A full-featured license tool to check and fix license headers and resolve dependencies' licenses.

SkyWalking Eyes

Sky Walking logo

A full-featured license tool to check and fix license headers and resolve dependencies' licenses.

Twitter Follow

Usage

You can use License-Eye in GitHub Actions or in your local machine.

GitHub Actions

To use License-Eye in GitHub Actions, add a step in your GitHub workflow.

- name: Check License Header
  uses: apache/skywalking-eyes@main      # always prefer to use a revision instead of `main`.
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # needed only when you want License-Eye to comment on the pull request.

Add a .licenserc.yaml in the root of your project, for Apache Software Foundation projects, the following configuration should be enough.

header:
  license:
    spdx-id: Apache-2.0
    copyright-owner: Apache Software Foundation

  paths-ignore:
    - 'dist'
    - 'licenses'
    - '**/*.md'
    - 'LICENSE'
    - 'NOTICE'

  comment: on-failure

NOTE: The full configurations can be found in the configuration section.

Docker Image

$ docker run -it --rm -v $(pwd):/github/workspace apache/skywalking-eyes header check
$ docker run -it --rm -v $(pwd):/github/workspace apache/skywalking-eyes header fix

Compile from Source

$ git clone https://github.com/apache/skywalking-eyes
$ cd skywalking-eyes
$ make build

Check License Header

$ bin/darwin/license-eye -c test/testdata/.licenserc_for_test_fix.yaml header check

INFO Loading configuration from file: test/testdata/.licenserc_for_test.yaml
INFO Totally checked 23 files, valid: 8, invalid: 8, ignored: 7, fixed: 0
ERROR The following files don't have a valid license header:
test/testdata/include_test/without_license/testcase.go
test/testdata/include_test/without_license/testcase.graphql
test/testdata/include_test/without_license/testcase.java
test/testdata/include_test/without_license/testcase.md
test/testdata/include_test/without_license/testcase.py
test/testdata/include_test/without_license/testcase.sh
test/testdata/include_test/without_license/testcase.yaml
test/testdata/include_test/without_license/testcase.yml
exit status 1

Fix License Header

$ bin/darwin/license-eye -c test/testdata/.licenserc_for_test_fix.yaml header fix

INFO Loading configuration from file: test/testdata/.licenserc_for_test_fix.yaml
INFO Totally checked 16 files, valid: 7, invalid: 8, ignored: 1, fixed: 8

Resolve Dependencies' licenses

$ bin/darwin/license-eye -c test/testdata/.licenserc_for_test_check.yaml dep resolve
INFO GITHUB_TOKEN is not set, license-eye won't comment on the pull request
INFO Loading configuration from file: test/testdata/.licenserc_for_test_check.yaml
WARNING Failed to resolve the license of dependency: gopkg.in/yaml.v3 cannot identify license content
Dependency                                  |      License
------------------------------------------- | ------------
github.com/bmatcuk/doublestar/v2            |          MIT
github.com/sirupsen/logrus                  |          MIT
golang.org/x/sys/unix                       | BSD-3-Clause
github.com/spf13/cobra                      |   Apache-2.0
github.com/spf13/pflag                      | BSD-3-Clause
vendor/golang.org/x/net/dns/dnsmessage      | BSD-3-Clause
vendor/golang.org/x/net/route               | BSD-3-Clause
golang.org/x/oauth2                         | BSD-3-Clause
golang.org/x/oauth2/internal                | BSD-3-Clause
vendor/golang.org/x/crypto/cryptobyte       | BSD-3-Clause
vendor/golang.org/x/crypto/cryptobyte/asn1  | BSD-3-Clause
golang.org/x/net/context/ctxhttp            | BSD-3-Clause
vendor/golang.org/x/crypto/chacha20poly1305 | BSD-3-Clause
vendor/golang.org/x/crypto/chacha20         | BSD-3-Clause
vendor/golang.org/x/crypto/internal/subtle  | BSD-3-Clause
vendor/golang.org/x/crypto/poly1305         | BSD-3-Clause
vendor/golang.org/x/sys/cpu                 | BSD-3-Clause
vendor/golang.org/x/crypto/curve25519       | BSD-3-Clause
vendor/golang.org/x/crypto/hkdf             | BSD-3-Clause
vendor/golang.org/x/net/http/httpguts       | BSD-3-Clause
vendor/golang.org/x/net/idna                | BSD-3-Clause
vendor/golang.org/x/text/secure/bidirule    | BSD-3-Clause
vendor/golang.org/x/text/transform          | BSD-3-Clause
vendor/golang.org/x/text/unicode/bidi       | BSD-3-Clause
vendor/golang.org/x/text/unicode/norm       | BSD-3-Clause
vendor/golang.org/x/net/http/httpproxy      | BSD-3-Clause
vendor/golang.org/x/net/http2/hpack         | BSD-3-Clause
gopkg.in/yaml.v3                            |      Unknown

