search

google / go-licenses

A lightweight tool to report on the licenses used by a Go package and its dependencies. Highlight! Versioned external URL to licenses can be found at the same time.
Apache License 2.0
833 stars 125 forks source link

Help Wanted: `go-licenses csv ...` command returned incorrectly formed go-package licenses URLs (inaccessible URLs) #131

Open Priyankasaggu11929 opened 2 years ago

Priyankasaggu11929 commented 2 years ago

I've been working on a bash utility script - verify-licenses.sh that verifies licenses for the go-packages used by the upstream Kubernetes Project, against the CNCF approved list of licenses.

We ran across an issue where executing the go-licenses csv ... command against Kubernetes project repo, produced a list of incorrectly formed Licenses URLs (inaccessible URLs) for a few go-packages, where in reality, those packages have valid accessible licenses present in the project.

Below is snippet from the script logs, with name/urls of the go-packages in question. (Please find the full script logs here)

go-licenses csv --git_remote "licenses" ./...

....
....
....
github.com/Azure/go-autorest/autorest                                                                :  Apache-2.0           : https://github.com/Azure/go-autorest/blob/autorest/v0.11.18/autorest/LICENSE
github.com/Azure/go-autorest/autorest/adal                                                           :  Apache-2.0           : https://github.com/Azure/go-autorest/blob/autorest/adal/v0.9.13/autorest/adal/LICENSE
github.com/Azure/go-autorest/autorest/date                                                           :  Apache-2.0           : https://github.com/Azure/go-autorest/blob/autorest/date/v0.3.0/autorest/date/LICENSE
github.com/Azure/go-autorest/autorest/mocks                                                          :  Apache-2.0           : https://github.com/Azure/go-autorest/blob/autorest/mocks/v0.4.1/autorest/mocks/LICENSE
github.com/Azure/go-autorest/autorest/to                                                             :  Apache-2.0           : https://github.com/Azure/go-autorest/blob/autorest/to/v0.4.0/autorest/to/LICENSE
github.com/Azure/go-autorest/autorest/validation                                                     :  Apache-2.0           : https://github.com/Azure/go-autorest/blob/autorest/validation/v0.1.0/autorest/validation/LICENSE
github.com/Azure/go-autorest/logger                                                                  :  Apache-2.0           : https://github.com/Azure/go-autorest/blob/logger/v0.2.1/logger/LICENSE
github.com/Azure/go-autorest/tracing                                                                 :  Apache-2.0           : https://github.com/Azure/go-autorest/blob/tracing/v0.6.0/tracing/LICENSE
github.com/blang/semver/v4                                                                           :  MIT                  : https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE
....
....

For example:

For more context/information, check the WIP PR: https://github.com/kubernetes/kubernetes/pull/109299

Help Wanted / Solution

We need help with implementing a fix/workaround for the 'go-licenses csv...' command so that it returns correctly formatted accessible URLs for go-packages that have valid licences present in their source code repository.

Bobgy commented 2 years ago

The problem seems identical to https://github.com/google/go-licenses/issues/73#issuecomment-1019453152.

Bobgy commented 2 years ago

I have an open https://github.com/google/go-licenses/pull/110 to resolve the issue.

Not sure if the PR still compiles, can you try that branch?

Why not merged yet?

Since you asked, I can try to revisit the PR.

Priyankasaggu11929 commented 2 years ago

Thanks @Bobgy for the prompt response & pointers ^.

Not sure if the PR still compiles, can you try that branch?

I'll try testing with the PR branch.