Add GitHub Actions workflow to automate updating

watson · watson · commit f3b0e5b5a541 · 2025-11-28T11:47:01.000+01:00
diff --git a/.github/scripts/update-3rdparty-licenses.sh b/.github/scripts/update-3rdparty-licenses.sh
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+set -e
+
+if git diff --exit-code LICENSE-3rdparty.csv; then
+  echo "✅ LICENSE-3rdparty.csv is already up to date"
+else
+  echo "📝 LICENSE-3rdparty.csv was modified by license attribution command"
+
+  PR_AUTHOR="${PR_AUTHOR:-}"
+  PR_USER_TYPE="${PR_USER_TYPE:-}"
+
+  if [[ "$PR_USER_TYPE" == "Bot" ]] && [[ "${GITHUB_EVENT_NAME:-}" == "pull_request" ]]; then
+    echo "🤖 Bot-created PR detected. Auto-committing LICENSE-3rdparty.csv changes..."
+
+    git config --local user.email "action@github.com"
+    git config --local user.name "GitHub Action"
+
+    git add LICENSE-3rdparty.csv
+    git commit -m "Update LICENSE-3rdparty.csv"
+
+    git push origin HEAD:${GITHUB_HEAD_REF}
+
+    echo "✅ Successfully committed and pushed LICENSE-3rdparty.csv updates"
+  else
+    echo "❌ The LICENSE-3rdparty.csv file needs to be updated!"
+    echo ""
+    echo "The license attribution command has modified LICENSE-3rdparty.csv."
+    echo ""
+    echo "To fix this issue:"
+    echo "1. Set up dd-license-attribution locally by following the installation instructions in:"
+    echo "   https://github.com/DataDog/dd-license-attribution"
+    echo "2. Run the license CSV generation command locally:"
+    echo "   dd-license-attribution generate-sbom-csv \\"
+    echo "     --no-scancode-strategy \\"
+    echo "     --no-github-sbom-strategy \\"
+    echo "     https://github.com/datadog/dd-trace-js > LICENSE-3rdparty.csv"
+    echo "3. Commit the updated LICENSE-3rdparty.csv file"
+    echo "4. Push your changes"
+    echo ""
+    echo "This helps keep the 3rd-party license information accurate."
+    exit 1
+  fi
+fi
diff --git a/.github/workflows/update-3rdparty-licenses.yml b/.github/workflows/update-3rdparty-licenses.yml
@@ -0,0 +1,81 @@
+name: Update 3rd-party licenses
+
+on:
+  pull_request_target:
+    branches:
+      - master
+    paths:
+      - 'yarn.lock'
+
+jobs:
+  update-3rdparty-licenses:
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: write
+      pull-requests: write
+    env:
+      REPOSITORY_URL: ${{ github.server_url }}/${{ github.repository }}
+    steps:
+      - name: Check out PR branch
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+
+      - name: Get GitHub token with appropriate permissions
+        uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3
+        id: octo-sts
+        with:
+          scope: DataDog
+          policy: dd-trace-js-license-attribution-read
+
+      - name: Set up Python
+        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        with:
+          python-version: '3.14'
+
+      - name: Check out dd-license-attribution
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          repository: DataDog/dd-license-attribution
+          ref: 8a4624fd08a16717ffbf92d389e65fa609a4f067
+          path: dd-license-attribution
+
+      - name: Install dd-license-attribution
+        working-directory: dd-license-attribution
+        run: |
+          pip install .
+
+      - name: Create mirrors.json for PR branch
+        env:
+          DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
+          HEAD_REF: ${{ github.head_ref }}
+        run: |
+          cat > mirrors.json <<EOF
+          [
+            {
+              "original_url": "${REPOSITORY_URL}",
+              "mirror_url": "${REPOSITORY_URL}",
+              "ref_mapping": {
+                "branch:${DEFAULT_BRANCH}": "branch:${HEAD_REF}"
+              }
+            }
+          ]
+          EOF
+
+      - name: Regenerate LICENSE-3rdparty.csv
+        env:
+          GITHUB_TOKEN: ${{ steps.octo-sts.outputs.token }}
+        run: |
+          dd-license-attribution generate-sbom-csv \
+            --use-mirrors=mirrors.json \
+            --no-scancode-strategy \
+            --no-github-sbom-strategy \
+            "${REPOSITORY_URL}" > LICENSE-3rdparty.csv
+
+      - name: Run LICENSE-3rdparty.csv update check
+        env:
+          PR_AUTHOR: ${{ github.event.pull_request.user.login }}
+          PR_USER_TYPE: ${{ github.event.pull_request.user.type }}
+          GITHUB_EVENT_NAME: ${{ github.event_name }}
+        run: ./.github/scripts/update-3rdparty-licenses.sh
