License Bundle Generation #131

Workflow file for this run

.github/workflows/license-generation.yml at 3ccd9ad

	name: License Bundle Generation

	permissions:
	contents: write
	id-token: write
	actions: write

	on:
	workflow_dispatch:
	inputs:
	zowe_version:
	description: Version number of Zowe license bundle
	type: string
	required: true
	default: '2.13.0'
	publish_release:
	description: Should the license bundle be published to libs-release-local
	type: boolean
	required: true
	default: false
	overwrite_release:
	description: Should the license bundle overwrite and replace an existing artifact
	type: boolean
	required: false
	default: false
	release_suffix:
	description: Should the license bundle have a suffix (useful during RC testing)
	type: string
	required: false
	default: ''
	zowe_sources_branch:
	description: The branch of zowe-install-packaging used to determine sources included in the scan
	required: true
	default: 'v2.x/rc'
	dummy_build:
	description: Creates empty zip files, bypassing license scans. For test purposes only.
	required: false
	type: choice
	default: 'false'
	options:
	- 'true'
	- 'false'
	ort_log_level:
	description: Set ORT's Log Level. Defaults to 'warn'
	required: false
	type: choice
	default: 'warn'
	options:
	- 'warn'
	- 'info'
	- 'error'
	- 'debug'

	env:
	PUBLISH_RELEASE: ${{ github.event.inputs.publish_release }}
	RELEASE_SUFFIX: ${{ github.event.inputs.release_suffix }}
	REPLACE_EXISTING_RELEASE: ${{ github.event.inputs.replace_release }}
	ZOWE_RELEASE_BRANCH: ${{ github.event.inputs.zowe_sources_branch }}
	PENDING_APPROVAL_REPORT_NAME: dependency_approval_action_aggregates.json
	DEPENDENCY_SCAN_HOME: licenses/dependency-scan
	MARKDOWN_REPORT_NAME: markdown_dependency_report.md
	MARKDOWN_CLI_REPORT: cli_dependency_report.md
	MARKDOWN_VSCODE_REPORT: vscode_dependency_report.md
	MARKDOWN_ZOS_REPORT: zos_dependency_report.md
	NOTICES_AGGREGATE_FILE: notices_aggregate.txt
	NOTICES_CLI_FILE: notices_cli.txt
	NOTICES_VSCODE_FILE: notices_vscode.txt
	NOTICES_ZOS_FILE: notices_zos.txt
	ARTIFACT_PATH: org/zowe/licenses
	ARTIFACT_PATH_SBOM: init_in_step_one
	VERSION: ${{ github.event.inputs.zowe_version }}
	AGG_ARTIFACT_NAME: zowe_licenses_full.zip
	CLI_ARTIFACT_NAME: zowe_licenses_cli.zip
	VSCODE_ARTIFACT_NAME: zowe_licenses_vscode.zip
	ZOS_ARTIFACT_NAME: zowe_licenses_zos.zip
	AGG_SBOM_ARTIFACT_NAME: sbom_aggregate.spdx.yml
	CLI_SBOM_ARTIFACT_NAME: sbom_cli.spdx.yml
	VSCODE_SBOM_ARTIFACT_NAME: sbom_vscode.spdx.yml
	ZOS_SBOM_ARTIFACT_NAME: sbom_zos.spdx.yml
	FILENAME_PATTERN: init_in_step_one
	ARTIFACT_REPO: init_in_step_one
	ARTIFACT_VERSION: init_in_step_one
	ORT_VERSION: 12.0.0
	ORT_LOG_LEVEL: ${{ github.event.inputs.ort_log_level }}

	jobs:

	create-licenses:

	runs-on: ubuntu-latest

	container:
	image: zowe-docker-release.jfrog.io/ompzowe/zowecicd-license-base:latest

