R Dependency License Report

Description

A Github Action that generates a license report of an R package's dependencies for continuous compliance.

Action Type

Docker

Author

Insights Engineering

Inputs

• path:

  Description: Path to package's root

  Required: false

  Default: .

• regex:

  Description: Regex used for flagging packages with non-compliant licenses

  Required: false

  Default: ""

• fail:

  Description: Fail with a non-zero exit code if one or more dependencies are flagged by the regex

  Required: false

  Default: True

• rspm_snapshot_date:

  Description: RSPM snapshot date (in the YYYY-MM-DD format) for package metadata retrieval. Defaults to current date

  Required: false

  Default: ""

• bioc_release:

  Description: BioConductor release version for package metadata retrieval

  Required: false

  Default: release

• as_html:

  Description: Whether you also want the report as an html file

  Required: false

  Default: false

Outputs

None

Usage

To use this GitHub Action you will need to complete the following:

• Create a new file in your repository called .github/workflows/r-license-report.yml
• Copy the quickstart workflow from below into that new file, no extra configuration required
• Commit that file to a new branch
• Open up a pull request and observe the action working
• Review the output of the action as needed

Quickstart

In your repository you should have a .github/workflows/r-license-report.yml folder with GitHub Action similar to below:

---
name: License Report

on:
  push:
    branches-ignore: [main]
  pull_request:
    branches: [main]

jobs:
  license-report:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
        uses: actions/checkout@v3
      - name: License Report
        uses: insightsengineering/r-license-report@v1

Complete example

The following workflow is a complete example that highlights the available options in this Action:

---
name: License Compliance Check

on:
  push:
    branches-ignore: [main]
  pull_request:
    branches: [main]

jobs:
  license-check:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
        uses: actions/checkout@v3

      - name: Generate License Report
        uses: insightsengineering/r-license-report@v1
        with:
          # R package root path, in case your R package is within a subdirectory of the repo
          path: "."
          # A regular expression that can be used for matching and flagging non-compliant licenses
          regex: "^AGPL.*"
          # Fail the action if 1 or more matching non-compliant licenses are found
          fail: true
          # Select an RSPM snapshot date for CRAN dependency metadata retrieval
          rspm_snapshot_date: "2021-12-12"
          # Select a Bioconductor release version for BioC dependency metadata retrieval
          bioc_release: "3.14"
          # Whether you also want the report as an `html` file
          as_html: true

      - name: Upload PDF Report
        uses: actions/upload-artifact@v2
        with:
          name: license-report.pdf
          path: license-report.pdf

An example of the output of the action can be seen below:

Standalone Usage

The underlying script used in this action can also be used as a standalone script, and can be used outside of this action (eg. in other CI/CD tools). Simply:

• Download the script

wget https://raw.githubusercontent.com/insightsengineering/r-license-report/main/license-report.R

• Set execute permissions

chmod +x license-report.R

• Run the script

./license-report.R --help