Move license check to action, add onos-comp WF
Signed-off-by: Eric Ball <eball@linuxfoundation.org>
Change-Id: I0ead5b5e2cbebb4580dd86961fb2888e5f201900
diff --git a/.github/actions/license-check-action/README.md b/.github/actions/license-check-action/README.md
new file mode 100644
index 0000000..8a4b330
--- /dev/null
+++ b/.github/actions/license-check-action/README.md
@@ -0,0 +1,103 @@
+<!--
+SPDX-License-Identifier: Apache-2.0
+SPDX-FileCopyrightText: 2026 The Linux Foundation
+-->
+
+# License Check Action
+
+A GitHub Action that validates source code files contain proper license and copyright headers.
+
+## Description
+
+This composite action scans the repository for source code files and verifies that each file contains either a "Copyright" statement or "Apache License" reference in its header. This helps ensure compliance with open-source licensing requirements.
+
+## Usage
+
+```yaml
+- name: Check License Headers
+ uses: ./.github/actions/license-check-action
+```
+
+### Example Workflow
+
+```yaml
+name: License Compliance
+
+on:
+ pull_request:
+ push:
+ branches:
+ - main
+
+jobs:
+ license-check:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
+
+ - name: Run license check
+ uses: ./.github/actions/license-check-action
+```
+
+## How It Works
+
+The action performs the following steps:
+
+1. Recursively finds all files in the repository (excluding `.git` directory)
+2. Filters files based on extension and name patterns
+3. Searches each file for the text "Copyright" or "Apache License"
+4. Reports any files missing the required license header
+5. Fails the check if any violations are found
+
+## Excluded File Types
+
+The following file types and patterns are automatically excluded from license checking:
+
+### Binary and Media Files
+- Images: `.png`, `.jpg`, `.gif`, `.ico`, `.svg`, `.PNG`
+- Fonts: `.eot`, `.ttf`, `.woff`
+- Documents: `.pdf`, `.docx`, `.graffle`
+- Archives: `.tar`, `.tar.gz`, `.jar`, `.oar`, `.csar`
+
+### Configuration and Data Files
+- `.json`, `.jsonld`, `.JSON`
+- `.xml`, `.yaml`, `.yml`, `.toml`
+- `.properties`, `.conf`, `.cfg`, `.cnf`, `.config`
+- `.csv`, `.db`, `.log`
+- `.txt`, `.md`, `.rst`
+
+### Certificate and Key Files
+- `.pem`, `.crt`, `.cert`, `.key`, `.csr`, `.der`
+- `.jks`, `.p12`, `.asc`, `.gpg`
+
+### Generated and Build Files
+- `.pb.go`, `.pb.gw.go`, `*_pb2.py`, `*_pb2_grpc.py`
+- `.pb.h`, `.pb.cc`
+- `.pyc`, `.bin`
+- `go.mod`, `go.sum`
+- `.lock` files
+
+### Special Files
+- `Dockerfile`, `Dockerfile.*`
+- `Makefile`, `Makefile.*`
+- `README`
+- `*ignore` files (e.g., `.gitignore`, `.dockerignore`)
+- `*rc` files (e.g., `.bashrc`, `.npmrc`)
+
+### Excluded Directories
+- `vendor/`
+- `conf/`
+- `git/`
+- `swagger/`
+- `docs/`
+
+## Troubleshooting
+
+### False Positives
+
+If files are incorrectly flagged as missing license headers:
+
+1. Verify the file contains either "Copyright" or "Apache License" text
+2. Check that the text appears in a comment format appropriate for the file type
+3. Ensure there are no encoding issues preventing text detection
diff --git a/.github/actions/license-check-action/action.yaml b/.github/actions/license-check-action/action.yaml
new file mode 100644
index 0000000..1634e21
--- /dev/null
+++ b/.github/actions/license-check-action/action.yaml
@@ -0,0 +1,123 @@
+---
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2023 The Linux Foundation
+
+name: "license-check"
+description: "Check for standard license/copyright header"
+
+runs:
+ using: "composite"
+ steps:
+ - id: Installing dependencies
+ shell: bash
+ run: |
+ set +e -u -o pipefail
+ fail_licensecheck=0
+
+ while IFS= read -r -d '' f
+ do
+ grep -q "Copyright\|Apache License" "${f}"
+ rc=$?
+ if [[ $rc != 0 ]]; then
+ echo "ERROR: $f does not contain License Header"
+ fail_licensecheck=1
+ fi
+ done < <(find . -name ".git" -prune -o -type f \
+ -name "*.*" \
+ ! -name "*.PNG" \
+ ! -name "*.asc" \
+ ! -name "*.bat" \
+ ! -name "*.bin" \
+ ! -name "*.cert" \
+ ! -name "*.cfg" \
+ ! -name "*.cnf" \
+ ! -name "*.conf" \
+ ! -name "*.cql" \
+ ! -name "*.crt" \
+ ! -name "*.csar" \
+ ! -name "*.csr" \
+ ! -name "*.csv" \
+ ! -name "*.ctmpl" \
+ ! -name "*.curl" \
+ ! -name "*.db" \
+ ! -name "*.der" \
+ ! -name "*.desc" \
+ ! -name "*.diff" \
+ ! -name "*.dnsmasq" \
+ ! -name "*.do" \
+ ! -name "*.docx" \
+ ! -name "*.eot" \
+ ! -name "*.gif" \
+ ! -name "*.gpg" \
+ ! -name "*.graffle" \
+ ! -name "*.ico" \
+ ! -name "*.iml" \
+ ! -name "*.in" \
+ ! -name "*.inc" \
+ ! -name "*.install" \
+ ! -name "*.j2" \
+ ! -name "*.jar" \
+ ! -name "*.jks" \
+ ! -name "*.jpg" \
+ ! -name "*.json" \
+ ! -name "*.jsonld" \
+ ! -name "*.JSON" \
+ ! -name "*.key" \
+ ! -name "*.list" \
+ ! -name "*.local" \
+ ! -path "*.lock" \
+ ! -name "*.log" \
+ ! -name "*.mak" \
+ ! -name "*.md" \
+ ! -name "*.MF" \
+ ! -name "*.mk" \
+ ! -name "*.oar" \
+ ! -name "*.p12" \
+ ! -name "*.patch" \
+ ! -name "*.pb.go" \
+ ! -name "*.pb.gw.go" \
+ ! -name "*.pdf" \
+ ! -name "*.pcap" \
+ ! -name "*.pem" \
+ ! -name "*.png" \
+ ! -name "*.properties" \
+ ! -name "*.proto" \
+ ! -name "*.protoset" \
+ ! -name "*.pyc" \
+ ! -name "*.repo" \
+ ! -name "*.robot" \
+ ! -name "*.rst" \
+ ! -name "*.rules" \
+ ! -name "*.service" \
+ ! -name "*.svg" \
+ ! -name "*.swp" \
+ ! -name "*.tar" \
+ ! -name "*.tar.gz" \
+ ! -name "*.toml" \
+ ! -name "*.ttf" \
+ ! -name "*.txt" \
+ ! -name "*.woff" \
+ ! -name "*.xproto" \
+ ! -name "*.xtarget" \
+ ! -name "*ignore" \
+ ! -name "*rc" \
+ ! -name "*_pb2.py" \
+ ! -name "*_pb2_grpc.py" \
+ ! -name "Dockerfile" \
+ ! -name "Dockerfile.*" \
+ ! -name "go.mod" \
+ ! -name "go.sum" \
+ ! -name "Makefile" \
+ ! -name "Makefile.*" \
+ ! -name "README" \
+ ! -path "*/vendor/*" \
+ ! -path "*conf*" \
+ ! -path "*git*" \
+ ! -path "*swagger*" \
+ ! -path "*.drawio" \
+ ! -name "*.pb.h" \
+ ! -name "*.pb.cc" \
+ ! -name "*/docs/*" \
+ -print0 )
+
+ exit ${fail_licensecheck}
diff --git a/workflows/verify-license-check.yaml b/workflows/verify-license-check.yaml
deleted file mode 100644
index 98f1264..0000000
--- a/workflows/verify-license-check.yaml
+++ /dev/null
@@ -1,176 +0,0 @@
----
-# SPDX-License-Identifier: Apache-2.0
-# SPDX-FileCopyrightText: 2026 The Linux Foundation
-name: Gerrit Verify - License Check
-
-# yamllint disable-line rule:truthy
-on:
- workflow_dispatch:
- inputs:
- # Gerrit-to-Github defaults
- GERRIT_BRANCH:
- description: "Branch that change is against"
- required: true
- type: string
- GERRIT_CHANGE_ID:
- description: "The ID for the change"
- required: true
- type: string
- GERRIT_CHANGE_NUMBER:
- description: "The Gerrit number"
- required: true
- type: string
- GERRIT_CHANGE_URL:
- description: "URL to the change"
- required: true
- type: string
- GERRIT_EVENT_TYPE:
- description: "Type of Gerrit event"
- required: true
- type: string
- GERRIT_PATCHSET_NUMBER:
- description: "The patch number for the change"
- required: true
- type: string
- GERRIT_PATCHSET_REVISION:
- description: "The revision sha"
- required: true
- type: string
- GERRIT_PROJECT:
- description: "Project in Gerrit"
- required: true
- type: string
- GERRIT_REFSPEC:
- description: "Gerrit refspec of change"
- required: true
- type: string
-
-concurrency:
- # yamllint disable-line rule:line-length
- group: verify-license-check-${{ github.workflow }}-${{ github.event.inputs.GERRIT_CHANGE_ID || github.run_id }}
- cancel-in-progress: true
-
-jobs:
- maven-verify:
- runs-on: ubuntu-latest
- steps:
- # yamllint disable-line rule:line-length
- - uses: lfreleng-actions/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9
- with:
- gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
- gerrit-project: ${{ inputs.GERRIT_PROJECT }}
- gerrit-url: ${{ vars.GERRIT_URL }}
- delay: "0s"
- - name: Run licensecheck.sh
- shell: bash
- run: |
- set +e -u -o pipefail
- fail_licensecheck=0
-
- while IFS= read -r -d '' f
- do
- grep -q "Copyright\|Apache License" "${f}"
- rc=$?
