From 3101e578976c3d5ca4d9ec054d434f4e183379ac Mon Sep 17 00:00:00 2001 From: per1234 Date: Sat, 1 Mar 2025 20:35:55 -0800 Subject: [PATCH 1/2] Use canonical github/setup-licensed action in dependencies license check workflow This GitHub Actions action is used by the dependencies license check workflow to install the "Licensed" tool in the runner workspace. At the time the workflow was developed, the action was owned by GitHub user `jonabc`, and so the action was referenced as `jonabc/setup-licensed` in the workflow. Since that time, the action was transferred to the `github` GitHub organization. Making things more confusing is the fact that GitHub user `jonabc` now has a development fork of the `github/setup-licensed` repository, meaning that the redirect GitHub provides from the old to the new repository after a transfer does not exist for this action. This resulted in the workflow referencing an outdated copy of the action not intended for production use. The workflow is hereby updated to use the canonical "github/setup-licensed" action. --- .github/workflows/check-go-dependencies-task.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-go-dependencies-task.yml b/.github/workflows/check-go-dependencies-task.yml index 5b78888b..183899c2 100644 --- a/.github/workflows/check-go-dependencies-task.yml +++ b/.github/workflows/check-go-dependencies-task.yml @@ -124,7 +124,7 @@ jobs: submodules: recursive - name: Install licensed - uses: jonabc/setup-licensed@v1 + uses: github/setup-licensed@v1 with: github_token: ${{ secrets.GITHUB_TOKEN }} version: 3.x From a9c6287f2d2fee5180a258a19c7e1687eb9b224a Mon Sep 17 00:00:00 2001 From: per1234 Date: Sat, 1 Mar 2025 20:39:20 -0800 Subject: [PATCH 2/2] Use latest version of "github/setup-licensed" action The "github/setup-licensed" action is used by the dependencies license check workflow to install the "Licensed" tool in the runner machine. Previously the `v1` major version ref of the action was specified in the workflow. This approach is used in order to allow the workflow to automatically always use the latest minor version of the action, only requiring the project maintainers to perform a bump of the action after each major version release. In a competently maintained action project, the major version ref will be updated after each release within that major version series so that it always points to the latest release version. Unfortunately that was not done by the "github/setup-licensed" action maintainers. This means that the use of the `v1` ref in the workflow causes an outdated version of the action to be used. This has been reported to the action maintainers, but unfortunately instead of fixing the problem they archived the repository, so there is no hope of it being resolved. The solution is to replace the major version ref with the ref for the latest release tag. This won't result in an increased maintenance burden because the action repository is archived and thus there won't be any bumps. --- .github/workflows/check-go-dependencies-task.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-go-dependencies-task.yml b/.github/workflows/check-go-dependencies-task.yml index 183899c2..a72d247a 100644 --- a/.github/workflows/check-go-dependencies-task.yml +++ b/.github/workflows/check-go-dependencies-task.yml @@ -124,7 +124,7 @@ jobs: submodules: recursive - name: Install licensed - uses: github/setup-licensed@v1 + uses: github/setup-licensed@v1.3.1 with: github_token: ${{ secrets.GITHUB_TOKEN }} version: 3.x