Skip to content

feat(ci): auto-regenerate license files on dependabot PRs#1585

Merged
olexii4 merged 1 commit into
mainfrom
auto-regenerate-licenses
Jun 3, 2026
Merged

feat(ci): auto-regenerate license files on dependabot PRs#1585
olexii4 merged 1 commit into
mainfrom
auto-regenerate-licenses

Conversation

@olexii4

@olexii4 olexii4 commented May 25, 2026

Copy link
Copy Markdown
Contributor

What does this PR do?

Inspired by devfile/devworkspace-generator#387, which introduced the same pattern for the devworkspace-generator project.

Adds .github/workflows/dependabot-license.yml — a GitHub Actions workflow that automatically regenerates license dependency files whenever Dependabot opens or updates a PR against main.

Previously, every Dependabot bump required a manual follow-up commit to re-run yarn license:generate and update .deps/prod.md, .deps/dev.md, and the EXCLUDED files. This workflow eliminates that manual step.

How it works

The workflow runs only on PRs authored by dependabot[bot] targeting main:

  1. Runs yarn license:generate (license-tool --harvest) — requests ClearlyDefined to harvest any packages it does not yet know about, and classifies transitive unresolved deps automatically.
  2. If unresolved deps remain (exit code ≠ 0 and .deps/problems.md exists):
    • Parses problems.md to identify each unresolved package and whether it belongs to the production or development section.
    • Constructs the ClearlyDefined URL for each package:
      • Scoped (@scope/name@ver) → https://clearlydefined.io/definitions/npm/npmjs/@scope/name/ver
      • Unscoped (name@ver) → https://clearlydefined.io/definitions/npm/npmjs/-/name/ver
    • Appends the entry to .deps/EXCLUDED/prod.md or .deps/EXCLUDED/dev.md (skipping duplicates):
      | `@isaacs/brace-expansion@5.0.1` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/@isaacs/brace-expansion/5.0.1) |
      | `cronstrue@3.13.0` | [clearlydefined](https://clearlydefined.io/definitions/npm/npmjs/-/cronstrue/3.13.0) |
      
  3. Retries yarn license:generate — up to 3 attempts total.
  4. Commits and pushes the updated .deps/ files back to the Dependabot branch (chore(deps): regenerate license dependency files). If .deps/ is unchanged the commit step is skipped.

Screenshot/screencast of this PR

N/A — CI-only change.


What issues does this PR fix or reference?

  • Eliminates the manual yarn license:generate follow-up commit required after every Dependabot dependency bump.
  • Ensures .deps/prod.md, .deps/dev.md, and the EXCLUDED files are always up to date before the dash-licenses check in pr.yml runs.
  • Inspired by devfile/devworkspace-generator#387.

Is it tested? How?

  1. Workflow syntax validated with actionlint (no errors).
  2. The pkg_to_cd_url bash function was tested locally against the known-good examples from the existing EXCLUDED files:
    • @isaacs/brace-expansion@5.0.1https://clearlydefined.io/definitions/npm/npmjs/@isaacs/brace-expansion/5.0.1
    • cronstrue@3.13.0https://clearlydefined.io/definitions/npm/npmjs/-/cronstrue/3.13.0
  3. End-to-end: trigger by opening a test Dependabot PR against main and confirm the workflow commits the updated .deps/ files.

@olexii4 olexii4 requested a review from svor May 25, 2026 15:11
@olexii4 olexii4 requested review from akurinnoy and ibuziuk as code owners May 25, 2026 15:11
@che-bot

che-bot commented May 25, 2026

Copy link
Copy Markdown
Contributor

Click here to review and test in web IDE: Contribute

@github-actions

Copy link
Copy Markdown

Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1585 (linux/amd64, linux/arm64)

kubectl patch command
kubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1585", name: che-dashboard}]}}]"

@olexii4 olexii4 force-pushed the auto-regenerate-licenses branch from 46db825 to cbc228b Compare May 25, 2026 15:29
- Add dependabot-license.yml: runs yarn license:generate --harvest on
  dependabot PRs, parses problems.md, adds unresolved deps to EXCLUDED
  files with ClearlyDefined URLs, retries up to 3 times, then commits
  .deps/
- Skip dash-licenses job in pr.yml for dependabot PRs — dependabot-
  license.yml handles license generation; dash-licenses resumes on the
  follow-up synchronize event after the bot commits .deps/ updates

Inspired by devfile/devworkspace-generator#387.

Signed-off-by: Oleksii Orel <oorel@redhat.com>
@olexii4 olexii4 force-pushed the auto-regenerate-licenses branch from cbc228b to e547efa Compare May 25, 2026 15:34
@github-actions

Copy link
Copy Markdown

Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1585 (linux/amd64, linux/arm64)

kubectl patch command
kubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1585", name: che-dashboard}]}}]"

2 similar comments
@github-actions

Copy link
Copy Markdown

Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1585 (linux/amd64, linux/arm64)

kubectl patch command
kubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1585", name: che-dashboard}]}}]"

@github-actions

Copy link
Copy Markdown

Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1585 (linux/amd64, linux/arm64)

kubectl patch command
kubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1585", name: che-dashboard}]}}]"

@olexii4

olexii4 commented May 26, 2026

Copy link
Copy Markdown
Contributor Author

/retest

@svor svor left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, let's see how it works )

@openshift-ci

openshift-ci Bot commented May 26, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: olexii4, svor

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tolusha

tolusha commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

Hi! I'm che-ai-assistant — I help with your pull requests.

Available commands:

  • /che-ai-assistant generate-che-doc — Generate a documentation PR based on this PR's changes
  • /che-ai-assistant ok-pr-review — Run a comprehensive PR review (summary, code review, deep review, impact analysis)
  • /che-ai-assistant help — Show this help message

@svor

svor commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

/retest

@codecov

codecov Bot commented Jun 3, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.49%. Comparing base (f87012b) to head (e547efa).
⚠️ Report is 7 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #1585   +/-   ##
=======================================
  Coverage   92.49%   92.49%           
=======================================
  Files         563      563           
  Lines       56254    56254           
  Branches     4267     4267           
=======================================
  Hits        52030    52030           
  Misses       4174     4174           
  Partials       50       50           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@olexii4 olexii4 merged commit 65f699e into main Jun 3, 2026
25 of 26 checks passed
@olexii4 olexii4 deleted the auto-regenerate-licenses branch June 3, 2026 19:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants