[CI] Disable dash-licenses auto-review mode #14145
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Related issue: #14127 The Eclipse Foundation Gitlab token, required for dash-licenses to automatically open IP ticket for suspicious license in dependencies. is about to expire. Until it's replaced, we can have the workflow use the basic mode, where dependecies with suspicious licenses are only listed, and have to be handled offline [1]. [1]: To have dash-licenses help with opening IP tickets automatically e.g. after a PR license check workflow failure. Any committer can generate a token from EF Gitlab at the link below and set it in an environment variable, and then use it when running dash-licenses from their laptop. e.g. theia$ git checkout <PR branch> && yarn theia$ export DASH_LICENSES_PAT="<token>" theia$ yarn license:check:review https://gitlab.eclipse.org/-/user_settings/personal_access_tokens Signed-off-by: Marc Dumais <[email protected]>
marcdumais-work
force-pushed
the
license-check
branch
from
7ad27c8
to
06dc17f
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What it does
Related issue: #14127
The Eclipse Foundation Gitlab token, required for dash-licenses to automatically open IP ticket for suspicious license in dependencies. is about to expire. Until it's replaced, we can have the workflow use the basic mode, where dependecies with suspicious licenses are only listed, and have to be handled offline [1].
[1]: To have dash-licenses help with opening IP tickets automatically
e.g. after a PR license check workflow failure. Any committer can
generate a token from EF Gitlab at the link below and set it in
an environment variable, and then use it when running dash-licenses
from their laptop.
e.g.
theia$ git checkout && yarn
theia$ export DASH_LICENSES_PAT="<token>"
theia$ yarn license:check:review
Create your personal token here, with scopes "api":
https://gitlab.eclipse.org/-/user_settings/personal_access_tokens
How to test
Confirm that the license check for this PR passes (assuming it passes on master) or at least runs to completion and reports suspicious dependencies.
update: to test what happens when there are dependencies that do not pass the dash-license check, I added a temporary commit after performing a
yarn upgradelocally. The License check gracefully failed, as expected:https://github.com/eclipse-theia/theia/actions/runs/10739546336/job/29785551838?pr=14145#step:5:146
update2: temporary commit removed from PR
Follow-ups
This commit could be reverted if a new Gitlab token is set to replace the expired one, saved as a secret in this repo:
secrets.DASH_LICENSES_PATReview checklist
Reminder for reviewers