	steps:
	- name: Update variables if releasing
	run: \|
	if [ "$PUBLISH_RELEASE" = true ]; then
	echo "ARTIFACT_REPO=libs-release-local" >> $GITHUB_ENV
	echo "ARTIFACT_VERSION=$VERSION" >> $GITHUB_ENV
	echo "ARTIFACT_PATH_SBOM=org/zowe/${{ env.VERSION }}/sbom" >> $GITHUB_ENV
	echo "FILENAME_PATTERN={filename}${{ env.RELEASE_SUFFIX }}{fileext}" >> $GITHUB_ENV
	else
	echo "ARTIFACT_REPO=libs-snapshot-local" >> $GITHUB_ENV
	echo "ARTIFACT_VERSION=$VERSION-SNAPSHOT" >> $GITHUB_ENV
	echo "ARTIFACT_PATH_SBOM=org/zowe/${{ env.VERSION }}-SNAPSHOT/sbom" >> $GITHUB_ENV
	echo "FILENAME_PATTERN={filename}-${{ env.VERSION }}-SNAPSHOT{timestamp}{fileext}" >> $GITHUB_ENV
	fi

	- name: Checkout current repo
	uses: actions/checkout@v4

	- uses: actions/setup-node@v4
	with:
	node-version: '20'

	- name: '[Zowe Actions] Prepare workflow'
	uses: zowe-actions/shared-actions/prepare-workflow@main

	- name: 'Setup jFrog CLI'
	uses: jfrog/setup-jfrog-cli@v4
	env:
	JF_ENV_1: ${{ secrets.JF_ARTIFACTORY_TOKEN }}

	- name: '[TEST-ONLY] Dummy scan step'
	if: ${{ github.event.inputs.dummy_build == 'true' }}
	working-directory: ${{ env.DEPENDENCY_SCAN_HOME }}
	run: \|
	mkdir -p zowe_licenses
	mkdir -p zowe_cli_licenses
	mkdir -p zowe_vscode_licenses
	mkdir -p zowe_zos_licenses
	echo "HI" >> dummy.txt
	cp dummy.txt zowe_licenses
	cp dummy.txt zowe_cli_licenses
	cp dummy.txt zowe_vscode_licenses
	cp dummy.txt zowe_zos_licenses

	zip -j ${{ env.AGG_ARTIFACT_NAME }} zowe_licenses/*
	zip -j ${{ env.CLI_ARTIFACT_NAME }} zowe_cli_licenses/*
	zip -j ${{ env.VSCODE_ARTIFACT_NAME }} zowe_vscode_licenses/*
	zip -j ${{ env.ZOS_ARTIFACT_NAME }} zowe_zos_licenses/*
	echo "" > ${{ env.AGG_SBOM_ARTIFACT_NAME }}
	echo "" > ${{ env.CLI_SBOM_ARTIFACT_NAME }}
	echo "" > ${{ env.VSCODE_SBOM_ARTIFACT_NAME }}
	echo "" > ${{ env.ZOS_SBOM_ARTIFACT_NAME }}


	- name: Scan Licenses on Branch ${{ env.ZOWE_RELEASE_BRANCH }}
	if: ${{ github.event.inputs.dummy_build == 'false' }}
	env:
	APP_NOTICES_SCAN: true
	APP_LICENSE_SCAN: true
	ZOWE_MANIFEST_BRANCH: ${{ env.ZOWE_RELEASE_BRANCH }}
	working-directory: ${{ env.DEPENDENCY_SCAN_HOME }}
	run: \|
	# Rustup is set to default in the container, but it's not picked up in this run block
	rustup default stable
	yarn install && yarn build
	node lib/index.js
	cd build
	zip -r logs.zip logs/
	zip -r license_reports.zip license_reports/
	zip -r notice_reports.zip notice_reports/
	cd ..
	mkdir -p zowe_licenses
	mkdir -p zowe_cli_licenses
	mkdir -p zowe_vscode_licenses
	mkdir -p zowe_zos_licenses
	cp ../resources/* zowe_licenses/
	cp ../resources/* zowe_cli_licenses/
	cp ../resources/* zowe_vscode_licenses/
	cp ../resources/* zowe_zos_licenses/

	zip -r logs.zip build/logs/*

	# Aggregate
	cp build/notice_reports/${{ env.NOTICES_AGGREGATE_FILE }} zowe_licenses/zowe_full_notices.txt
	cp build/license_reports/${{ env.MARKDOWN_REPORT_NAME }} zowe_licenses/zowe_full_dependency_list.md
	zip -j ${{ env.AGG_ARTIFACT_NAME }} zowe_licenses/*

