Add SPDX header check workflow for pull requests #774
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
Hi @copilot. Thanks for your PR. I'm waiting for a linuxdeepin member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Created `.github/workflows/spdx-check.yml` to automatically check SPDX copyright headers in pull requests. The workflow: - Triggers on pull requests to the main branch - Uses zccrs/github-actions-spdx-checker@v1 action - Checks multiple file types (py, js, ts, java, cpp, go, rs, etc.) - Excludes vendor and node_modules directories - Validates new files have current year SPDX headers - Ensures modified files update year ranges correctly This will help maintain consistent copyright headers across all linuxdeepin projects and ensure compliance with SPDX standards. Influence: 1. All future PRs to main branch will automatically check SPDX headers 2. Non-compliant files will cause workflow to fail with bilingual error messages 3. Developers must include proper SPDX headers in all new and modified files 4. Test by creating a PR with files missing SPDX headers feat: 添加 SPDX 头部检查工作流 创建 `.github/workflows/spdx-check.yml` 以自动检查拉取请求中的 SPDX 版权头部。 此工作流: - 在向 main 分支提交 PR 时触发 - 使用 zccrs/github-actions-spdx-checker@v1 action - 检查多种文件类型(py, js, ts, java, cpp, go, rs 等) - 排除 vendor 和 node_modules 目录 - 验证新文件包含当前年份的 SPDX 头部 - 确保修改的文件正确更新年份范围 这将有助于在所有 linuxdeepin 项目中保持一致的版权头部,并确保符合 SPDX 标准。 Influence: 1. 所有未来向 main 分支提交的 PR 都会自动检查 SPDX 头部 2. 不符合规范的文件会导致工作流失败并提供双语错误消息 3. 开发者必须在所有新文件和修改的文件中包含适当的 SPDX 头部 4. 通过创建缺少 SPDX 头部的文件的 PR 来测试 Co-authored-by: zccrs <13449038+zccrs@users.noreply.github.com>
Contributor
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: Copilot The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
Added actions/checkout@v5 step before the SPDX checker to ensure the repository code is available for checking. Configured with fetch-depth: 0 to fetch full git history, which is required for the SPDX checker to compare against the base branch and determine which files have been added or modified. This ensures the workflow can properly: - Access all files in the pull request - Compare changes against the base branch (origin/main) - Determine new vs modified files for appropriate SPDX header validation Influence: 1. The workflow will now function correctly when triggered 2. Files in PRs will be properly checked for SPDX headers 3. Git history is available for year range validation in modified files fix: 为 SPDX 头部检查工作流添加检出步骤 在 SPDX 检查器之前添加 actions/checkout@v5 步骤,以确保仓库代码可用于检查。 配置 fetch-depth: 0 以获取完整的 git 历史记录,这是 SPDX 检查器比较基础分支 并确定哪些文件已添加或修改所必需的。 这确保工作流可以正确地: - 访问拉取请求中的所有文件 - 将更改与基础分支(origin/main)进行比较 - 确定新文件与修改文件以进行适当的 SPDX 头部验证 Influence: 1. 工作流现在将在触发时正常运行 2. PR 中的文件将正确检查 SPDX 头部 3. Git 历史可用于修改文件中的年份范围验证 Co-authored-by: zccrs <13449038+zccrs@users.noreply.github.com>
Added explicit permissions block to limit GITHUB_TOKEN permissions for security. The workflow now only has the minimal required permissions: - contents: read - to checkout repository code - pull-requests: read - to read PR information This follows GitHub Actions security best practices by implementing the principle of least privilege, ensuring the workflow only has access to what it needs. Influence: 1. Improves workflow security posture 2. Prevents potential token misuse 3. Follows GitHub Actions security recommendations 4. Resolves CodeQL security alert about missing workflow permissions fix: 为 SPDX 检查工作流添加明确的权限 添加明确的权限块以限制 GITHUB_TOKEN 权限以提高安全性。 工作流现在只有最小的必需权限: - contents: read - 检出仓库代码 - pull-requests: read - 读取 PR 信息 这遵循 GitHub Actions 安全最佳实践,通过实施最小权限原则,确保工作流仅 有权访问其所需内容。 Influence: 1. 提高工作流安全性 2. 防止潜在的令牌滥用 3. 遵循 GitHub Actions 安全建议 4. 解决关于缺少工作流权限的 CodeQL 安全警报 Co-authored-by: zccrs <13449038+zccrs@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Add SPDX header check workflow for pull requests
Add SPDX header check workflow for pull requests
Jan 16, 2026
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Automates SPDX copyright header validation on all PRs to main branch using
zccrs/github-actions-spdx-checker@v1.Implementation
mainbranchvendor/**,node_modules/**contents: read,pull-requests: read)fetch-depth: 0) for year range validationValidation Rules
2023-2026)Original prompt
This pull request was created from Copilot chat.
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.