Sealjay/oss-compliance.yml

## oss-compliance.yml
name: OSS Licence Compliance
on:
  workflow_dispatch:
  pull_request:
    types: [assigned, opened, reopened]
  push:
    branches:
      - main
    paths-ignore:
      - "docs/**"
      - "README.md"
jobs:
  scanleft:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - name: Cache vdb
        uses: actions/cache@v2
        with:
          path: |
            ${{ github.workspace }}/vdb
          key: ${{ runner.os }}
      - name: Scan for licence compliance (slcan.io)
        uses: ShiftLeftSecurity/scan-action@master
        with:
          type: "credscan,python,depscan"
        env:
          VDB_HOME: ${{ github.workspace }}/vdb
          WORKSPACE: https://github.com/${{ github.repository }}/blob/${{ github.sha }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          SCAN_AUTO_BUILD: true
      - name: Upload scan reports
        uses: actions/upload-artifact@v1.0.0
        with:
          name: shiftleft-scan-reports
          path: reports
  pylicence:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-python@v2
      - uses: actions/cache@v2
        with:
          path: ~/.cache/pip
          key: ${{ runner.os }}-${{ hashFiles('**/requirements*.txt') }}
          restore-keys: |
            ${{ runner.os }}-pip-
      - name: Install dependencies
        run: |
          python -m pip install --upgrade pip
          python -m pip install -r requirements.txt
      - name: License Checker from py-liccheck
        uses: andersy005/gh-action-py-liccheck@main
        with:
          strategy-ini-file: ./pyproject.toml
          level: standard
          requirements-txt-file: ./requirements.txt
          no-deps: true
	name: OSS Licence Compliance
	on:
	workflow_dispatch:
	pull_request:
	types: [assigned, opened, reopened]
	push:
	branches:
	- main
	paths-ignore:
	- "docs/**"
	- "README.md"
	jobs:
	scanleft:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2
	- name: Cache vdb
	uses: actions/cache@v2
	with:
	path: \|
	${{ github.workspace }}/vdb
	key: ${{ runner.os }}
	- name: Scan for licence compliance (slcan.io)
	uses: ShiftLeftSecurity/scan-action@master
	with:
	type: "credscan,python,depscan"
	env:
	VDB_HOME: ${{ github.workspace }}/vdb
	WORKSPACE: https://github.com/${{ github.repository }}/blob/${{ github.sha }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	SCAN_AUTO_BUILD: true
	- name: Upload scan reports
	uses: actions/upload-artifact@v1.0.0
	with:
	name: shiftleft-scan-reports
	path: reports
	pylicence:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v2
	- uses: actions/setup-python@v2
	- uses: actions/cache@v2
	with:
	path: ~/.cache/pip
	key: ${{ runner.os }}-${{ hashFiles('*/requirements.txt') }}
	restore-keys: \|
	${{ runner.os }}-pip-
	- name: Install dependencies
	run: \|
	python -m pip install --upgrade pip
	python -m pip install -r requirements.txt
	- name: License Checker from py-liccheck
	uses: andersy005/gh-action-py-liccheck@main
	with:
	strategy-ini-file: ./pyproject.toml
	level: standard
	requirements-txt-file: ./requirements.txt
	no-deps: true