{"id":15048144,"url":"https://github.com/github/licensed-ci","last_synced_at":"2025-10-19T22:32:53.747Z","repository":{"id":35826170,"uuid":"208498644","full_name":"github/licensed-ci","owner":"github","description":"Update and check cached licenses in a GitHub Actions workflow","archived":false,"fork":false,"pushed_at":"2025-01-27T03:40:28.000Z","size":3565,"stargazers_count":40,"open_issues_count":12,"forks_count":7,"subscribers_count":134,"default_branch":"main","last_synced_at":"2025-01-30T07:42:40.919Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/github.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":"SECURITY.md","support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-09-14T20:18:24.000Z","updated_at":"2025-01-09T19:58:20.000Z","dependencies_parsed_at":"2024-01-29T04:31:47.631Z","dependency_job_id":"f7f1d3cc-1c5b-4e39-b647-edf94ce3ce75","html_url":"https://github.com/github/licensed-ci","commit_stats":{"total_commits":390,"total_committers":14,"mean_commits":"27.857142857142858","dds":0.6307692307692307,"last_synced_commit":"a47c8300299519420b330a20516beada465d5feb"},"previous_names":["github/licensed-ci"],"tags_count":27,"template":false,"template_full_name":"actions/javascript-action","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Flicensed-ci","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Flicensed-ci/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Flicensed-ci/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/github%2Flicensed-ci/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/github","download_url":"https://codeload.github.com/github/licensed-ci/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":237224896,"owners_count":19275106,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-09-24T21:08:41.254Z","updated_at":"2025-10-19T22:32:53.741Z","avatar_url":"https://github.com/github.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# licensed-ci\n\n**Please note: This action is deprecated and should no longer be used. The team at GitHub has ceased making and accepting code contributions or maintaining the issue tracker. Please migrate your workflows to the [licensee/licensed-ci](https://github.com/licensee/licensed-ci) action, which is maintained by the community.**\n\n![test](https://github.com/github/licensed-ci/workflows/Test/badge.svg)\n\nA GitHub Action to run [github/licensed](https://github.com/github/licensed) in a CI workflow.\n\n1. Run a workflow to update cached dependency metadata using `licensed cache` and push updates to GitHub\n2. Run `licensed status` to check that license data is available, known, up to date and valid for all dependencies\n   - Status check failures will cause the step to fail, allowing examination and further updates to the code (if needed).\n\n## Available Workflows\n\n### Push (`push`)\n\nThis is the default workflow and the behavior in v1.1.0.\n\nUpdate cached dependency metadata on the target branch and push changes to origin.\nIf `pr_comment` input is set and a pull request is available, a comment is added to the pull request.  This input is deprecated and will be removed in the next major version.\n\n### Branch (`branch`)\n\nUpdate cached dependency metadata on a branch named `\u003cbranch\u003e-licenses` and opens a pull request to merge the changes into the target branch.\nIf `pr_comment` input is set, it will be added to the body text when creating the pull request.  This input is deprecated and will be removed in the next major version.\n\nManual adjustments to license data or the github/licensed configuration should happen on the new licenses branch.\nAny runs of the action on a `*-licenses` branch will run status checks only - dependency metadata will not be updated.\n\nNotes:\n\n- If the licenses branch already exists, it is rebased onto the target branch before caching metadata.\n- If an open pull request for the branch already exists, no further action is taken.\n\n### Push for changes from bots, Branch for changes from users (`push_for_bots`)\n\nThis is a hybrid workflow, choosing either the `branch` or `push` workflow depending on the context that triggered `licensed-ci`.  The intended result is that dependency changes made by bots will run the `push` workflow, while dependency changes initiated by humans will run the `branch` workflow.  Choosing the `push` workflow for changes made by bots requires less human interaction overall in reviewing and merging multiple pull requests.