troubleshoot/.github/workflows/license.yaml

on:
  push:
    branches:
      - main
  pull_request:

env:
  TRIVY_VERSION: 0.44.1

name: License scan

jobs:
  license:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v5
      - name: Install trivy
        run: |
          wget https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.deb
          sudo dpkg -i trivy_${TRIVY_VERSION}_Linux-64bit.deb

      - name: Create license report artifact
        run: trivy fs --scanners license --skip-dirs ".github" . | tee license-report.txt

      - name: Upload license report artifact
        uses: actions/upload-artifact@v4
        with:
          name: license-report
          path: license-report.txt

      - name: Check for unknown licenses
        run: trivy fs --scanners license --skip-dirs ".github" --exit-code 1 --severity UNKNOWN . || echo "::warning::Unknown licenses found, please verify"

      - name: Check for forbidden licenses and fail
        run: trivy fs --scanners license --skip-dirs ".github" --exit-code 1 --severity CRITICAL,HIGH .