Merge pull request #34 from sequentech/ort-fix-71x

edulix · web-flow · commit db442e58e92e · 2023-01-05T15:42:29.000+01:00
migrating to reusable workflow
diff --git a/.github/workflows/ort.yml b/.github/workflows/ort.yml
@@ -17,31 +17,9 @@ on:
 
 jobs:
   ort:
-    runs-on: ubuntu-20.04
-    steps:
-      - name: Use HTTPS instead of SSH for Git cloning
-        run: git config --global url.https://github.com/.insteadOf ssh://git@github.com/
-
-      - uses: actions/checkout@v3
-
-      - name: Run GitHub Action for ORT
-        uses: oss-review-toolkit/ort-ci-github-action@main
-        with:
-          run: > # remove the advisor step since we are not using it
-            cache-dependencies,
-            labels,
-            analyzer,
-            evaluator,
-            reporter,
-            upload-results
-          log-level: debug
-          ort-config-repository: 'https://github.com/sequentech/ort-config.git'
-          fail-on: issues,violations
-          report-formats: SpdxDocument,Excel,StaticHtml,WebApp
-          ort-cli-args: > # using the default plus the package managers setting
-            --force-overwrite
-            --stacktrace
-            -P ort.analyzer.enabledPackageManagers=PIP
-          ort-cli-evaluate-args: >
-            --rules-file /home/runner/.ort/config/rules.kts
-            --license-classifications-file /home/runner/.ort/config/license-classifications.yml
+    uses: sequentech/ort-config/.github/workflows/ort.yml@main
+    with:
+      ort-cli-args: > # using the default plus the package managers setting
+        --force-overwrite
+        --stacktrace
+        -P ort.analyzer.enabledPackageManagers=PIP
diff --git a/.ort.yml b/.ort.yml
@@ -5,6 +5,6 @@
 ---
 resolutions:
   rule_violations:
-  - message: "The package PyPI::certifi:2021.10.8 has the declared ScanCode copyleft-limited categorized license MPL-2.0."
+  - message: "The package PyPI::certifi:2022.12.7 has the declared ScanCode copyleft-limited categorized license MPL-2.0."
     reason: "DYNAMIC_LINKAGE_EXCEPTION"
     comment: "We are not modifying certifi and we dynamically link to it, so acording to MPL-2.0 this allows us to keep our code with a completely different license. In this kind of case, MPL-2.0 is not viral. https://www.mozilla.org/en-US/MPL/2.0/FAQ/"
