Run licensing, security and best practices checks and generate reports/SBOMs using ORT.
See action.yml
jobs:
ort:
runs-on: ubuntu-latest
steps:
- name: Use HTTPS instead of SSH for Git cloning
run: git config --global url.https://github.com/.insteadOf ssh://git@github.com/
- name: Checkout project
uses: actions/checkout@v3
- name: Run GitHub Action for ORT
uses: oss-review-toolkit/ort-ci-github-action@v1Alternatively, you can also use ORT to download the project sources using Git, Git-repo, Mercurial or Subversion.
jobs:
ort:
runs-on: ubuntu-latest
steps:
- name: Use HTTPS instead of SSH for Git cloning
run: git config --global url.https://github.com/.insteadOf ssh://git@github.com/
- name: Run GitHub Action for ORT
uses: oss-review-toolkit/ort-ci-github-action@v1
with:
vcs-url: 'https://github.com/jshttp/mime-types.git'- Run ORT and analyze only specified package managers
- Run ORT with labels
- Run ORT and fail job on policy violations or security issues
- Run ORT on private repositories
- Run ORT on multiple repositories using a matrix
- Run ORT with a custom global configuration
- Run ORT with a custom Docker image
- Run ORT with PostgreSQL database
- Run only parts of the GitHub Action for ORT
jobs:
ort:
runs-on: ubuntu-latest
steps:
- name: Use HTTPS instead of SSH for Git cloning
run: git config --global url.https://github.com/.insteadOf ssh://git@github.com/
- name: Checkout project
uses: actions/checkout@v3
with:
repository: 'jshttp/mime-types'
- name: Run GitHub Action for ORT
uses: oss-review-toolkit/ort-ci-github-action@v1
with:
allow-dynamic-versions: 'true'
ort-cli-args: '-P ort.analyzer.enabledPackageManagers=NPM,Yarn,Yarn2'Use labels to track scan related info or execute policy rules for specific product, delivery or organization.
jobs:
ort:
runs-on: ubuntu-latest
steps:
- name: Use HTTPS instead of SSH for Git cloning
run: git config --global url.https://github.com/.insteadOf ssh://git@github.com/
- name: Checkout project
uses: actions/checkout@v3
with:
repository: 'jshttp/mime-types'
- name: Run GitHub Action for ORT
uses: oss-review-toolkit/ort-ci-github-action@v1
with:
allow-dynamic-versions: 'true'
ort-cli-analyze-args: >
-l project=oss-project
-l dist=external
-l org=engineering-sdk-xyz-team-germany-berlinSet fail-on to fail the action if:
- policy violations reported by Evaluator exceed the
severeRuleViolationThresholdlevel. - security issues reported by the Advisor exceed the
severeIssueThresholdlevel.
By default severeRuleViolationThreshold and severeIssueThreshold are set to WARNING
but you can change this to for example ERROR in your config.yml.
jobs:
ort:
runs-on: ubuntu-latest
steps:
- name: Use HTTPS instead of SSH for Git cloning
run: git config --global url.https://github.com/.insteadOf ssh://git@github.com/
- name: Checkout project
uses: actions/checkout@v3
with:
repository: 'jshttp/mime-types'
- name: Run GitHub Action for ORT
uses: oss-review-toolkit/ort-ci-github-action@v1
with:
allow-dynamic-versions: 'true'
fail-on: 'violations'To run ORT on private Git repositories, we recommend to:
- Set up an account with read-only access rights
- Use a .netrc file, SSH keys or GitHub tokens for authentication.
