From f30bf82eccfb76719ad813330aa36ae60c350b65 Mon Sep 17 00:00:00 2001
From: Takashi Masuda <masutaka.net@gmail.com>
Date: Fri, 29 Nov 2024 13:37:58 +0900
Subject: [PATCH] Introduce License Finder to CI

---
 .github/workflows/license-frontend.yml | 110 +++++++++++++++++++++++++
 1 file changed, 110 insertions(+)
 create mode 100644 .github/workflows/license-frontend.yml

diff --git a/.github/workflows/license-frontend.yml b/.github/workflows/license-frontend.yml
new file mode 100644
index 000000000..d6959df18
--- /dev/null
+++ b/.github/workflows/license-frontend.yml
@@ -0,0 +1,110 @@
+name: License Compliance for frontend
+
+# ## Summary
+#
+# This workflow runs the license_finder CLI only when it detects an update to files related to the License Finder.
+# It also updates $LICENSE_REPORT and git commit.
+#
+# When triggered by a PR from a forked repository, $LICENSE_REPORT is not updated.
+# When triggered by a push to the default branch, $LICENSE_REPORT is not updated either.
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+
+env:
+  working-directory: frontend
+
+jobs:
+  license_finder:
+    runs-on: ubuntu-latest
+    concurrency:
+      group: ${{ github.workflow }}-${{ github.ref }}
+      cancel-in-progress: true
+    timeout-minutes: 10
+    env:
+      LICENSE_REPORT: docs/packages-license.md
+    steps:
+      - name: Check if running in a fork
+        id: fork-check
+        run: echo "is_fork=${{ github.event.pull_request.head.repo.fork }}" >> "$GITHUB_OUTPUT"
+      - name: Create GitHub App Token for non-fork PRs
+        uses: actions/create-github-app-token@v1
+        if: steps.fork-check.outputs.is_fork != 'true'
+        id: app-token
+        with:
+          app-id: ${{ vars.CI_TRIGGER_APP_ID }}
+          private-key: ${{ secrets.CI_TRIGGER_APP_PRIVATE_KEY }}
+      - name: Checkout code for non-fork PRs
+        if: steps.fork-check.outputs.is_fork != 'true'
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          token: ${{ steps.app-token.outputs.token }}
+      - name: Checkout code for forked PRs
+        if: steps.fork-check.outputs.is_fork == 'true'
+        uses: actions/checkout@v4
+      # To make the success of this job a prerequisite for merging into the main branch,
+      # set a filter here instead of on: to determine whether or not to proceed to the next step.
+      - name: Cache dependency files
+        uses: actions/cache@v4
+        id: cache
+        with:
+          path: |
+            .github/workflows/license-frontend.yml
+            frontend/config/dependency_decisions.yml
+            frontend/config/license_finder.yml
+            frontend/package.json
+            frontend/pnpm-lock.yaml
+          key: license-frontend-${{ runner.os }}-${{ hashFiles('.github/workflows/license-frontend.yml', 'frontend/config/dependency_decisions.yml', 'frontend/config/license_finder.yml', 'frontend/package.json', 'frontend/pnpm-lock.yaml') }}
+      - name: Determine if files changed
+        id: determine
+        run: |
+          if [ "${{ steps.cache.outputs.cache-hit }}" = 'true' ]; then
+            echo "files_changed=false" >> "$GITHUB_OUTPUT"
+          else
+            echo "files_changed=true" >> "$GITHUB_OUTPUT"
+          fi
+      - uses: ./.github/actions/pnpm-setup
+        if: steps.determine.outputs.files_changed == 'true'
+        with:
+          working-directory: ${{ env.working-directory }}
+      - uses: ruby/setup-ruby@v1
+        if: steps.determine.outputs.files_changed == 'true'
+        with:
+          ruby-version: '3.3'
+      - name: Install License Finder
+        if: steps.determine.outputs.files_changed == 'true'
+        run: gem install -N license_finder
+      - name: Run License Finder
+        if: steps.determine.outputs.files_changed == 'true'
+        run: license_finder
+        working-directory: ${{ env.working-directory }}
+
+      # Commit the License Finder report as docs/packages-license.md
+      - name: Generate license report
+        if: |
+          steps.fork-check.outputs.is_fork != 'true'
+          && steps.determine.outputs.files_changed == 'true'
+          && github.ref_name != github.event.repository.default_branch
+        run: |
+          mkdir -p "$(dirname "$LICENSE_REPORT")"
+          license_finder report --format=markdown | tail -n +2 > "$LICENSE_REPORT"
+        working-directory: ${{ env.working-directory }}
+      - name: Commit license report and push
+        if: |
+          steps.fork-check.outputs.is_fork != 'true'
+          && steps.determine.outputs.files_changed == 'true'
+          && github.ref_name != github.event.repository.default_branch
+        run: |
+          git config user.name 'github-actions[bot]'
+          git config user.email 'github-actions[bot]@users.noreply.github.com'
+          git add "$LICENSE_REPORT"
+          git commit -m "Update $LICENSE_REPORT"
+          git push origin "$BRANCH_NAME"
+        env:
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+          BRANCH_NAME: ${{ github.event.pull_request.head.ref }}
+        working-directory: ${{ env.working-directory }}