Skip to content

ci(ckan/artifacthub-images): Update ArtifactHUB images #647

ci(ckan/artifacthub-images): Update ArtifactHUB images

ci(ckan/artifacthub-images): Update ArtifactHUB images #647

name: Check used licenses
on:
pull_request:
types:
- opened
- edited
- reopened
- synchronize
paths:
- charts/**
jobs:
getChangedChart:
uses: ./.github/workflows/get-changed-chart.yaml
with:
pr_number: ${{ github.event.pull_request.number }}
check-licenses:
name: check licenses
runs-on: ubuntu-latest
needs: getChangedChart
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- run: pip install yq
- run: /home/linuxbrew/.linuxbrew/bin/brew install trivy
- env:
TEUTO_PORTAL_WORKER_PULL_TOKEN: ${{ secrets.TEUTO_PORTAL_WORKER_PULL_TOKEN }}
GHCR_PULL_TOKEN: ${{ secrets.GHCR_PULL_TOKEN }}
run: |
eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
./.github/scripts/scan-for-licenses.sh "charts/${{ needs.getChangedChart.outputs.chart }}"
check-licenses-list:
name: check licenses from list
runs-on: ubuntu-latest
needs: getChangedChart
steps:
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- run: pip install yq
- env:
chart: ${{ needs.getChangedChart.outputs.chart }}
run: |
set -ex
set -o pipefail
# shellcheck disable=SC2016
if missingImages="$(yq -r -e -c --argjson usedImages "$(yq -r '.annotations["artifacthub.io/images"]' "charts/${chart?}/Chart.yaml" | yq -r -c 'map(.image | split(":")[0]) | unique')" '$usedImages - (.licenses | keys) | if length == 0 then false else . end' .github/image_licenses.yaml)"; then
echo "The following images have no license, please review:"
echo "$missingImages" | yq -r 'map(" - " + .)[]'
exit 1
fi