Skip to content

GitHub Action to get a license overview in SPDX format

License

Notifications You must be signed in to change notification settings

edulix/ort-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Execute ORT with a Github Action

Marketplace Release

This action allows you to run ORT. The OSS Review Toolkit (ORT) aims to assist with the tasks that commonly need to be performed in the context of license compliance checks, especially for (but not limited to) Free and Open Source Software dependencies.

THIS IS AN EXPERIMENTAL ACTION

Environment

This action requires a java environment. (See example)

Description

With this action you can use ORT to analyze the licenses of your dependencies, fail if there's any licensing issues and/or generate dependencies licensing reports in different formats.

Inputs

parameter description required default
ort-version edulix/ort docker hub tag to use. false latest
analyze Set to false to disable the execution of the ORT analyze ORT Action. false true
evaluate Set to false to disable the execution of the ORT evaluate ORT Action. false true
report Set to false to disable the execution of the ORT report ORT Action. false true
verbosity  Verbosity level in ORT to use. Possible values: [warn, info, performance, debug]. false  warn
package-curations-dir Specifies path relative to the project directory for the curations directory. Used in analyze and evaluate actions. It's the --package-curations-dir option for ORT. false -
rules-file Specifies path relative to the project directory for the rules of the evaluate action. It's the --rules-file option for ORT. false -
license-classifications-file Specifies path relative to the project directory for the license classifications file of the evaluate action. It's the --license-classifications-file option for ORT. false -
reporters List of reporters to run. false Excel,StaticHtml,WebApp
ort-extra-args List of extra arguments for ORT, for all commands, set before the verb (before analyze, evaluate or report). false ""
analyze-extra-args List of extra arguments for the analyze action. false -
evaluate-extra-args List of extra arguments for the evaluate action. false -
report-extra-args List of extra arguments for the report action. false -

Outputs

parameter description
results-dir output directory
analyzer-result output file for the analyze step
evaluation-result output file for the evaluate step

Runs

This action is an composite action.

GitHub workflow

  - uses: actions/checkout@v2
  - uses: actions/setup-java@v1
    with:
      java-version: '11.0.1'

  - name: Analyze licensing 
    id: ort-action
    uses: edulix/ort-action

  - uses: actions/upload-artifact@v2
    with:
      name: licenses
      path: ${{ steps.ort-action.outputs.results-dir }}

And a more complex example:

  - uses: actions/checkout@v2
  - uses: actions/setup-java@v1
    with:
      java-version: '11.0.1'

  - name: Analyze licensing
    id: ort-action
    uses: edulix/ort-action@develop
    with:
      package-curations-dir: .ort-data/curations-dir/
      rules-file: .ort-data/rules.kts
      license-classifications-file: .ort-data/license-classifications.yml
      reporters: AdocTemplate,PdfTemplate,Excel,StaticHtml,WebApp
      report-extra-args: >
        --report-option
        PdfTemplate=template.path=/project/.ort-data/disclosure_document.ftl
      ort-extra-args: -P ort.severeRuleViolationThreshold=HINT

  - uses: actions/upload-artifact@v2
    with:
      name: licenses
      path: ${{ steps.ort-action.outputs.results-dir }}

About

GitHub Action to get a license overview in SPDX format

Resources

License

Stars

Watchers

Forks

Packages

No packages published