mirror of
https://github.com/PX4/PX4-Autopilot.git
synced 2026-05-10 06:39:25 +08:00
Ramon Roche
7e6ccb3eb6
The PR-time SBOM license check was using `submodules: false`, so when generate_sbom.py ran the new submodule directory was empty. The script treats uninitialized submodules as `(not checked out) -> NOASSERTION (skipped)` rather than a failure, which let PR #27184 (adding PX4-OpticalFlow as a submodule) pass without ever inspecting the actual repo for a LICENSE file. The monthly audit then caught it (#27217) because it uses `submodules: recursive`. Switch the PR-time job to `submodules: recursive` so license issues are caught at PR time rather than on the next monthly audit. The job only runs when .gitmodules, license-overrides.yaml, or generate_sbom.py change, so the extra clone cost is bounded. Signed-off-by: Ramon Roche <mrpollo@gmail.com>