort') | false |
|
| tree | file with tree input (in case of mode: 'tree') | false |
|
| format | format input (in case of mode: 'tree') | false |
|
| blackduck-url | Blackduck url (in case of mode: 'blackduck') | false |
|
| blackduck-token | Blackduck token (in case of mode: 'blackduck') | false |
|
| blackduck-project | Blackduck project (in case of mode: 'blackduck') | false |
|
| blackduck-version | Blackduck version (in case of mode: 'blackduck') | false |
|
| optional-arguments | Optional arguments like --tree, --release, --force and --custom |
false |
|
| capture-stdout-file | Capture stdout in a file. When given, this will be used as the filename of the output | false |
| parameter | description |
|---|---|
| spdx-file | spdx-license file |
| ort-file | ort-license file |
This action is an composite action.
Make sure you have a proper .spdx-builder.yml file in your project.
- uses: actions/checkout@v2
- uses: actions/setup-java@v1
with:
java-version: '11.0.13'
- name: Create spdx-file
id: spdx-builder
uses: philips-software/[email protected]
with:
project: my-project
mode: ort
- uses: actions/upload-artifact@v2
with:
name: licenses
path: ${{ steps.spdx-builder.outputs.spdx-file }} - uses: actions/checkout@v2
- uses: actions/setup-java@v1
with:
java-version: '11.0.13'
- name: Create tree
run: |
npm list --all --production > npm-dependencies.txt
- name: Create spdx-file
id: spdx-builder
uses: philips-software/[email protected]
with:
project: my-project
mode: 'tree'
tree: 'npm-dependencies.txt'
format: 'npm'
bombase-url: <bombase-url> # Optional
- uses: actions/upload-artifact@v2
with:
name: licenses
path: ${{ steps.spdx-builder.outputs.spdx-file }} - uses: actions/checkout@v2
- uses: actions/setup-java@v1
with:
java-version: '11.0.13'
- name: Create spdx-file
id: spdx-builder
uses: philips-software/[email protected]
with:
project: my-project
mode: 'blackduck'
blackduck-url: <blackduck-url>
blackduck-token: ${{ secrets.BLACKDUCK_TOKEN }}
blackduck-project: <project-name>
blackduck-version: <project-version>
- uses: actions/upload-artifact@v2
with:
name: licenses
path: ${{ steps.spdx-builder.outputs.spdx-file }}This module is part of the Philips Forest.
___ _
/ __\__ _ __ ___ ___| |_
/ _\/ _ \| '__/ _ \/ __| __|
/ / | (_) | | | __/\__ \ |_
\/ \___/|_| \___||___/\__|
CI