From 2df20a2eeca7784550095a1b11d9d1937b675960 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Fri, 12 Sep 2025 23:20:54 -0600 Subject: [PATCH 1/3] =?UTF-8?q?=F0=9F=91=B7=20Add=20Apache=20SkyWalking=20?= =?UTF-8?q?Eyes?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/license-eye.yml | 36 +++++++++++++++++++++++++++++++ .licenserc.yaml | 3 +++ CHANGELOG.md | 1 + 3 files changed, 40 insertions(+) create mode 100644 .github/workflows/license-eye.yml create mode 100644 .licenserc.yaml diff --git a/.github/workflows/license-eye.yml b/.github/workflows/license-eye.yml new file mode 100644 index 00000000..20cfb379 --- /dev/null +++ b/.github/workflows/license-eye.yml @@ -0,0 +1,36 @@ +name: Apache SkyWalking Eyes + +permissions: + contents: read + +on: + push: + branches: + - 'main' + - '*-stable' + tags: + - '!*' # Do not execute on tags + pull_request: + branches: + - '*' + # Allow manually triggering the workflow. + workflow_dispatch: + +# Cancels all previous workflow runs for the same branch that have not yet completed. +concurrency: + # The concurrency group contains the workflow name and the branch name. + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: true + +jobs: + license-check: + if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')" + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v5 + + - name: Check Dependencies' License + uses: apache/skywalking-eyes/dependency@main + with: + config: .licenserc.yaml diff --git a/.licenserc.yaml b/.licenserc.yaml new file mode 100644 index 00000000..8e375875 --- /dev/null +++ b/.licenserc.yaml @@ -0,0 +1,3 @@ +dependency: + files: + - Gemfile.lock diff --git a/CHANGELOG.md b/CHANGELOG.md index c4904aa9..41a21eeb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ Please file a bug if you notice a violation of semantic versioning. ## [Unreleased] ### Added +- Apache SkyWalking Eyes dependency license check ### Changed ### Deprecated ### Removed From 7b28cc03a067e90238d93b6f2def8cd484188f2d Mon Sep 17 00:00:00 2001 From: "|7eter l-|. l3oling" Date: Sat, 13 Sep 2025 13:32:11 +0700 Subject: [PATCH 2/3] Update .licenserc.yaml Co-authored-by: kezhenxu94 Signed-off-by: |7eter l-|. l3oling --- .licenserc.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.licenserc.yaml b/.licenserc.yaml index 8e375875..0eb99818 100644 --- a/.licenserc.yaml +++ b/.licenserc.yaml @@ -1,3 +1,7 @@ +header: + license: + spdx-id: MIT + dependency: files: - Gemfile.lock From f554fbe01cf7fc614f37deddde47f1a667b650b7 Mon Sep 17 00:00:00 2001 From: "Peter H. Boling" Date: Sat, 13 Sep 2025 12:22:22 -0600 Subject: [PATCH 3/3] =?UTF-8?q?=F0=9F=92=9A=20Allow=20weak-compatible=20fo?= =?UTF-8?q?r=20Ruby?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Ruby packages declared as dependencies in gemspecs or Gemfiles are typically consumed as binaries; - enable weak-compatibility so permissive and weak-copyleft combinations are treated as compatible --- .github/workflows/license-eye.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/license-eye.yml b/.github/workflows/license-eye.yml index 20cfb379..d5e667dc 100644 --- a/.github/workflows/license-eye.yml +++ b/.github/workflows/license-eye.yml @@ -34,3 +34,7 @@ jobs: uses: apache/skywalking-eyes/dependency@main with: config: .licenserc.yaml + # Ruby packages declared as dependencies in gemspecs or Gemfiles are + # typically consumed as binaries; enable weak-compatibility + # so permissive and weak-copyleft combinations are treated as compatible. + flags: --weak-compatible