search

google / go-licenses

A lightweight tool to report on the licenses used by a Go package and its dependencies. Highlight! Versioned external URL to licenses can be found at the same time.
Apache License 2.0
833 stars 125 forks source link

Bring back support for non go modules projects to v1.1+ #128

Open Bobgy opened 2 years ago

Bobgy commented 2 years ago

In v1.1, we made a breaking change of no longer supporting non go modules managed projects per discussions in https://github.com/google/go-licenses/issues/70. However, https://github.com/google/go-licenses/issues/125 seems to show that some users are still using GOPATH.

Creating this issue to track users who are still using GOPATH mode. Please thumbs up if this affected you or comment about your scenario.

Bobgy commented 2 years ago

JFYI, you can keep using go-licenses v1.0.0 before any further actions are taken.

go install github.com/google/go-licenses@v1.0.0
TylerGillson commented 1 year ago

@Bobgy this is impacting our GH actions using the following config:

jobs:
  golicense-pr-scan:
    runs-on: ubuntu-latest
    steps:
      - name: install-git
        run: sudo apt-get install -y git

      - name: install-golicenses
        run: GOBIN=/usr/local/bin go install github.com/google/go-licenses@latest

      - name: checkout
        uses: actions/checkout@v3

      - name: Configure git for private modules
        env:
          TOKEN: ${{ secrets.TOKEN }}
          USER: ${{ secrets.USER }}
        run: git config --global url."https://${USER}:${TOKEN}@github.com".insteadOf "https://github.com"

      - name: Set up Go
        uses: actions/setup-go@v3
        with:
          go-version: 1.21

      - name: golicense-scan
        run: |
          go-licenses check ./... --ignore github.com/myorg

We can't downgrade to v1.0.0 as we require --ignore. Any suggestions?

TylerGillson commented 9 months ago

Simply changing go-licenses check ./... --ignore github.com/myorg to go-licenses check --ignore github.com/myorg ./... fixed this for me 🤦🏼‍♂️

jbw976 commented 1 month ago

I ran into this today when trying to do a license scan of the https://github.com/crossplane/crossplane project.

go install github.com/google/go-licenses@latest
git clone https://github.com/crossplane/crossplane.git
cd crossplane
go-licenses csv ./...

That shows many error messages like the following in the output:

E0918 09:17:45.767529   80705 library.go:117] Package bytes does not have module info. Non go modules projects are no longer supported. For feedback, refer to https://github.com/google/go-licenses/issues/128.
E0918 09:17:45.767626   80705 library.go:117] Package fmt does not have module info. Non go modules projects are no longer supported. For feedback, refer to https://github.com/google/go-licenses/issues/128.
E0918 09:17:45.785420   80705 library.go:117] Package errors does not have module info. Non go modules projects are no longer supported. For feedback, refer to https://github.com/google/go-licenses/issues/128.
E0918 09:17:45.803444   80705 library.go:117] Package cmp does not have module info. Non go modules projects are no longer supported. For feedback, refer to https://github.com/google/go-licenses/issues/128.
E0918 09:17:45.803465   80705 library.go:117] Package sort does not have module info. Non go modules projects are no longer supported. For feedback, refer to https://github.com/google/go-licenses/issues/128.
...

Looks like it's mostly the standard library. I was able to get some license scan output after running go install github.com/google/go-licenses@v1.0.0. Is there a different way I should be invoking latest to work successfully?

initialed85 commented 1 month ago

@TylerGillson

Simply changing go-licenses check ./... --ignore github.com/myorg to go-licenses check --ignore github.com/myorg ./... fixed this for me 🤦🏼‍♂️

Legend, that same fix worked for me too

EDIT: Sorry, the opposite is true for me lol (I had ./... last, now I have it first)- I am at least unblocked now though.