superset2/.github/workflows/generate-FOSSA-report.yml

name: Generate FOSSA report

on:
  push:
    branches:
      - "master"
      - "[0-9].[0-9]*"

permissions:
  contents: read

jobs:
  config:
    runs-on: ubuntu-24.04
    outputs:
      has-secrets: ${{ steps.check.outputs.has-secrets }}
    steps:
      - name: "Check for secrets"
        id: check
        shell: bash
        run: |
          if [ -n "${FOSSA_API_KEY}" ]; then
            echo "has-secrets=1" >> "$GITHUB_OUTPUT"
          fi

        env:
          FOSSA_API_KEY: ${{ (secrets.FOSSA_API_KEY != '' ) || '' }}
  license_check:
    needs: config
    if: needs.config.outputs.has-secrets
    name: Generate Report
    runs-on: ubuntu-24.04
    steps:
      - name: "Checkout ${{ github.ref }} ( ${{ github.sha }} )"
        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
        with:
          persist-credentials: false
          submodules: recursive
      - name: Setup Java
        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
        with:
          distribution: "temurin"
          java-version: "11"
      - name: Generate fossa report
        env:
          FOSSA_API_KEY: ${{ secrets.FOSSA_API_KEY }}
        run: |
          set -eo pipefail
          if [[ "${{github.event_name}}" != "pull_request" ]]; then
            ./scripts/fossa.sh
            exit 0
          fi

          URL="https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/files"
          FILES=$(curl -s -X GET -G $URL | jq -r '.[] | .filename')

          cat<<EOF
          CHANGED FILES:
          $FILES

          EOF

          if [[ "${FILES}" =~ (.*package*\.json|requirements\/[a-z_-]+\.txt|setup\.py) ]]; then
            echo "Detected dependency changes... running fossa check"

            ./scripts/fossa.sh
          else
            echo "No dependency changes... skiping fossa check"
          fi
        shell: bash