ERROR failed to identify the licenses of following packages:
gopkg.in/yaml.v3

Configurations

header: # <1>
  license:
    spdx-id: Apache-2.0 # <2>
    copyright-owner: Apache Software Foundation # <3>
    content: | # <4>
      Licensed to Apache Software Foundation (ASF) under one or more contributor
      license agreements. See the NOTICE file distributed with
      this work for additional information regarding copyright
      ownership. Apache Software Foundation (ASF) licenses this file to you under
      the Apache License, Version 2.0 (the "License"); you may
      not use this file except in compliance with the License.
      You may obtain a copy of the License at

          http://www.apache.org/licenses/LICENSE-2.0

      Unless required by applicable law or agreed to in writing,
      software distributed under the License is distributed on an
      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
      KIND, either express or implied.  See the License for the
      specific language governing permissions and limitations
      under the License.

    pattern: | # <5>
      Licensed to the Apache Software Foundation under one or more contributor
      license agreements. See the NOTICE file distributed with
      this work for additional information regarding copyright
      ownership. The Apache Software Foundation licenses this file to you under
      the Apache License, Version 2.0 \(the "License"\); you may
      not use this file except in compliance with the License.
      You may obtain a copy of the License at

          http://www.apache.org/licenses/LICENSE-2.0

      Unless required by applicable law or agreed to in writing,
      software distributed under the License is distributed on an
      "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
      KIND, either express or implied.  See the License for the
      specific language governing permissions and limitations
      under the License.

  paths: # <6>
    - '**'

  paths-ignore: # <7>
    - 'dist'
    - 'licenses'
    - '**/*.md'
    - '**/testdata/**'
    - '**/go.mod'
    - '**/go.sum'
    - 'LICENSE'
    - 'NOTICE'
    - '**/assets/languages.yaml'
    - '**/assets/assets.gen.go'

  comment: on-failure # <8>

dependency: # <9>
  files: # <10>
    - go.mod
  1. The header section is configurations for source codes license header.
  2. The SPDX ID of the license, it’s convenient when your license is standard SPDX license, so that you can simply specify this identifier without copying the whole license content or pattern. This will be used as the content when fix command needs to insert a license header.
  3. The copyright owner to replace the [owner] in the SPDX-ID license template.
  4. If you are not using the standard license text, you can paste your license text here, this will be used as the content when fix command needs to insert a license header, if both license and SPDX-ID are specified, license wins.
  5. The pattern is an optional regexp. You don’t need this if all the file headers are the same as license or the license of SPDX-ID, otherwise you need to compose a pattern that matches your license texts.
  6. The paths are the path list that will be checked (and fixed) by license-eye, default is ['**']. Formats like **/*.md and **/bin/** are supported.
  7. The paths-ignore are the path list that will be ignored by license-eye. By default, .git and the content in .gitignore will be inflated into the paths-ignore list.
  8. On what condition License-Eye will comment the check results on the pull request, on-failure, always or never. Options other than never require the environment variable GITHUB_TOKEN to be set.
  9. dependency section is configurations for resolving dependencies' licenses.
  10. files are the files that declare the dependencies of a project, typically, go.mo in Go project, pom.xml in maven project, and package.json in NodeJS project. If it's a relative path, it's relative to the .licenserc.yaml.

NOTE: When the SPDX-ID is Apache-2.0 and the owner is Apache Software foundation, the content would be a dedicated license specified by the ASF, otherwise, the license would be the standard one.

Supported File Types

The header check command theoretically supports all kinds of file types, while the supported file types of header fix command can be found in this YAML file. In the YAML file, if the language has a non-empty property comment_style_id, and the comment style id is declared in the comment styles file, then the language is supported by fix command.

  • assets/languages.yaml

    Java:
  type: programming
  tm_scope: source.java
  ace_mode: java
  codemirror_mode: clike
  codemirror_mime_type: text/x-java
  color: "#b07219"
  extensions:
    - ".java"
  language_id: 181
  comment_style_id: SlashAsterisk

  • assets/languages.yaml

    - id: SlashAsterisk     # (i)
  start: '/*'           # (ii)
  middle: ' *'          # (iii)
  end: ' */'            # (iv)
    1. The comment_style_id used in assets/languages.yaml.
    2. The leading characters of the starting of a block comment.
    3. The leading characters of the middle lines of a block comment.
    4. The leading characters of the ending line of a block comment.

Contribution

  • If you find any file type should be supported by the aforementioned configurations, but it's not listed there, feel free to open a pull request to add the configuration into the two files.
  • If you find the license template of an SPDX ID is not supported, feel free to open a pull request to add it into the template folder.

