diff --git a/.github/workflows/apache-rat-audit.yml b/.github/workflows/apache-rat-audit.yml index 0daaaaaade2..fab6b364546 100644 --- a/.github/workflows/apache-rat-audit.yml +++ b/.github/workflows/apache-rat-audit.yml @@ -74,6 +74,62 @@ jobs: echo "rat_failed=false" >> $GITHUB_OUTPUT echo "Apache Rat check passed successfully" + - name: Check NOTICE year is up-to-date + run: | + echo "📅 Checking NOTICE file year..." + current_year=$(date -u +"%Y") + echo "CURRENT_YEAR=$current_year" >> $GITHUB_ENV + # Check if the NOTICE file contains the current year + if ! grep -q "Copyright 2024-$current_year The Apache Software Foundation" NOTICE; then + echo "❌ NOTICE file does not contain the current year ($current_year)" + echo "::error::NOTICE file does not contain the current year ($current_year)" + echo "NOTICE_CHECK=fail" >> $GITHUB_ENV + exit 1 + else + echo "✅ NOTICE file contains the current year ($current_year)" + echo "NOTICE_CHECK=pass" >> $GITHUB_ENV + fi + + - name: Check for binary files + run: | + echo "📦 Checking for binary files..." + echo "Checking extensions: class, jar, tar, tgz, zip, exe, dll, so" + echo "----------------------------------------------------------------------" + + # Check for specific binary file extensions + binary_extensions="class jar tar tgz zip exe dll so" + echo "BINARY_EXTENSIONS=${binary_extensions}" >> $GITHUB_ENV + binary_results="" + binaryfiles_found=false + + for extension in ${binary_extensions}; do + printf "Checking *.%-4s files..." "${extension}" + found=$(find . -name "*.${extension}" || true) + if [ -n "$found" ]; then + echo "❌ FOUND" + echo "::error::${extension} files should not exist" + echo "For ASF compatibility: the source tree should not contain" + echo "binary files as users have a hard time verifying their contents." + echo "Found files:" + echo "$found" | sed 's/^/ /' + echo "${extension}:${found}" >> binary_results.txt + binaryfiles_found=true + else + echo "✅ NONE" + echo "${extension}:none" >> binary_results.txt + fi + done + + echo "----------------------------------------------------------------------" + if [ "$binaryfiles_found" = true ]; then + echo "❌ Binary files were found in the source tree" + echo "BINARY_CHECK=fail" >> $GITHUB_ENV + exit 1 + else + echo "✅ No binary files found" + echo "BINARY_CHECK=pass" >> $GITHUB_ENV + fi + - name: Upload Rat check results if: always() uses: actions/upload-artifact@v4 @@ -89,6 +145,34 @@ jobs: echo "## Apache Rat Audit Results" echo "- Run Time: $(date -u +'%Y-%m-%d %H:%M:%S UTC')" echo "" + + # NOTICE Year Check Summary + echo "### 📅 NOTICE Year Check" + if [ "$NOTICE_CHECK" = "pass" ]; then + echo "✅ NOTICE file contains the current year ($CURRENT_YEAR)" + else + echo "❌ NOTICE file does not contain the current year ($CURRENT_YEAR)" + fi + echo "" + + # Binary Files Check Summary + echo "### 📦 Binary Files Check" + echo "Checked extensions: \`${BINARY_EXTENSIONS}\`" + echo "" + echo "Results:" + echo "\`\`\`" + if [ -f binary_results.txt ]; then + while IFS=: read -r ext files; do + if [ "$files" = "none" ]; then + echo "✅ No .${ext} files found" + else + echo "❌ Found .${ext} files:" + echo "$files" | sed 's/^/ /' + fi + done < binary_results.txt + fi + echo "\`\`\`" + echo "" if [[ -f rat-output.log ]]; then # First extract and display summary statistics (only once)