From 5db3a9bf55da26d6f71b9891a4f66cca7038eebc Mon Sep 17 00:00:00 2001 From: Alex Goodman Date: Thu, 30 Oct 2025 12:14:13 -0400 Subject: [PATCH] add workflow to create PR for spdx license list updates (#4319) Signed-off-by: Alex Goodman --- .../workflows/update-spdx-license-list.yaml | 54 +++++++++++++++++++ .../generate/generate_license_list.go | 6 +-- 2 files changed, 55 insertions(+), 5 deletions(-) create mode 100644 .github/workflows/update-spdx-license-list.yaml diff --git a/.github/workflows/update-spdx-license-list.yaml b/.github/workflows/update-spdx-license-list.yaml new file mode 100644 index 000000000..c3c4d26cf --- /dev/null +++ b/.github/workflows/update-spdx-license-list.yaml @@ -0,0 +1,54 @@ +name: PR to update SPDX license list +on: + schedule: + - cron: "0 6 * * 1" # every monday at 6 AM UTC + + workflow_dispatch: + +permissions: + contents: read + +env: + SLACK_NOTIFICATIONS: true + +jobs: + upgrade-spdx-license-list: + runs-on: ubuntu-latest + if: github.repository == 'anchore/syft' # only run for main repo + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0 + with: + persist-credentials: false + + - name: Bootstrap environment + uses: ./.github/actions/bootstrap + + - run: | + make generate-license-list + + - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a #v2.1.0 + id: generate-token + with: + app_id: ${{ secrets.TOKEN_APP_ID }} + private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }} + + - uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e #v7.0.8 + with: + signoff: true + delete-branch: true + branch: auto/latest-spdx-license-list + labels: dependencies + commit-message: "chore(deps): update SPDX license list" + title: "chore(deps): update SPDX license list" + body: | + Update SPDX license list based on the latest available list from spdx.org + token: ${{ steps.generate-token.outputs.token }} + + - uses: 8398a7/action-slack@77eaa4f1c608a7d68b38af4e3f739dcd8cba273e #v3.19.0 + with: + status: ${{ job.status }} + fields: workflow,eventName,job + text: Syft SPDX license list update failed + env: + SLACK_WEBHOOK_URL: ${{ secrets.SLACK_TOOLBOX_WEBHOOK_URL }} + if: ${{ failure() && env.SLACK_NOTIFICATIONS == 'true' }} diff --git a/internal/spdxlicense/generate/generate_license_list.go b/internal/spdxlicense/generate/generate_license_list.go index 642df1066..68ef4dcd9 100644 --- a/internal/spdxlicense/generate/generate_license_list.go +++ b/internal/spdxlicense/generate/generate_license_list.go @@ -10,7 +10,6 @@ import ( "sort" "strings" "text/template" - "time" ) // This program generates license_list.go. @@ -20,8 +19,7 @@ const ( ) var tmp = template.Must(template.New("").Parse(`// Code generated by go generate; DO NOT EDIT. -// This file was generated by robots at {{ .Timestamp }} -// using data from {{ .URL }} +// This file was generated using data from {{ .URL }} package spdxlicense const Version = {{ printf "%q" .Version }} @@ -78,13 +76,11 @@ func run() error { urlToLicense := buildURLToLicenseMap(result) err = tmp.Execute(f, struct { - Timestamp time.Time URL string Version string LicenseIDs map[string]string URLToLicense map[string]string }{ - Timestamp: time.Now(), URL: url, Version: result.Version, LicenseIDs: licenseIDs,