build: use .github dependency chech (#31)

ndr-brt · web-flow · commit fd229a081c45 · 2023-07-14T08:34:10.000+02:00
* build: print DEPENDENCIES file if check fails

* use .github dependency check
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
@@ -9,50 +9,5 @@ permissions:
   contents: read
 
 jobs:
-  Check-Allowed-Licenses:
-    runs-on: ubuntu-latest
-    continue-on-error: false
-    if: ${{ github.event_name == 'pull_request' }}
-    steps:
-      - name: 'Checkout Repository'
-        uses: actions/checkout@v3
-      - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v3
-        with:
-          fail-on-severity: critical
-          # Representation of this list: https://www.eclipse.org/legal/licenses.php#
-          # Expressed with the help of the following IDs: https://spdx.org/licenses/
-          allow-licenses: >-
-            Adobe-Glyph, Apache-1.0, Apache-1.1, Apache-2.0, Artistic-2.0, BSD-2-Clause, BSD-3-Clause,
-            BSD-4-Clause, 0BSD, BSL-1.0, CDDL-1.0, CDDL-1.1, CPL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-2.5,
-            CC-BY-SA-3.0, CC-BY-SA-4.0, CC0-1.0, EPL-1.0, EPL-2.0, FTL, GFDL-1.3-only, IPL-1.0, ISC,
-            MIT, MIT-0, MPL-1.1, MPL-2.0, NTP, OpenSSL, PHP-3.01, PostgreSQL, OFL-1.1, Unlicense,
-            Unicode-DFS-2015, Unicode-DFS-2016, Unicode-TOU, UPL-1.0, W3C-20150513, W3C-19980720, W3C,
-            WTFPL, X11, Zlib, ZPL-2.1
-
-  Dash-Dependency-Check:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ./.github/actions/setup-build
-      - name: Download latest Eclipse Dash
-        run: |
-          curl -L https://repo.eclipse.org/service/local/artifact/maven/redirect\?r\=dash-licenses\&g\=org.eclipse.dash\&a\=org.eclipse.dash.licenses\&v\=LATEST --output dash.jar
-      - name: Regenerate DEPENDENCIES
-        run: |
-          # dash returns a nonzero exit code if there are libs that need review. the "|| true" avoids that
-          ./gradlew allDependencies | grep -Poh "(?<=\s)[\w.-]+:[\w.-]+:[^:\s\[\]]+" | sort | uniq | java -jar dash.jar - -summary DEPENDENCIES-gen || true
-
-          # log warning if restricted deps are found
-          grep -E 'restricted' DEPENDENCIES | if test $(wc -l) -gt 0; then 
-            echo "::warning file=DEPENDENCIES,title=Restricted Dependencies found::Some dependencies are marked 'restricted' - please review them" 
-          fi
-
-          # log error and fail job if rejected deps are found
-          grep -E 'rejected' DEPENDENCIES | if test $(wc -l) -gt 0; then
-            echo "::error file=DEPENDENCIES,title=Rejected Dependencies found::Some dependencies are marked 'rejected', they cannot be used"
-            exit 1
-          fi
-      - name: Check for differences
-        run: |
-          diff DEPENDENCIES DEPENDENCIES-gen
+  check:
+    uses: eclipse-edc/.github/.github/workflows/dependency-check.yml@main
