Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CI] Disable dash-licenses auto-review mode #14145

Merged
merged 1 commit into from
Nov 22, 2024
Merged

Conversation

marcdumais-work
Copy link
Contributor

@marcdumais-work marcdumais-work commented Sep 6, 2024

What it does

Related issue: #14127

The Eclipse Foundation Gitlab token, required for dash-licenses to automatically open IP ticket for suspicious license in dependencies. is about to expire. Until it's replaced, we can have the workflow use the basic mode, where dependecies with suspicious licenses are only listed, and have to be handled offline [1].

[1]: To have dash-licenses help with opening IP tickets automatically
e.g. after a PR license check workflow failure. Any committer can
generate a token from EF Gitlab at the link below and set it in
an environment variable, and then use it when running dash-licenses
from their laptop.

e.g.

theia$ git checkout && yarn
theia$ export DASH_LICENSES_PAT="<token>"
theia$ yarn license:check:review

Create your personal token here, with scopes "api":
https://gitlab.eclipse.org/-/user_settings/personal_access_tokens

How to test

Confirm that the license check for this PR passes (assuming it passes on master) or at least runs to completion and reports suspicious dependencies.

update: to test what happens when there are dependencies that do not pass the dash-license check, I added a temporary commit after performing a yarn upgrade locally. The License check gracefully failed, as expected:
https://github.com/eclipse-theia/theia/actions/runs/10739546336/job/29785551838?pr=14145#step:5:146

update2: temporary commit removed from PR

Follow-ups

This commit could be reverted if a new Gitlab token is set to replace the expired one, saved as a secret in this repo: secrets.DASH_LICENSES_PAT

Review checklist

Reminder for reviewers

Related issue: #14127

The Eclipse Foundation Gitlab token, required for dash-licenses to
automatically open IP ticket for suspicious license in dependencies.
is about to expire. Until it's replaced, we can have the workflow use
the basic mode, where dependecies with suspicious licenses are only
listed, and have to be handled offline [1].

[1]: To have dash-licenses help with opening IP tickets automatically
     e.g. after a PR license check workflow failure. Any committer can
     generate a token from EF Gitlab at the link below and set it in
     an environment variable, and then use it when running dash-licenses
     from their laptop.

e.g.

theia$ git checkout <PR branch> && yarn
theia$ export DASH_LICENSES_PAT="<token>"
theia$ yarn license:check:review

https://gitlab.eclipse.org/-/user_settings/personal_access_tokens

Signed-off-by: Marc Dumais <[email protected]>
@marcdumais-work marcdumais-work merged commit 0556d2a into master Nov 22, 2024
21 checks passed
@marcdumais-work marcdumais-work deleted the license-check branch November 22, 2024 12:46
@github-actions github-actions bot added this to the 1.56.0 milestone Nov 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: Done
Development

Successfully merging this pull request may close these issues.

2 participants