compliance.yml

name: Compliance Checks

on:
  push:
    paths:
      - 'pyproject.toml'
  schedule:
    - cron: '0 0 * * *'  # every day at midnight

env:
  SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
  SLACK_ALERT_CHANNEL: "#dc-alerts"

jobs:
  check-license-compliance:
    name: Check license compliance
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c
        with:
          python-version: "3.10"

      - name: Install prod dependencies
        run: |
          pip install hatch==v1.7.0
          hatch run tools:requirements
          pip install -r requirements.txt

      - name: Create file with full dependency list
        run: |
          pip freeze > requirements-full.txt

      - name: Send license report to Fossa
        # This will collect all necessary information (mostly used dependencies) and send it to the Fossa API
        uses: fossas/fossa-action@47ef11b1e1e3812e88dae436ccbd2d0cbd1adab0 # Use a specific version if locking is preferred
        with:
          api-key: ${{ secrets.FOSSA_LICENSE_SCAN_TOKEN }}

      - name: Check license compliance
        # This will poll the Fossa API until they have processed the information which we've sent in the previous step
        # and fail if Fossa found an issue with the licences of our dependencies.
        uses: fossas/fossa-action@47ef11b1e1e3812e88dae436ccbd2d0cbd1adab0 # Use a specific version if locking is preferred
        with:
          api-key: ${{ secrets.FOSSA_LICENSE_SCAN_TOKEN }}
          run-tests: true

      - name: Send Slack notification if license check failed
        uses: act10ns/slack@44541246747a30eb3102d87f7a4cc5471b0ffb7d
        if: failure() && github.ref == 'refs/heads/main'
        with:
          status: ${{ job.status }}
          channel: ${{ env.SLACK_ALERT_CHANNEL }}