Skip to content

Add Security.md

Add Security.md #4

Workflow file for this run

name: License Scan
on: [pull_request]
jobs:
licensescan:
name: License Scan
runs-on: ubuntu-latest
strategy:
matrix:
python-version: [3.9]
steps:
- name: Checkout target
uses: actions/checkout@v2
with:
path: signermain
ref: ${{ github.base_ref }}
- name: Checkout this ref
uses: actions/checkout@v2
with:
path: new-ref
fetch-depth: 0
- name: Get Diff
run: git --git-dir ./new-ref/.git diff --name-only --diff-filter=ACMRT ${{ github.event.pull_request.base.sha }} ${{ github.sha }} > refDiffFiles.txt
- name: Get Target Files
run: git --git-dir ./signermain/.git ls-files | grep -xf refDiffFiles.txt - > targetFiles.txt
- name: Checkout scancode
uses: actions/checkout@v2
with:
repository: nexB/scancode-toolkit
path: scancode-toolkit
fetch-depth: 1
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
# ScanCode
- name: Self-configure scancode
working-directory: ./scancode-toolkit
run: ./scancode --help
- name: Run Scan code on pr ref
run: cat targetFiles.txt | while read filename; do echo ./sdkbase/$filename; done | xargs ./scancode-toolkit/scancode -l -n 30 --json-pp - | grep short_name | sort | uniq >> old-licenses.txt
- name: Run Scan code on target
run: cat refDiffFiles.txt | while read filename; do echo ./new-ref/$filename; done | xargs ./scancode-toolkit/scancode -l -n 30 --json-pp - | grep short_name | sort | uniq >> new-licenses.txt
# compare
- name: License test
run: if ! cmp old-licenses.txt new-licenses.txt; then echo "Licenses differ! Failing."; exit -1; else echo "Licenses are the same. Success."; exit 0; fi