Skip to content
/ spdx Public

GitHub Action that tests source code for SPDX license headers

Notifications You must be signed in to change notification settings

enarx/spdx

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

spdx

A Github Action that verifies whether project files include a SPDX license header. If any files do not pass the ruleset for their file type, the test will fail with some guidance about how to fix it.

Usage

Include the action as part of a workflow that performs a checkout. You'll also need to provide input:

  • licenses: The accepted SPDX License Identifiers.

Here's an example:

name: spdx

on:
  pull_request

jobs:
  check-spdx-headers:
    runs-on: ubuntu-latest
    steps:
    - name: checkout
      uses: actions/checkout@v2
    - uses: enarx/spdx@master
      with:
        licenses: |-
          Apache-2.0
          MIT

How it Works

This script basically performs two actions:

  1. It identifies the source code language for each file.
  2. It validates the SPDX header using the semantics for the language.

If this script cannot identify the language for a file, it is skipped. Likewise, if the language of the file is known but it has no SPDX semantics defined, it is skipped.

We identify the source code of a language using two strategies.

  1. We map the extension to a known language.
  2. We evaluate a shebang line, if present.

Adding Support for New Languages

Adding support for new languages should be trivial. See the examples for Ruby and C/C++.

About

GitHub Action that tests source code for SPDX license headers

Resources

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages