github.com/anchore/syft@v1.38.2/.github/workflows/update-spdx-license-list.yaml (about) 1 name: PR to update SPDX license list 2 on: 3 schedule: 4 - cron: "0 6 * * 1" # every monday at 6 AM UTC 5 6 workflow_dispatch: 7 8 permissions: 9 contents: read 10 11 env: 12 SLACK_NOTIFICATIONS: true 13 14 jobs: 15 upgrade-spdx-license-list: 16 runs-on: ubuntu-latest 17 if: github.repository == 'anchore/syft' # only run for main repo 18 steps: 19 - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 #v6.0.1 20 with: 21 persist-credentials: false 22 23 - name: Bootstrap environment 24 uses: ./.github/actions/bootstrap 25 26 - run: | 27 make generate-license-list 28 29 - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a #v2.1.0 30 id: generate-token 31 with: 32 app_id: ${{ secrets.TOKEN_APP_ID }} 33 private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }} 34 35 - uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 #v7.0.11 36 with: 37 signoff: true 38 delete-branch: true 39 branch: auto/latest-spdx-license-list 40 labels: dependencies 41 commit-message: "chore(deps): update SPDX license list" 42 title: "chore(deps): update SPDX license list" 43 body: | 44 Update SPDX license list based on the latest available list from spdx.org 45 token: ${{ steps.generate-token.outputs.token }} 46 47 - uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e #v3.19.0 48 with: 49 status: ${{ job.status }} 50 fields: workflow,eventName,job 51 text: Syft SPDX license list update failed 52 env: 53 SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }} 54 if: ${{ failure() && env.SLACK_NOTIFICATIONS == 'true' }}