- if [[ $rc != 0 ]]; then
- echo "ERROR: $f does not contain License Header"
- fail_licensecheck=1
- fi
- done < <(find . -name ".git" -prune -o -type f \
- -name "*.*" \
- ! -name "*.PNG" \
- ! -name "*.asc" \
- ! -name "*.bat" \
- ! -name "*.bin" \
- ! -name "*.cert" \
- ! -name "*.cfg" \
- ! -name "*.cnf" \
- ! -name "*.conf" \
- ! -name "*.cql" \
- ! -name "*.crt" \
- ! -name "*.csar" \
- ! -name "*.csr" \
- ! -name "*.csv" \
- ! -name "*.ctmpl" \
- ! -name "*.curl" \
- ! -name "*.db" \
- ! -name "*.der" \
- ! -name "*.desc" \
- ! -name "*.diff" \
- ! -name "*.dnsmasq" \
- ! -name "*.do" \
- ! -name "*.docx" \
- ! -name "*.eot" \
- ! -name "*.gif" \
- ! -name "*.gpg" \
- ! -name "*.graffle" \
- ! -name "*.ico" \
- ! -name "*.iml" \
- ! -name "*.in" \
- ! -name "*.inc" \
- ! -name "*.install" \
- ! -name "*.j2" \
- ! -name "*.jar" \
- ! -name "*.jks" \
- ! -name "*.jpg" \
- ! -name "*.json" \
- ! -name "*.jsonld" \
- ! -name "*.JSON" \
- ! -name "*.key" \
- ! -name "*.list" \
- ! -name "*.local" \
- ! -path "*.lock" \
- ! -name "*.log" \
- ! -name "*.mak" \
- ! -name "*.md" \
- ! -name "*.MF" \
- ! -name "*.mk" \
- ! -name "*.oar" \
- ! -name "*.p12" \
- ! -name "*.patch" \
- ! -name "*.pb.go" \
- ! -name "*.pb.gw.go" \
- ! -name "*.pdf" \
- ! -name "*.pcap" \
- ! -name "*.pem" \
- ! -name "*.png" \
- ! -name "*.properties" \
- ! -name "*.proto" \
- ! -name "*.protoset" \
- ! -name "*.pyc" \
- ! -name "*.repo" \
- ! -name "*.robot" \
- ! -name "*.rst" \
- ! -name "*.rules" \
- ! -name "*.service" \
- ! -name "*.svg" \
- ! -name "*.swp" \
- ! -name "*.tar" \
- ! -name "*.tar.gz" \
- ! -name "*.toml" \
- ! -name "*.ttf" \
- ! -name "*.txt" \
- ! -name "*.woff" \
- ! -name "*.xproto" \
- ! -name "*.xtarget" \
- ! -name "*ignore" \
- ! -name "*rc" \
- ! -name "*_pb2.py" \
- ! -name "*_pb2_grpc.py" \
- ! -name "Dockerfile" \
- ! -name "Dockerfile.*" \
- ! -name "go.mod" \
- ! -name "go.sum" \
- ! -name "Makefile" \
- ! -name "Makefile.*" \
- ! -name "README" \
- ! -path "*/vendor/*" \
- ! -path "*conf*" \
- ! -path "*git*" \
- ! -path "*swagger*" \
- ! -path "*.drawio" \
- ! -name "*.pb.h" \
- ! -name "*.pb.cc" \
- ! -name "*/docs/*" \
- -print0 )
-
- exit ${fail_licensecheck}
diff --git a/workflows/verify-maven.yaml b/workflows/verify-maven.yaml
index b24e95a..13961ef 100644
--- a/workflows/verify-maven.yaml
+++ b/workflows/verify-maven.yaml
@@ -54,7 +54,7 @@
description: "Maven version"
required: false
default: "3.8.2"
- type: stringssh://eball@gerrit.lfbroadband.org:29418/shared-workflows
+ type: string
MVN_PARAMS:
description: "Maven parameters to pass to the mvn command"
required: false
diff --git a/workflows/verify-onos-component.yaml b/workflows/verify-onos-component.yaml
new file mode 100644
index 0000000..265e568
--- /dev/null
+++ b/workflows/verify-onos-component.yaml
@@ -0,0 +1,119 @@
+---
+# SPDX-License-Identifier: Apache-2.0
+# SPDX-FileCopyrightText: 2026 The Linux Foundation
+name: Gerrit Verify - License Check
+
+# yamllint disable-line rule:truthy
+on:
+ workflow_dispatch:
+ inputs:
+ # Gerrit-to-Github defaults
+ GERRIT_BRANCH:
+ description: "Branch that change is against"
+ required: true
+ type: string
+ GERRIT_CHANGE_ID:
+ description: "The ID for the change"
