name: Frontend License Report Workflow on: push: branches: - feature/react-overhaul paths: - "frontend/package.json" - "frontend/package-lock.json" - "frontend/scripts/generate-licenses.js" permissions: contents: read jobs: generate-frontend-license-report: runs-on: ubuntu-latest permissions: contents: write pull-requests: write repository-projects: write # Required for enabling automerge steps: - name: Harden Runner uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 with: egress-policy: audit - name: Check out code uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Setup GitHub App Bot id: setup-bot uses: ./.github/actions/setup-bot with: app-id: ${{ secrets.GH_APP_ID }} private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} - name: Set up Node.js uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0 with: node-version: '18' cache: 'npm' cache-dependency-path: frontend/package-lock.json - name: Install frontend dependencies working-directory: frontend run: npm ci - name: Generate frontend license report working-directory: frontend run: npm run generate-licenses - name: Check for license warnings run: | if [ -f "frontend/src/assets/license-warnings.json" ]; then echo "LICENSE_WARNINGS_EXIST=true" >> $GITHUB_ENV else echo "LICENSE_WARNINGS_EXIST=false" >> $GITHUB_ENV fi - name: Commit changes run: | git add frontend/src/assets/3rdPartyLicenses.json if [ -f "frontend/src/assets/license-warnings.json" ]; then git add frontend/src/assets/license-warnings.json fi git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV - name: Prepare PR body run: | PR_BODY="Auto-generated by ${{ steps.setup-bot.outputs.app-slug }}[bot] This PR updates the frontend license report based on changes to package.json dependencies." if [ "${{ env.LICENSE_WARNINGS_EXIST }}" = "true" ]; then PR_BODY="$PR_BODY ## ⚠️ License Compatibility Warnings The following licenses may require review for corporate compatibility: $(cat frontend/src/assets/license-warnings.json | jq -r '.warnings[].message') Please review these licenses to ensure they are acceptable for your use case." fi echo "PR_BODY<> $GITHUB_ENV echo "$PR_BODY" >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV - name: Create Pull Request id: cpr if: env.CHANGES_DETECTED == 'true' uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 with: token: ${{ steps.setup-bot.outputs.token }} commit-message: "Update Frontend 3rd Party Licenses" committer: ${{ steps.setup-bot.outputs.committer }} author: ${{ steps.setup-bot.outputs.committer }} signoff: true branch: update-frontend-3rd-party-licenses base: feature/react-overhaul title: "Update Frontend 3rd Party Licenses" body: ${{ env.PR_BODY }} labels: Licenses,github-actions,frontend draft: false delete-branch: true sign-commits: true - name: Enable Pull Request Automerge if: steps.cpr.outputs.pull-request-operation == 'created' && env.LICENSE_WARNINGS_EXIST == 'false' run: gh pr merge --squash --auto "${{ steps.cpr.outputs.pull-request-number }}" env: GH_TOKEN: ${{ steps.setup-bot.outputs.token }} - name: Add review required label if: steps.cpr.outputs.pull-request-operation == 'created' && env.LICENSE_WARNINGS_EXIST == 'true' run: gh pr edit "${{ steps.cpr.outputs.pull-request-number }}" --add-label "license-review-required" env: GH_TOKEN: ${{ steps.setup-bot.outputs.token }}