ORT #3
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ORT | |
| on: | |
| workflow_dispatch: | |
| env: | |
| ORT_IMAGE: ghcr.io/oss-review-toolkit/ort-minimal | |
| jobs: | |
| ort: | |
| name: Run ORT | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| with: | |
| path: ort-server | |
| - name: Setup pnpm | |
| uses: pnpm/action-setup@v4 | |
| with: | |
| version: 9 | |
| - name: Setup Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| - name: Get latest ORT version | |
| run: | | |
| echo "ORT_VERSION=$(curl -s https://api.github.com/repos/oss-review-toolkit/ort/releases/latest | jq -r .tag_name)" >> $GITHUB_ENV | |
| - name: Install ORT | |
| run: | | |
| curl -L -o ort.tar.gz https://github.com/oss-review-toolkit/ort/releases/download/${{ env.ORT_VERSION }}/ort-${{ env.ORT_VERSION }}.tgz | |
| tar xfz ort.tar.gz | |
| rm ort.tar.gz | |
| echo "ort-${{ env.ORT_VERSION }}/bin" >> $GITHUB_PATH | |
| - name: Run ORT Analyzer | |
| run: ort analyze -i ort-server -o ort-results | |
| - name: Run ORT Advisor | |
| run: ort advise -i ort-results/analyzer-result.yml -o ort-results -a OSV | |
| - name: Run ORT Evaluator | |
| run: ort evaluate -i ort-results/advisor-result.yml -o ort-results --rules-resource /rules/osadl.rules.kts | |
| - name: Run ORT Reporter | |
| run: ort report -i ort-results/evaluation-result.yml -o ort-reports -f CycloneDX,SPDXDocument,WebApp | |
| - name: Upload ORT Reports | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| path: ort-reports |