gmsm/.github/workflows/licenses.yml

name: Update License File
on:
  push:
    branches: [ main ]
    paths:
      - 'go.mod'
      - 'go.sum'

permissions:
  contents: read

jobs:
  update-licenses:
    runs-on: ubuntu-latest
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
        with:
          egress-policy: audit

      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
        with:
          go-version: '1.23'
      - name: Install go-licenses
        run: go install github.com/google/go-licenses@latest
      - name: Generate license files
        run: |
          go-licenses report github.com/emmansun/gmsm > third-party-licenses.md