\n\nThe workflow that is run is chosen based on a few different checks:\n\n1. If the `branch` workflow has already created a `*-licenses` branch, continue to use the `branch` workflow\n1. If the action payload's [sender](https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#webhook-payload-object-common-properties) field is for a user account, use the `branch` workflow\n1. If the above checks don't pass, use the `push` workflow\n\n## Configuration\n\n- `github_token` - Required.  The access token used to push changes to the branch on GitHub.\n- `command` - Optional, default: `licensed`. The command used to call licensed.\n- `config_file` - Optional, default: `.licensed.yml`.  The configuration file path within the workspace.\n- `user_name` - Optional, default: `licensed-ci`.  The name used when committing cached file changes.\n- `user_email` - Optional, default: `licensed-ci@users.noreply.github.com`.  The email address used when committing cached file changes.\n- `commit_message` - Optional, default: `Auto-update license files`.  Message to use when committing cached file changes.\n- `pr_comment` - Optional (deprecated).  Markdown content to add to an available pull request.\n  - this option is deprecated.  Please use the available `pr_url` and `pr_number` to script additional actions in your workflow\n- `workflow` - Optional, default: `push`.  Specifies the workflow that is run when metadata updates are found:\n  1. `push`\n  1. `branch`\n  1. `push_for_bots`\n- `cleanup_on_success` - Optional, default: `'false'`.  Only applies to the `branch` workflow.  Set to the string `'true'` to close PRs and delete branches used by the `branch` workflow when `licensed status` succeeds on the parent branch.\n- `dependabot_skip` - Optional, default: `'false'`.  Set to the string `'true'` to prepend `[dependabot skip]` to commit messages when licensed-ci is run on a Pull Request or commit authored by Dependabot.  This will signal to Dependabot that it is safe to perform its normal operations even though non-Dependabot commits are present on the Dependabot Pull Request.\n- `sources` - Optional.  Set to a string containing a comma-separated list of [github/licensed sources](https://github.com/github/licensed/tree/master/docs/sources) to add `--sources` CLI arguments to cache and status commands.\n- `format` - Optional.  Available values: [`yaml`, `json`]. Set to add a `--format` CLI argument to cache and status commands.\n\n## Outputs\n\n- licenses_branch - The branch containing licensed-ci changes.\n- user_branch - The branch containing user changes.\n- licenses_updated - A boolean string indicating whether license files were updated.\n- pr_url - The html url of the pull request for the license updates branch, if available, to enable further actions scripting.\n- pr_number - The number of the pull request for the license updates branch, if available, to enable further actions scripting.\n- pr_created - True if a pull request was created in a `branch` workflow, false otherwise.\n\n## Usage\n\n*[See a full example below](#full-nodejs-example)*.\n\n### Supported Events\n\nThis action supports the `push`, `pull_request`, `workflow_dispatch`, and `scheduled` events.  When using `push`, the action workflow should include `tags-ignore: '**'` to avoid running the action on pushed tags.  New tags point to code but do not represent new or changed code that could include updated dependencies.\n\n```yaml\non:\n  # run on pushes to the default branch\n  push:\n    branches:\n      - main\n    tags-ignore: '**'\n  # run on pull request events with changes to code\n  pull_request:\n    types:\n      - opened\n      - reopened\n      - synchronize\n  # run on demand\n  workflow_dispatch:\n  # run on a schedule against the repository's default branch\n  schedule:\n    - cron: '0 8 * * *' # run every day at 8am\n```\n\n### Basic Ruby usage using Bundler + Gemfile\n\n```yaml\njobs:\n  licensed:\n    env: # optionally configure the Gemfile used\n      BUNDLE_GEMFILE: ${{ github.workspace }}/licensed.gemfile\n    steps:\n      - uses: actions/checkout@v3\n      - uses: ruby/setup-ruby@v1\n        with:\n          ruby-version: 3.1\n          bundler-cache: true # improve performance on subsequent runs\n          cache-version: 1\n      - run: xxx # Install project dependencies here.\n      - uses: github/licensed-ci@v1\n        with:\n          github_token: ${{ secrets.GITHUB_TOKEN }}\n          command: \"bundle exec licensed\" # or bin/licensed when using binstubs\n```\n\n### Basic non-Ruby usage using [github/setup-licensed](https://github.com/github/setup-licensed)\n\n```yaml\njobs:\n  licensed:\n    steps:\n      - uses: actions/checkout@v3\n      \n      # install licensed.  licensed v4 can only be installed as a gem and requires\n      # running ruby/setup-ruby before github/setup-licensed.  