jobs:
ort:
runs-on: ubuntu-latest
steps:
- name: Checkout project
uses: actions/checkout@v3
with:
repository: 'jshttp/mime-types'
- name: Add .netrc
run: >
default
login ${{ secrets.NETRC_LOGIN }}
password ${{ secrets.NETRC_PASSWORD }}" > ~/.netrc
- name: Add SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_github
echo "${{ secrets.SSH_PUBLIC_KEY }}" > ~/.ssh/id_github.pub
chmod 600 ~/.ssh/id_github*
cat >>~/.ssh/config <<END
Host github.com
HostName ssh.github.com
User git
Port 443
IdentityFile ~/.ssh/id_github
StrictHostKeyChecking no
END
- name: Run GitHub Action for ORT
uses: oss-review-toolkit/ort-ci-github-action@v1
with:
allow-dynamic-versions: 'true'jobs:
ort:
runs-on: [self-hosted, linux]
name: Run ORT
steps:
- name: Configure proxy server
run: |
https_proxy="http://proxy.example.com:3128/"
http_proxy="http://proxy.example.com:3128/"
printenv >> "$GITHUB_ENV"
- name: Use HTTPS with personal token always for Git cloning
run: |
git config --global url."https://oauth2:${{ secrets.PERSONAL_TOKEN_1 }}@github.com/".insteadOf "ssh://git@github.com/"
git config --global url."https://oauth2:${{ secrets.PERSONAL_TOKEN_2 }}@git.example.com/".insteadOf "ssh://git@git.example.com/"
git config --global url."https://oauth2:${{ secrets.PERSONAL_TOKEN_2 }}@git.example.com/".insteadOf "https://git.example.com/"
- name: Checkout project
uses: actions/checkout@v3
with:
repository: 'example-org/alpha'
ref: 'master'
github-server-url: 'https://git.example.com'
token: ${{ secrets.PERSONAL_TOKEN_2 }}
- name: Run GitHub action for ORT
uses: oss-review-toolkit/ort-ci-github-action@v1
with:
ort-config-repository: 'https://oauth2:${{ secrets.PERSONAL_TOKEN_2 }}@git.example.com/ort-project/ort-config.git'
run: >
cache-dependencies,
metadata-labels,
analyzer,
advisor,
reporter,
upload-resultsjobs:
ort:
strategy:
fail-fast: false
matrix:
include:
- repository: example-org/alpha
sw-name: alpha
- repository: example-org/beta
sw-name: beta
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
repository: ${{ matrix.repository }}
- uses: oss-review-toolkit/ort-ci-github-action@v1
with:
sw-name: ${{ matrix.sw-name }}Use ort-config-repository to specify the location of your ORT global configuration repository.
If ort-config-revision is not automatically latest state of configuration repository will be used.
Alternatively, you can also place your ORT global configuration files in ~/.ort/config
prior to running GitHub Action for ORT.
jobs:
ort:
runs-on: ubuntu-latest
steps:
- name: Use HTTPS instead of SSH for Git cloning
run: git config --global url.https://github.com/.insteadOf ssh://git@github.com/
- name: Checkout project
uses: actions/checkout@v3
with:
repository: 'jshttp/mime-types'
- name: Run GitHub Action for ORT
uses: oss-review-toolkit/ort-ci-github-action@v1
with:
ort-config-repository: 'https://github.com/oss-review-toolkit/ort-config'
ort-config-revision: 'e4ae8f0a2d0415e35d80df0f48dd95c90a992514'jobs:
ort:
runs-on: ubuntu-latest
steps:
- name: Use HTTPS instead of SSH for Git cloning
run: git config --global url.https://github.com/.insteadOf ssh://git@github.com/
- name: Checkout project
uses: actions/checkout@v3
- name: Run GitHub Action for ORT
uses: oss-review-toolkit/ort-ci-github-action@v1
with:
image: 'my-org/ort-images/ort:latest'ORT supports using a PostgreSQL database to caching scan data to speed-up scans.
Use the following action secrets at GitHub org or repository level to specified the database to use:
POSTGRES_URL: 'jdbc:postgresql://ort-db.example.com:5432/ort'POSTGRES_USERNAME: 'ort-db-username'POSTGRES_PASSWORD: 'ort-db-password'
Next, pass these secrets to GitHub Action for ORT:
jobs:
ort:
runs-on: ubuntu-latest
steps:
- name: Use HTTPS instead of SSH for Git cloning
run: git config --global url.https://github.com/.insteadOf ssh://git@github.com/
- name: Checkout project
uses: actions/checkout@v3
with:
repository: 'jshttp/mime-types'
ref: '2.1.35'
- name: Run GitHub Action for ORT
uses: oss-review-toolkit/ort-ci-github-action@v1
with:
db-url: ${{ secrets.POSTGRES_URL }}
db-username: ${{ secrets.POSTGRES_USERNAME }}
db-password: ${{ secrets.POSTGRES_PASSWORD }}
run: 'cache-dependencies,analyzer,scanner,evaluator,advisor,reporter,upload-results'
sw-name: 'Mime Types'
sw-version: '2.1.35'jobs:
ort:
runs-on: ubuntu-latest
steps:
- name: Checkout project
uses: actions/checkout@v3
- name: Run GitHub Action for ORT
uses: oss-review-toolkit/ort-ci-github-action@v1
with:
run: >
cache-dependencies,
metadata-labels,
analyzer,
advisor,
reporter,
upload-results,
upload-evaluation-resultAll contributions are welcome. If you are interested in contributing, please read our contributing guide, and to get quick answers to any of your questions we recommend you join our Slack community.
Copyright (C) 2020-2022 The ORT Project Authors.
See the LICENSE file in the root of this project for license details.
OSS Review Toolkit (ORT) is a Linux Foundation project and part of ACT.