[CI] Disable dash-licenses auto-review mode #14145
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What it does
Related issue: #14127
The Eclipse Foundation Gitlab token, required for dash-licenses to automatically open IP ticket for suspicious license in dependencies. is about to expire. Until it's replaced, we can have the workflow use the basic mode, where dependecies with suspicious licenses are only listed, and have to be handled offline [1].
[1]: To have dash-licenses help with opening IP tickets automatically
e.g. after a PR license check workflow failure. Any committer can
generate a token from EF Gitlab at the link below and set it in
an environment variable, and then use it when running dash-licenses
from their laptop.
e.g.
theia$ git checkout && yarn
theia$ export DASH_LICENSES_PAT="<token>"
theia$ yarn license:check:review
Create your personal token here, with scopes "api":
https://gitlab.eclipse.org/-/user_settings/personal_access_tokens
How to test
Confirm that the license check for this PR passes (assuming it passes on master) or at least runs to completion and reports suspicious dependencies.
update: to test what happens when there are dependencies that do not pass the dash-license check, I added a temporary commit after performing a
yarn upgrade
locally. The License check gracefully failed, as expected:https://github.com/eclipse-theia/theia/actions/runs/10739546336/job/29785551838?pr=14145#step:5:146
update2: temporary commit removed from PR
Follow-ups
This commit could be reverted if a new Gitlab token is set to replace the expired one, saved as a secret in this repo:
secrets.DASH_LICENSES_PAT
Review checklist
Reminder for reviewers