License

Apache License 2.0

Contact Us

Owner
The Apache Software Foundation
The Apache Software Foundation
https://github.com/apache/skywalking-eyes https://skywalking.apache.org/
Comments
  • [Docs] Add a PlantUML activity diagram of header fixing mechanism

    [Docs] Add a PlantUML activity diagram of header fixing mechanism

    I took some time to create an activity diagram in descriptive PlantUML syntax which shows how the current header fixing mechanism works. I think this could simplify future discussions about the header fixing mechanism and its technical requirements.

    My original idea was to add this to PR #40 which is merged already, therefore I create this new PR. Feel free to refuse this PR, if the diagram or the SVG file is not desired (in this repository) or if you think this does not belong here.

  • add feature: support resolving pom.xml for maven

    add feature: support resolving pom.xml for maven

    Solution: copy, using mvn dependency:copy-dependencies, all dependencies and transitive dependencies, and then resolve license from the jar files.

    Known disadvantages:

    • depends on maven
    • replication of the jar files needs to read and write the disk
  • New feature: replace already existing license header based on pattern

    New feature: replace already existing license header based on pattern

    Example config snippet:

    header:
  license:
    #spdx-id: Apache-2.0 # the spdx id of the license, it's convenient when your license is standard SPDX license.
    copyright-owner: Example Ltd # the copyright owner to replace the [owner] in the `spdx-id` template.

    content: |
      Licensed Materials - Property of Example Ltd.
      (C) Copyright Example Ltd 2021-2022. All Rights Reserved.

    pattern: |
      Licensed Materials - Property of Example Ltd\.
      \(C\) Copyright Example Ltd [0-9-]+\. All Rights Reserved\.

  paths:
    - '**/*.go'
    - '**/*.sh'
    - '**/Dockerfile'
  • feat: list files by git when possible

    feat: list files by git when possible

    Although we try to use ignore pattern present by a .gitignore file, it's possible that users have a global git ignore settings or manually ignore a file.

    We can use git command to list files when runs under a git worksapce, and if there's no git workspace, we don't have to see .gitignore. Normally, it's via directly download and all ignored files already excluded. If users want to respect to the ignore pattern, they can simply git init.

    cc @kezhenxu94 @wu-sheng @fgksgf @spacewander

    Reference:

    • https://github.com/apache/skywalking/issues/7543
    • https://github.com/apache/skywalking/issues/7538
  • Add support for multiple licenses in the header config section

    Add support for multiple licenses in the header config section

    This allows for multiple license configurations to be contained within the same .licenserc.yaml file. The intended use is for a project that has multiple packages or modules with differing licenses.

    To do this we introduce a ConfigV2 config format since it is not valid YAML for a key to be either a dictionary or a sequence.

    We try to parse as V2 first, and fall back to V1.

  • [config]Support config license header comment style.

    [config]Support config license header comment style.

    Recently, I use this project to fix myself project license header, It is a GoLand project.

    I find that the header comment style config at the languages.yaml and styles.yaml, and it doesn't support config.

    The Go file license header comment style is //, like:

    // Licensed to the Apache Software Foundation (ASF) under one
// ... ...

    But I want the license header comment style is *, like:

    /*
 * Licensed to the Apache Software Foundation (ASF) under one
 * ... ...
 */

    So, I fix code and submit this PR.

    I add the config languages at the .licenserc.yaml, and the license header comment style use this file config preferentially, if this file doesn't have this config, it use the default config at the languages.yaml.

  • Enhance NPM dependency resolver to resolve all the dependent packages

    Enhance NPM dependency resolver to resolve all the dependent packages

    This patch enhances the NPM dependency resolver to resolve all the dependent packages. First, it runs the npm command npm ls --all --parseable to list all the packages' absolute paths. Then, each package's name is inferred from its relative path from the node_modules dir. Finally, walk through each package's root path to resolve licenses from the package.json file or the license file.

  • fix license header normalizer

    fix license header normalizer

    Why do we need this fix?

    As we are using license-eyes to check license header in our open-sourced projects, we notice that it can help detect unexpected changes in the license header, except the copyright line. In my opinion, it's also necessary to protect the copyright line from unintentional changes.

    How was this issue introduced?

    https://github.com/apache/skywalking-eyes/pull/46 introduced this line processor to ignore copyright line, mostly for the purpose of dependency resolution. However, in https://github.com/apache/skywalking-eyes/pull/107 starts using Google's license check for this purpose, and this line processor only works to ignore copyright line when checking / fixing license header.

    Reviewer

    @kezhenxu94

  • Add support for resolving npm dependencies' licenses

    Add support for resolving npm dependencies' licenses

    1. Parse the project package.json file to gather the required packages
    2. Run command 'npm install' to install or update the required node packages (can skip)
    3. Walk through each package's root directory to resolve licenses
      • STEP 1: Try to find and parse the package.json file to capture the license field
      • STEP 2: Try to find the license file to identify the license
  • Added .pre-commit-hooks.yaml

    Added .pre-commit-hooks.yaml

    This addition allows users of the pre-commit Git hook management tool to use Skywalking Eyes' license-eyes header fix command to automate fixing their license headers at regular points in the development lifecycle.

