diff --git a/.asf.yaml b/.asf.yaml index 06a1287b3ca..eb828d3bb41 100644 --- a/.asf.yaml +++ b/.asf.yaml @@ -85,6 +85,7 @@ github: # Actions workflows. They do not include the workflow name as a # prefix contexts: + - rat-check - check-skip - Build Apache Cloudberry RPM - RPM Install Test Apache Cloudberry diff --git a/.github/workflows/apache-rat-audit.yml b/.github/workflows/apache-rat-audit.yml new file mode 100644 index 00000000000..96817e76852 --- /dev/null +++ b/.github/workflows/apache-rat-audit.yml @@ -0,0 +1,154 @@ +# -------------------------------------------------------------------- +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed +# with this work for additional information regarding copyright +# ownership. The ASF licenses this file to You under the Apache +# License, Version 2.0 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a copy of the +# License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. See the License for the specific language governing +# permissions and limitations under the License. +# +# -------------------------------------------------------------------- +# Apache Rat Audit Workflow +# Checks if all files comply with Apache licensing requirements +# This workflow is based on the Apache Rat tool, you can run it locally +# using the command: `mvn clean verify -Drat.consoleOutput=true` +# -------------------------------------------------------------------- + +name: Apache Rat Audit + +on: + push: + branches: [main] + pull_request: + branches: [main] + types: [opened, synchronize, reopened, edited] + workflow_dispatch: + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + rat-check: + name: Apache Rat License Check + runs-on: ubuntu-latest + timeout-minutes: 10 + + steps: + - name: Check out repository + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Set up Java and Maven + uses: actions/setup-java@v3 + with: + distribution: 'temurin' + java-version: '11' + cache: maven + + - name: Run Apache Rat check + id: rat-check + run: | + echo "Running Apache Rat license check..." + mvn clean verify -Drat.consoleOutput=true | tee rat-output.log + + # Check for build failure + if grep -q "\[INFO\] BUILD FAILURE" rat-output.log; then + echo "rat_failed=true" >> $GITHUB_OUTPUT + echo "::error::Apache Rat check failed - build failure detected" + exit 1 + fi + + # If we got here, the check passed + echo "rat_failed=false" >> $GITHUB_OUTPUT + echo "Apache Rat check passed successfully" + + - name: Upload Rat check results + if: always() + uses: actions/upload-artifact@v4 + with: + name: rat-check-results + path: rat-output.log + retention-days: 7 + + - name: Generate Job Summary + if: always() + run: | + { + echo "## Apache Rat Audit Results" + echo "- Run Time: $(date -u +'%Y-%m-%d %H:%M:%S UTC')" + echo "" + + if [[ -f rat-output.log ]]; then + if grep -q "\[INFO\] BUILD FAILURE" rat-output.log; then + echo "### ❌ Check Failed - License Compliance Issues Detected" + echo "" + + # Extract and display summary statistics + if grep -q "Rat check: Summary over all files" rat-output.log; then + echo "#### 📊 License Summary" + summary_line=$(grep "Rat check: Summary over all files" rat-output.log) + echo "\`\`\`" + echo "$summary_line" + echo "\`\`\`" + echo "" + fi + + # Extract and display files with unapproved licenses + if grep -q "Files with unapproved licenses:" rat-output.log; then + echo "#### 🚫 Files with Unapproved Licenses" + echo "\`\`\`" + # Get the line with "Files with unapproved licenses:" and all following lines until the dashed line + sed -n '/Files with unapproved licenses:/,/\[INFO\] ------------------------------------------------------------------------/p' rat-output.log | \ + grep -v "\[INFO\] ------------------------------------------------------------------------" | \ + grep -v "^$" | \ + head -20 + echo "\`\`\`" + echo "" + fi + + # Show build failure context + echo "#### 🔍 Build Failure Details" + echo "\`\`\`" + grep -A 10 "\[INFO\] BUILD FAILURE" rat-output.log | head -15 + echo "\`\`\`" + echo "" + + echo "💡 **How to fix:** Add Apache license headers to the files listed above." + echo "You can run \`mvn clean verify -Drat.consoleOutput=true\` locally to see the full report." + + elif grep -q "\[INFO\] BUILD SUCCESS" rat-output.log; then + echo "### ✅ Check Passed - All Files Comply with Apache License Requirements" + echo "" + + # Show success summary if available + if grep -q "Rat check: Summary over all files" rat-output.log; then + echo "#### 📊 License Summary" + summary_line=$(grep "Rat check: Summary over all files" rat-output.log) + echo "\`\`\`" + echo "$summary_line" + echo "\`\`\`" + fi + + else + echo "### ⚠️ Indeterminate Result" + echo "Check the uploaded log file for details." + fi + else + echo "### ⚠️ No Output Log Found" + echo "The rat-output.log file was not generated." + fi + } >> "$GITHUB_STEP_SUMMARY"