Check for sponsorship when using the depscan action on GitHub.

Signed-off-by: Caroline Russell <caroline@appthreat.dev>
owasp-dep-scan · Feb 2, 2024 · 3d64e13 · 3d64e13
1 parent 66727ac
commit 3d64e13
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/depscan/cli.py b/depscan/cli.py
@@ -744,6 +744,21 @@ def main():
         pkg_vulnerabilities,
         pkg_group_rows,
     ) = (None, None, None, None, None, None)
+    if os.getenv("GITHUB_ACTION").lower() == "__appthreat_dep-scan-action" \
+        and not os.getenv("INPUT_THANK_YOU") == ("I have sponsored "
+                                                 "OWASP-dep-scan."):
+        console.print(
+            Panel(
+                "OWASP relies on donations to fund our projects.\n\n"
+                "Donate at https://owasp.org/donate/?reponame=www-project-dep"
+                "-scan&title=OWASP+depscan. \n\nAfter you have done so, "
+                "make sure you have configured the action with thank_you: 'I "
+                "have sponsored OWASP-dep-scan.'",
+                title="Please make a donation",
+                expand=False,
+            )
+        )
+        sys.exit(1)
     # Should we turn on the debug mode
     if args.enable_debug:
         os.environ["AT_DEBUG_MODE"] = "debug"