  • feature: support saving dependencies' licenses

    feature: support saving dependencies' licenses

    This is a missing but important feature that helps to organize the distribution package especially in ASF projects, it resolves and saves all LICENSE files of the dependencies.

Related tags
Utilities cli licensing tools license
dqlx is a fully featured DGraph Schema and Query Builder for Go.

dqlx is a fully featured DGraph Schema and Query Builder for Go. It aims to simplify the interaction with the awesome Dgraph database allowing you to fluently compose any queries and mutations of any complexity. It also comes with a rich Schema builder to easily develop and maintain your Dgraph schema.

Dec 17, 2022
Fully featured, spec-compliant HTML5 server-sent events library

go-sse Lightweight, fully spec-compliant HTML5 server-sent events library. Table of contents go-sse Table of contents Installation and usage Implement

Dec 5, 2022
A tool to check problems about meta files of Unity
 A tool to check problems about meta files of Unity

A tool to check problems about meta files of Unity on Git repositories, and also the tool can do limited autofix for meta files of auto-generated files.

Dec 22, 2022
Helper library for full uint64 randomness, pool backed for efficient concurrency

fastrand64-go Helper library for full uint64 randomness, pool backed for efficient concurrency Inspired by https://github.com/valyala/fastrand which i

Dec 5, 2021
A well tested and comprehensive Golang statistics library package with no dependencies.

Stats - Golang Statistics Package A well tested and comprehensive Golang statistics library / package / module with no dependencies. If you have any s

Dec 30, 2022
Little helper to create tar balls of an executable together with its ELF shared library dependencies.

Little helper to create tar balls of an executable together with its ELF shared library dependencies. This is useful for prototyping with gokrazy: htt

Sep 7, 2022
Go linter to check the struct literal to use field name

Structfield Find struct literals using non-labeled fields. The structfield analysis reports the usage of struct literal using non-labeled fields more

Aug 23, 2021
Log4j check with golang

log4jcheck Install go install github.com/michael1026/log4jcheck@latest Example Usage cat URLs | log4jcheck -user-agent -referer -server example.burpc

Dec 11, 2021
🤖🤝A tool to test and analyze storage and retrieval deal capability on the Filecoin network.

Dealbot A tool to test and analyze storage and retrieval deal capability on the Filecoin network. Getting Started Clone the repo and build: git clone

Sep 10, 2022
sigurls is a reconnaissance tool, it fetches URLs from AlienVault's OTX, Common Crawl, URLScan, Github and the Wayback Machine.

sigurls is a reconnaissance tool, it fetches URLs from AlienVault's OTX, Common Crawl, URLScan, Github and the Wayback Machine. DiSCLAIMER: fe

May 22, 2021
A tool and library for using structural regular expressions.

Structural Regular Expressions sregx is a package and tool for using structural regular expressions as described by Rob Pike (link).

Dec 7, 2022
tool for working with numbers and units

tool for working with numbers and units

Nov 26, 2022
Fast, lightweight and NOT reliable tool for downloading tons of images.

image-download-tool Fast, lightweight and NOT reliable tool for downloading tons of images. How to use Run .exe with --help flag Create json file with

May 12, 2022
Tiny Go tool for running multiple functions concurrently and collecting their results into an error slice.

Overview Short for "ConCurrent". Tiny Go tool for running multiple functions concurrently and collecting their results into an error slice. Dependency

Nov 22, 2021
Otx - otx tool can scrap to find sensitive information and vulnerable endpoint urls.
 Otx - otx tool can scrap to find sensitive information and vulnerable endpoint urls.

otx Description This tool is base on AlienVault Open Threat Exchange (OTX)? and this tool can help you to extract all the urls endpoints which can be

Sep 24, 2022
efaceconv - Code generation tool for high performance conversion from interface{} to immutable type without allocations.

efaceconv High performance conversion from interface{} to immutable types without additional allocations This is tool for go generate and common lib (

May 14, 2022
GoWrap is a command line tool for generating decorators for Go interfaces

GoWrap GoWrap is a command line tool that generates decorators for Go interface types using simple templates. With GoWrap you can easily add metrics,

Dec 30, 2022
Perforator is a tool for recording performance metrics over subregions of a program using the Linux "perf" interface.

Perforator Perforator is a tool for recording performance metrics over subregions of a program (e.g., functions) using the Linux "perf" interface.

Dec 15, 2022
a tool for creating exploited media files for discord

Discord-Exploits A program for creating exploited media files for discord written in Go. Usage discord-exploits is a command line utility, meaning you

Dec 29, 2021