Stirling-PDF/.github/workflows/licenses-update.yml

name: License Report Workflow

on:
  push:
    branches:
      - main
    paths:
      - "build.gradle"

permissions:
  contents: write
  pull-requests: write

jobs:
  generate-license-report:
    runs-on: ubuntu-latest

    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
        with:
          egress-policy: audit

      - name: Check out code
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Set up JDK 17
        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0
        with:
          java-version: "17"
          distribution: "adopt"

      - uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2

      - name: Run Gradle Command
        run: ./gradlew clean generateLicenseReport

      - name: Move and Rename License File
        run: |
          mv build/reports/dependency-license/index.json src/main/resources/static/3rdPartyLicenses.json          

      - name: Set up git config
        run: |
          git config --global user.name "github-actions[bot]"
          git config --global user.email "github-actions[bot]@users.noreply.github.com"          

      - name: Run git add
        run: |
          git add src/main/resources/static/3rdPartyLicenses.json
          git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV          

      - name: Create Pull Request
        id: cpr
        if: env.CHANGES_DETECTED == 'true'
        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          commit-message: "Update 3rd Party Licenses"
          committer: GitHub Action <action@github.com>
          author: GitHub Action <action@github.com>
          signoff: true
          branch: update-3rd-party-licenses
          title: "Update 3rd Party Licenses"
          body: |
            Auto-generated by [create-pull-request][1]

            [1]: https://github.com/peter-evans/create-pull-request            
          labels: licenses
          draft: false
          delete-branch: true

      - name: Auto approve
        if: steps.cpr.outputs.pull-request-operation == 'created'
        run: gh pr review --approve "${{ steps.cpr.outputs.pull-request-number }}"
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Enable auto-merge
        if: steps.cpr.outputs.pull-request-operation == 'created'
        uses: peter-evans/enable-pull-request-automerge@a660677d5469627102a1c1e11409dd063606628d # v3.0.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          pull-request-number: ${{ steps.cpr.outputs.pull-request-number }}
          merge-method: squash # Choose the merge method: merge, squash, or rebase