Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: add verify-spdx-headers action #4912

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

ci: add verify-spdx-headers action #4912

wants to merge 2 commits into from

Conversation

hai1337
Copy link
Contributor

@hai1337 hai1337 commented Mar 7, 2025

Add SPDX header verification to the CI pipeline. This action will check all changed files for SPDX headers and verify that the license and copyright holders are correct.

The original script from the recommended repo did not seem to fit our needs out of the box. so we decided to bring the script into the cve-bin-tool repo and adapt it. We could have others contribute to the original repo to fix these issues in the future.

Some changes include:

  • Scanning files in addition to directories
  • Verifying copyright holders
  • Adding docstrings
  • Fixing warnings
  • Improving code quality and robustness
  • Adding typing

Co-authored-by: Thomas, Hailee [email protected]
Signed-off-by: Patel, Narendra [email protected]
Signed-off-by: Courier, Taylor [email protected]

fixes: #4219

@jesusrmenchaca @hai1337
ci: add verify-spdx-headers action
66dc9c4 
Add SPDX header verification to the CI pipeline. This action will check
all changed files for SPDX headers and verify that the license and
copyright holders are correct.

Co-authored-by: Thomas, Hailee <[email protected]>
Signed-off-by: Patel, Narendra <[email protected]>
Signed-off-by: Courier, Taylor <[email protected]>

fixes: intel#4219
@hai1337 hai1337 added the CI Related to our continuous integration service (GitHub Actions) label Mar 7, 2025
terriko
terriko reviewed Mar 7, 2025
View reviewed changes
Copy link
Contributor

@terriko terriko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ooh, this is looking promising. I probably can't actually merge this until I file the appropriate paperwork with OSPDT but the license looks compatible so it probably won't be an issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@terriko terriko terriko left review comments

Assignees
No one assigned
Labels
CI Related to our continuous integration service (GitHub Actions)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ci: Copyright + SPDX license header checker
3 participants
@hai1337 @terriko @jesusrmenchaca