	# CLI
	cp build/notice_reports/${{ env.NOTICES_CLI_FILE }} zowe_cli_licenses/zowe_cli_notices.txt
	cp build/license_reports/${{ env.MARKDOWN_CLI_REPORT }} zowe_cli_licenses/zowe_cli_dependency_list.md
	zip -j ${{ env.CLI_ARTIFACT_NAME }} zowe_cli_licenses/*

	# VSCode
	cp build/notice_reports/${{ env.NOTICES_VSCODE_FILE }} zowe_vscode_licenses/zowe_vscode_notices.txt
	cp build/license_reports/${{ env.MARKDOWN_VSCODE_REPORT }} zowe_vscode_licenses/zowe_vscode_dependency_list.md
	zip -j ${{ env.VSCODE_ARTIFACT_NAME }} zowe_vscode_licenses/*

	# z/OS
	cp build/notice_reports/${{ env.NOTICES_ZOS_FILE }} zowe_zos_licenses/zowe_zos_notices.txt
	cp build/license_reports/${{ env.MARKDOWN_ZOS_REPORT }} zowe_zos_licenses/zowe_zos_dependency_list.md
	zip -j ${{ env.ZOS_ARTIFACT_NAME }} zowe_zos_licenses/*

	# SBOMs
	cp build/sbom_reports/${{ env.AGG_SBOM_ARTIFACT_NAME }} ${{ env.AGG_SBOM_ARTIFACT_NAME }}
	cp build/sbom_reports/${{ env.CLI_SBOM_ARTIFACT_NAME }} ${{ env.CLI_SBOM_ARTIFACT_NAME }}
	cp build/sbom_reports/${{ env.VSCODE_SBOM_ARTIFACT_NAME }} ${{ env.VSCODE_SBOM_ARTIFACT_NAME }}
	cp build/sbom_reports/${{ env.ZOS_SBOM_ARTIFACT_NAME }} ${{ env.ZOS_SBOM_ARTIFACT_NAME }}



	- name: Remove existing artifacts
	id: cleanup
	if: ${{ github.event.inputs.publish_release }} && ${{ github.event.inputs.overwrite_release }}
	run: \|
	jfrog rt del \
	--user ${{ secrets.ZOWE_JFROG_ELEVATED_USER }} \
	--password ${{secrets.ZOWE_JFROG_ELEVATED_KEY }} \
	--url https://zowe.jfrog.io/artifactory \
	${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/${{ env.AGG_ARTIFACT_NAME }}
	jfrog rt del \
	--user ${{ secrets.ZOWE_JFROG_ELEVATED_USER }} \
	--password ${{secrets.ZOWE_JFROG_ELEVATED_KEY }} \
	--url https://zowe.jfrog.io/artifactory \
	${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/${{ env.CLI_ARTIFACT_NAME }}
	jfrog rt del\
	--user ${{ secrets.ZOWE_JFROG_ELEVATED_USER }} \
	--password ${{secrets.ZOWE_JFROG_ELEVATED_KEY }} \
	--url https://zowe.jfrog.io/artifactory \
	${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/${{ env.VSCODE_ARTIFACT_NAME }}
	jfrog rt del\
	--user ${{ secrets.ZOWE_JFROG_ELEVATED_USER }} \
	--password ${{secrets.ZOWE_JFROG_ELEVATED_KEY }} \
	--url https://zowe.jfrog.io/artifactory \
	${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/${{ env.ZOS_ARTIFACT_NAME }}
	jfrog rt del\
	--user ${{ secrets.ZOWE_JFROG_ELEVATED_USER }} \
	--password ${{secrets.ZOWE_JFROG_ELEVATED_KEY }} \
	--url https://zowe.jfrog.io/artifactory \
	${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/${{ env.AGG_SBOM_ARTIFACT_NAME }}
	jfrog rt del\
	--user ${{ secrets.ZOWE_JFROG_ELEVATED_USER }} \
	--password ${{secrets.ZOWE_JFROG_ELEVATED_KEY }} \
	--url https://zowe.jfrog.io/artifactory \
	${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/${{ env.CLI_SBOM_ARTIFACT_NAME }}
	jfrog rt del\
	--user ${{ secrets.ZOWE_JFROG_ELEVATED_USER }} \
	--password ${{secrets.ZOWE_JFROG_ELEVATED_KEY }} \
	--url https://zowe.jfrog.io/artifactory \
	${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/${{ env.VSCODE_SBOM_ARTIFACT_NAME }}
	jfrog rt del\
	--user ${{ secrets.ZOWE_JFROG_ELEVATED_USER }} \
	--password ${{secrets.ZOWE_JFROG_ELEVATED_KEY }} \
	--url https://zowe.jfrog.io/artifactory \
	${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/${{ env.ZOS_SBOM_ARTIFACT_NAME }}