+ required: true
+ type: string
+ GERRIT_CHANGE_NUMBER:
+ description: "The Gerrit number"
+ required: true
+ type: string
+ GERRIT_CHANGE_URL:
+ description: "URL to the change"
+ required: true
+ type: string
+ GERRIT_EVENT_TYPE:
+ description: "Type of Gerrit event"
+ required: true
+ type: string
+ GERRIT_PATCHSET_NUMBER:
+ description: "The patch number for the change"
+ required: true
+ type: string
+ GERRIT_PATCHSET_REVISION:
+ description: "The revision sha"
+ required: true
+ type: string
+ GERRIT_PROJECT:
+ description: "Project in Gerrit"
+ required: true
+ type: string
+ GERRIT_REFSPEC:
+ description: "Gerrit refspec of change"
+ required: true
+ type: string
+ comment-only:
+ description: "Make this workflow advisory only, default false"
+ required: false
+ type: string
+ default: "false"
+
+concurrency:
+ # yamllint disable-line rule:line-length
+ group: verify-onos-component-${{ github.workflow }}-${{ github.event.inputs.GERRIT_CHANGE_ID || github.run_id }}
+ cancel-in-progress: true
+
+jobs:
+ prepare:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Clear votes
+ # yamllint disable-line rule:line-length
+ uses: lfreleng-actions/gerrit-review-action@537251ec667665b386f70b330b05446e3fc29087 # v0.9
+ with:
+ host: ${{ vars.GERRIT_SERVER }}
+ username: ${{ vars.GERRIT_SSH_USER }}
+ key: ${{ secrets.GERRIT_SSH_PRIVKEY }}
+ known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }}
+ gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }}
+ gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }}
+ vote-type: clear
+ comment-only: ${{ inputs.comment-only }}
+ - name: Allow replication
+ run: sleep 10s
+
+ verify-onos-component:
+ needs: prepare
+ runs-on: ubuntu-latest
+ steps:
+ # yamllint disable-line rule:line-length
+ - uses: lfreleng-actions/checkout-gerrit-change-action@54d751e8bd167bc91f7d665dabe33fae87aaaa63 # v0.9
+ with:
+ gerrit-refspec: ${{ inputs.GERRIT_REFSPEC }}
+ gerrit-project: ${{ inputs.GERRIT_PROJECT }}
+ gerrit-url: ${{ vars.GERRIT_URL }}
+ delay: "0s"
+ - name: Check License Headers
+ uses: ./.github/actions/license-check-action
+ - name: Run Maven
+ # yamllint disable-line rule:line-length
+ uses: lfreleng-actions/maven-build-action@5be56aed8bed4f0bf9d699f2817eaef37c94ac02 # v0.2.0
+ with:
+ jdk-version: "11"
+ mvn-version: "3.3.9"
+ mvn-phases: "clean test install spotbugs:check"
+ mvn-profiles: "ci-verify"
+
+ vote:
+ if: ${{ always() }}
+ # yamllint enable rule:line-length
+ needs: [prepare, verify-onos-component]
+ runs-on: ubuntu-latest
+ steps:
+ - name: Get conclusion
+ # yamllint disable-line rule:line-length
+ uses: im-open/workflow-conclusion@e4f7c4980600fbe0818173e30931d3550801b992 # v2.2.3
+ - name: Set vote
+ # yamllint disable-line rule:line-length
+ uses: lfreleng-actions/gerrit-review-action@537251ec667665b386f70b330b05446e3fc29087 # v0.9
+ with:
+ host: ${{ vars.GERRIT_SERVER }}
+ username: ${{ vars.GERRIT_SSH_USER }}
+ key: ${{ secrets.GERRIT_SSH_PRIVKEY }}
+ known_hosts: ${{ vars.GERRIT_KNOWN_HOSTS }}
+ gerrit-change-number: ${{ inputs.GERRIT_CHANGE_NUMBER }}
+ gerrit-patchset-number: ${{ inputs.GERRIT_PATCHSET_NUMBER }}
+ vote-type: ${{ env.WORKFLOW_CONCLUSION }}
+ comment-only: ${{ inputs.comment-only }}