gmsm/.github/workflows/licenses.yml

name: Update License File
on:
  push:
    branches: [ "develop" ]
    paths:
      - 'go.mod'
      - 'go.sum'

permissions:
  contents: read

jobs:
  update-licenses:
    runs-on: ubuntu-latest
    steps:
      - name: Harden the runner (Audit all outbound calls)
        uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
        with:
          egress-policy: audit

      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
      - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
        with:
          go-version: '1.23'
      - name: Install go-licenses
        run: go install github.com/google/go-licenses@latest
      - name: Generate license files
        run: |
          go-licenses report github.com/emmansun/gmsm > third-party-licenses.md