Merge pull request #12 from docknetwork/chore/add-license-checker

added license checker github action
docknetwork · Jul 15, 2024 · 05bcc66 · 05bcc66
2 parents 3352b54 + d58c301
commit 05bcc66
Showing 1 changed file with 42 additions and 0 deletions.
diff --git a/.github/workflows/npm-audit.yml b/.github/workflows/npm-audit.yml
@@ -0,0 +1,42 @@
+name: npm audit
+
+on:
+  workflow_dispatch:
+
+  pull_request:
+    branches:
+      - master
+    paths:
+      - "yarn.lock"
+      - ".github/workflows/**"
+
+  schedule:
+    - cron: '0 0 * * 0' # Every sunday at midnight
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    env:
+      NODE_VERSION: 18.x
+      AVOID_LICENSES: "AGPL;GPL;AGPL-3.0"
+      IGNORE_PACKAGES: ""
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          persist-credentials: false
+      - name: Use Node.js ${{ env.NODE_VERSION }}
+        uses: actions/setup-node@v1
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+
+      - name: Install dependencies
+        run: |
+          yarn install --frozen-lockfile
+
+      - name: Check licenses
+        run: npx --yes license-checker --production --failOn "${{ env.AVOID_LICENSES }}" --excludePackages "${{ env.IGNORE_PACKAGES }}"
+
+      - name: Run audit
+        run: /bin/bash -c "(yarn audit --groups 'dependencies' --level critical; [[ $? -ge 16 ]] && exit 1 || exit 0)"