Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sharing reusable Dash action #253

Open
SebastianBezold opened this issue Jul 21, 2023 · 2 comments
Open

Sharing reusable Dash action #253

SebastianBezold opened this issue Jul 21, 2023 · 2 comments

Comments

@SebastianBezold
Copy link

Description

I spent some time to enhance the already great convenience of the dash-license tool and created a
reusable GitHub action in the Eclipse Tractus-X project.

I was wondering, if this could be of interest for other Eclipse projects as well? I could think of mentioning it as an experimental automation in the dash docs, or even transferring it here.

What does the action do?

The action itself is quite simple. It sets up Java, downloads and runs dash on given input. Afterwards, the generated DEPENDENCIES are compared to the existing one and check for being up-to-date or containing rejected or restricted entries.

Since Tractus-X is using a lot of different languages and build tools, I made the action quite flexible and it can be used in basically any scenario. I also added documentation on how to use the action and what can be configured.

I'll actively maintain this action in the foreseeable future, since we already have improvements in mind.

/cc @AngelikaWittek
@HannesWell
Copy link
Contributor

That's a good idea, but we already have that for Maven based builds added via:
#161

and enhanced later one.
But suggestions for enhancements of the workflow or the documentation are of course more than welcome.
The existing workflow is currently tight to Maven builds so I don't know how this would work for your case of many languages, but maybe the workflow can be split/abstracted for re-usable parts.
If you want to propose a PR for that I can review it.

@SebastianBezold
Copy link
Author

Hi @HannesWell,

thanks for the hint. I'll check out the workflow you linked.

The idea of the workflow in Tractus-X for multiple languages/build tools is just to leave the "Dash input generation" up to the user of the action.
The Dash input can be specified via action input variable. So in case you are using a build system with a .lock file (package-lock.json, go.sum, ...) you just specify the filepath to this. In maven cases, you would run mvn dependency:list -DoutputFile=maven.deps ... prior to using the action and feed it with maven.deps in this case.

So the main benefit of our action is the precondition setup for dash (java + download Dash) and the checking for out-of-date, rejected and restricted.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SebastianBezold @HannesWell