If a project doesn't\n      # require a specific version of ruby, default to installing latest stable\n      - uses: ruby/setup-ruby@v1\n        with:\n          ruby-version: ruby\n      - uses: github/setup-licensed@v1\n        with:\n          version: 4.x\n\n      - run: xxx # Install project dependencies here.\n      - uses: github/licensed-ci@v1\n        with:\n          github_token: ${{ secrets.GITHUB_TOKEN }}\n```\n\n### Using outputs to make a PR comment\n\n```yaml\njobs:\n  licensed:\n    steps:\n      - # environment setup ...\n      - id: licensed # save the id of the step to reference later\n        uses: github/licensed-ci@v1\n        with:\n          github_token: ${{ secrets.GITHUB_TOKEN }}\n      - uses: actions/github-script@0.2.0\n        if: always() \u0026\u0026 steps.licensed.outputs.pr_number\n        with:\n          github-token: ${{ secrets.GITHUB_TOKEN }}\n          script: |\n            github.issues.createComment({\n              ...context.repo,\n              issue_number: ${{ steps.licensed.outputs.pr_number }}\n              body: 'My custom PR message'\n            })\n```\n\n### Authentication\n\n#### Accessing private repositories during the licensed-ci action\n\nThe default `GITHUB_TOKEN` authentication token provided by GitHub Actions does not have read access to any other GitHub repositories.  If running [github/licensed](https://github.com/github/licensed) in your repo requires access to a private GitHub repository, please set the `github_token` workflow input to a PAT from a user with access to necessary private repositories.\n\n#### Using licensed-ci with permission restrictions on GITHUB_TOKEN\n\nIf your action workflow [restricts which permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) are granted to `GITHUB_TOKEN`, please ensure that both `contents` and `pull-requests` are set to `write`. As part of an Actions workflow, `licensed-ci` can push license metadata file updates to a repo, comment on existing PRs, and open new PRs.\n\n```yaml\npermissions:\n  pull-requests: write\n  contents: write\n```\n\n### Full Node.js example\n\n```yaml\non:\n  # run on pushes to the default branch\n  push:\n    branches:\n      - main\n  # run on pull request events with changes to code\n  pull_request:\n    types:\n      - opened\n      - reopened\n      - synchronize\n  # run on demand\n  workflow_dispatch:\n\n# ensure that the action can push changes to the repo and edit PRs\n# when using `secrets.GITHUB_TOKEN`\npermissions:\n  pull-requests: write\n  contents: write\n\njobs:\n  licensed:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v3\n\n      # install environment pre-requisites and project dependencies\n      - uses: actions/setup-node@v3\n        with:\n          node-version: 16\n          cache: npm # cache dependencies for faster subsequent runs.\n      - run: npm install --production --ignore-scripts\n\n      # install licensed.  licensed v4 can only be installed as a gem and requires\n      # running ruby/setup-ruby before github/setup-licensed.  If a project doesn't\n      # require a specific version of ruby, default to installing latest stable\n      - uses: ruby/setup-ruby@v1\n        with:\n          ruby-version: ruby\n      - uses: github/setup-licensed@v1\n        with:\n          version: 4.x\n\n      - id: licensed\n        uses: github/licensed-ci@v1\n        with:\n          github_token: ${{ secrets.GITHUB_TOKEN }}\n      - uses: actions/github-script@0.2.0\n        if: always() \u0026\u0026 steps.licensed.outputs.pr_number\n        with:\n          github-token: ${{ secrets.GITHUB_TOKEN }}\n          script: |\n            github.issues.createComment({\n              ...context.repo,\n              issue_number: ${{ steps.licensed.outputs.pr_number }}\n              body: 'My custom PR message'\n            })\n```\n\n## License\n\nThis project is released under the [MIT License](LICENSE)\n\n## Maintainers\n\n- @ajhenry\n- @lumaxis\n\n## Support\n\nYou can expect the following support.  See [SUPPORT](SUPPORT.md) for more information.\n\n- bug fixes\n- review of feature request issues\n- review of questions in [github/licensed Discussions](https://github.com/github/licensed/discussions)\n\n## Contributions\n\nContributions are welcome!  See [CONTRIBUTING.md](./CONTRIBUTING.md) for more information on how to get involved.\n\n## Acknowledgement\n\nHuge thank you and appreciation to @jonabc for championing license compliance and maintaining licensed over the years.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithub%2Flicensed-ci","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgithub%2Flicensed-ci","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithub%2Flicensed-ci/lists"}