ci: add license scanning workflow with nuget-license tool#194
Merged
bingenito merged 2 commits intofinos:mainfrom Apr 24, 2025
Merged
ci: add license scanning workflow with nuget-license tool#194bingenito merged 2 commits intofinos:mainfrom
bingenito merged 2 commits intofinos:mainfrom
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR enhances the license scanning workflow by replacing the outdated dotnet-project-licenses tool with nuget-license and cleaning up associated configuration files.
- Replaces dotnet-project-licenses (v2.7.1) with nuget-license (v3.1.3) in the CI workflow.
- Updates command parameters to utilize JSON pretty formatting and error-only reporting.
- Cleans up allowed-licenses.json and introduces excluded-projects.json and license-mapping.json for improved configuration.
Files not reviewed (3)
- .license/allowed-licenses.json: Language not supported
- .license/excluded-projects.json: Language not supported
- .license/license-mapping.json: Language not supported
Comments suppressed due to low confidence (1)
.github/workflows/license-scanning.yml:30
- The nuget-license command uses mixed flag prefixes (e.g. '-exclude-projects' and '-mapping' versus '--allowed-license-types'). If the tool expects consistent flag formats, consider using double dashes (e.g. '--exclude-projects' and '--mapping').
run: nuget-license -i fdc3-dotnet.sln --allowed-license-types ../.license/allowed-licenses.json --output JsonPretty --error-only -exclude-projects ../.license/excluded-projects.json -mapping ../.license/license-mapping.json
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #194 +/- ##
==========================================
+ Coverage 75.93% 77.95% +2.02%
==========================================
Files 55 63 +8
Lines 453 549 +96
Branches 49 49
==========================================
+ Hits 344 428 +84
- Misses 87 98 +11
- Partials 22 23 +1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
kriswest
approved these changes
Apr 24, 2025
Contributor
kriswest
left a comment
kriswest
left a comment
There was a problem hiding this comment.
LGTM based on the last run on your fork. I might suggest dropping in a branch with a license you don't want (Prism?) to check that it'll flag it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
License Scanning Workflow Improvements
Fixes #180
This PR updates our license scanning infrastructure to improve accuracy and maintainability:
Changes:
dotnet-project-licenses(v2.7.1) withnuget-license(v3.1.3) for compatibility with .NET 8+Benefits:
These changes ensure our license compliance checks remain effective while reducing noise in the scanning process.
THIS SOFTWARE IS CONTRIBUTED SUBJECT TO THE TERMS OF THE FINOS CORPORATE CONTRIBUTOR LICENSE AGREEMENT.
THIS SOFTWARE IS LICENSED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT, ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THIS SOFTWARE MAY BE REDISTRIBUTED TO OTHERS ONLY BY EFFECTIVELY USING THIS OR ANOTHER EQUIVALENT DISCLAIMER IN ADDITION TO ANY OTHER REQUIRED LICENSE TERMS.