Skip to content

Dependency License Scanning #122

Dependency License Scanning

Dependency License Scanning #122

Workflow file for this run

name: Dependency License Scanning
on:
workflow_dispatch:
schedule:
- cron: '0 0 * * 0' # At 00:00 on Sunday
permissions:
contents: read
jobs:
fossa:
name: Fossa
runs-on: ubuntu-22.04
if: github.event.repository.fork == false
steps:
- name: Checkout
# https://github.com/actions/checkout/releases
# v4.1.1
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
with:
# we don't know what commit the last tag was it's safer to get entire repo so previousStableVersion resolves
fetch-depth: 0
- name: Cache Coursier cache
# https://github.com/coursier/cache-action/releases
# v6.4.5
uses: coursier/cache-action@1ff273bff02a8787bc9f1877d347948af647956d
- name: Set up JDK 17
# https://github.com/coursier/setup-action/releases
# v1.3.5
uses: coursier/setup-action@7bde40eee928896f074dbb76d22dd772eed5c65f
with:
jvm: temurin:1.17
- name: FOSSA policy check
run: |-
curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install-latest.sh | bash
cp .jvmopts-ghactions .jvmopts
sbt "compile; makePom"
fossa analyze && fossa test
env:
FOSSA_API_KEY: "${{secrets.FOSSA_API_KEY}}"