	- name: '[PUBLISH] Fix local git configuration (container+runner UID mismatch)'
	if: ${{ github.event.inputs.publish_release }}
	id: debug-git
	run: \|
	git config --global --add safe.directory /__w/zowe-dependency-scan-pipeline/zowe-dependency-scan-pipeline

	- name: Publish to Artifactory
	id: publish-license
	timeout-minutes: 10
	uses: zowe-actions/shared-actions/publish@main
	with:
	publish-target-file-pattern: ${{ env.FILENAME_PATTERN }}
	publish-target-path-pattern: ${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH }}/${{ env.ARTIFACT_VERSION }}/
	perform-release: ${{ env.PUBLISH_RELEASE }}
	sigstore-sign-artifacts: true
	artifacts: \|
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.AGG_ARTIFACT_NAME }}
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.CLI_ARTIFACT_NAME }}
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.VSCODE_ARTIFACT_NAME }}
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.ZOS_ARTIFACT_NAME }}

	- name: Publish to Artifactory
	id: publish-sbom
	timeout-minutes: 10
	uses: zowe-actions/shared-actions/publish@main
	with:
	publish-target-file-pattern: ${{ env.FILENAME_PATTERN }}
	publish-target-path-pattern: ${{ env.ARTIFACT_REPO }}/${{ env.ARTIFACT_PATH_SBOM }}/ # version is embedded in the path_sbom var
	perform-release: ${{ env.PUBLISH_RELEASE }}
	sigstore-sign-artifacts: true
	artifacts: \|
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.AGG_SBOM_ARTIFACT_NAME }}
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.CLI_SBOM_ARTIFACT_NAME }}
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.VSCODE_SBOM_ARTIFACT_NAME }}
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.ZOS_SBOM_ARTIFACT_NAME }}

	- name: Archive Aggregates
	uses: actions/upload-artifact@v4
	if: ${{ always() }}
	with:
	path: \|
	${{ env.DEPENDENCY_SCAN_HOME }}/logs.zip
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.AGG_ARTIFACT_NAME }}
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.AGG_ARTIFACT_NAME }}.bundle
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.CLI_ARTIFACT_NAME }}
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.CLI_ARTIFACT_NAME }}.bundle
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.VSCODE_ARTIFACT_NAME }}
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.VSCODE_ARTIFACT_NAME }}.bundle
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.ZOS_ARTIFACT_NAME }}
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.ZOS_ARTIFACT_NAME }}.bundle
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.AGG_SBOM_ARTIFACT_NAME }}
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.AGG_SBOM_ARTIFACT_NAME }}.bundle
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.CLI_SBOM_ARTIFACT_NAME }}
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.CLI_SBOM_ARTIFACT_NAME }}.bundle
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.VSCODE_SBOM_ARTIFACT_NAME }}
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.VSCODE_SBOM_ARTIFACT_NAME }}.bundle
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.ZOS_SBOM_ARTIFACT_NAME }}
	${{ env.DEPENDENCY_SCAN_HOME }}/${{ env.ZOS_SBOM_ARTIFACT_NAME }}.bundle

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

License Bundle Generation #131

Workflow file

License Bundle Generation #131

Jobs

Run details

Workflow file for this run