STORY-2234: A DRR user can meet reporting requirements for Settlement… #65

	name: License Scanning for Maven

	on:
	workflow_dispatch:
	push:
	paths:
	- 'pom.xml'
	- '.github/workflows/license-scanning.yml'

	env:
	ALLOW_LICENSES: "'The Apache Software License, Version 2.0' and licenses/license/name!='BSD' and licenses/license/name!='BSD-style license' and licenses/license/name!='Apache License, Version 2.0'"
	REPORT_PATH: "target/generated-resources/licenses.xml"

	jobs:
	scan:
	runs-on: ubuntu-latest
	strategy:
	matrix:
	module-folder: ["./", "./examples", "./rosetta-source", "./rosetta-project", "./distribution"]
	steps:
	- uses: actions/checkout@v3
	- name: Set up JDK 11
	uses: actions/setup-java@v3
	with:
	java-version: 11
	cache: maven
	distribution: 'adopt'
	- name: Install XQ
	run: pip install xq
	- name: Build with Maven
	run: mvn clean install -DskipTests
	- name: License XML report
	run: mvn org.codehaus.mojo:license-maven-plugin:2.0.0:download-licenses
	- name: Validate XML report
	run: \|
	LICENSE_REPORT=`xq "//dependency[licenses/license/name!=${{ env.ALLOW_LICENSES }}]" ./${{ env.REPORT_PATH }}`
	LINES_FOUND=`echo $LICENSE_REPORT \| wc -l`
	echo "License issues found ..."
	if [ $LINES_FOUND -gt 1 ]; then echo $LICENSE_REPORT ; exit -1; fi
	working-directory: ${{ matrix.module-folder }}
	- name: Upload license reports
	uses: actions/upload-artifact@v3
	with:
	name: license-reports
	path: '**/dependencies.html'
	- name: Upload license XML reports
	uses: actions/upload-artifact@v3
	with:
	name: license-xml-report
	path: '**/${{ env.REPORT_PATH }}'

Provide feedback