madlib/.github/workflows/license-check.yml at d67bf4c7911fef4f30dc62756cc36ffcbeb87d10 · apache/madlib · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.

name: License Check

on:
  push:
    branches: [ madlib2-master, github-actions ]
  pull_request:
    branches: [ madlib2-master, github-actions ]
  # Allow manual triggers for compliance verification
  workflow_dispatch:

jobs:
  rat-check:
    name: Apache RAT License Check
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@v4
      with:
        fetch-depth: 1

    - name: Set up JDK and Maven
      uses: actions/setup-java@v3
      with:
        java-version: '11'
        distribution: 'temurin'
        cache: 'maven'

    - name: Run Apache RAT Check
      run: |
        echo "Running Apache Rat license check..."
        mvn apache-rat:check | tee rat-output.log

        if grep -q "\[INFO\] BUILD FAILURE" rat-output.log; then
          echo "::error::Apache Rat check failed - build failure detected"
          exit 1
        fi

    - name: Run NOTICE Year and binary file checks
      run: |
        set -o pipefail
        chmod +x ./tool/jenkins/rat_check.sh
        ./tool/jenkins/rat_check.sh 2>&1 | tee license_checks.txt

    - name: Upload Rat check results
      if: always()
      uses: actions/upload-artifact@v4
      with:
        name: rat-check-results
        path: |
          rat-output.log
          license_checks.txt
        retention-days: 7

    - name: Generate Summary
      if: always()
      run: |
        # Check RAT results
        if [[ -f rat-output.log ]] && grep -q "\[INFO\] BUILD SUCCESS" rat-output.log; then
          echo "### ✅ License Check Passed" >> "$GITHUB_STEP_SUMMARY"
          echo "All files comply with Apache License requirements." >> "$GITHUB_STEP_SUMMARY"
        elif [[ -f rat-output.log ]]; then
          echo "### ❌ License Check Failed" >> "$GITHUB_STEP_SUMMARY"
          echo "" >> "$GITHUB_STEP_SUMMARY"

          if grep -q "Files with unapproved licenses:" rat-output.log; then
            echo "**Files with unapproved licenses:**" >> "$GITHUB_STEP_SUMMARY"
            echo "" >> "$GITHUB_STEP_SUMMARY"
            sed -n '/Files with unapproved licenses:/,/\[INFO\] ------------------------------------------------------------------------/p' rat-output.log | \
              grep -v "\[INFO\] ------------------------------------------------------------------------" | \
              grep -v "^$" | \
              head -20 | \
              sed 's/^/- /' >> "$GITHUB_STEP_SUMMARY"
            echo "" >> "$GITHUB_STEP_SUMMARY"
          fi

          if grep -q "Rat check: Summary over all files" rat-output.log; then
            echo "**Summary:**" >> "$GITHUB_STEP_SUMMARY"
            grep "Rat check: Summary over all files" rat-output.log | sed 's/\[INFO\] //' >> "$GITHUB_STEP_SUMMARY"
          fi
        else
          echo "### ⚠️ No RAT Output Log Found" >> "$GITHUB_STEP_SUMMARY"
        fi

        # Check additional checks results
        echo "" >> "$GITHUB_STEP_SUMMARY"
        if [[ -f license_checks.txt ]]; then
          if grep -q "Error" license_checks.txt || grep -q "FAILED" license_checks.txt; then
            echo "### ❌ Additional Checks Failed" >> "$GITHUB_STEP_SUMMARY"
            echo "" >> "$GITHUB_STEP_SUMMARY"
            echo "**Check output:**" >> "$GITHUB_STEP_SUMMARY"
            echo "\`\`\`" >> "$GITHUB_STEP_SUMMARY"
            cat license_checks.txt >> "$GITHUB_STEP_SUMMARY"
            echo "\`\`\`" >> "$GITHUB_STEP_SUMMARY"
          else
            echo "### ✅ Additional Checks Passed" >> "$GITHUB_STEP_SUMMARY"
            echo "- NOTICE file year is current" >> "$GITHUB_STEP_SUMMARY"
            echo "- Version numbers match" >> "$GITHUB_STEP_SUMMARY"
            echo "- No unexpected binary files found" >> "$GITHUB_STEP_SUMMARY"
          fi
        fi