GitHub Action for detecting license names and types

Detect license names and types for Python PyPI packages. Identify license types for given license names obtained by third-party tools. Great coverage of free/libre and open source licenses of all types: public domain, permissive, copyleft.

Supported formats:

• Python: packages or requirements.txt (detect license name and license type)
• JavaScript: CSV files generated by license-checker (detect license type)
• iOS: Apple Plist files generated by CocoaPods Acknowledgements plugin (detect license type)
• Android: JSON files generated by Gradle License Plugin (detect license type)
• Other: CSV files with package name and license name columns (detect license type).

Based on pip-license-check command-line tool.

Usage examples

Check all Python packages including transitive dependencies

jobs:
  license_check:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout the code
      uses: actions/checkout@v2
      with:
        fetch-depth: 0
    - name: Setup Python
      uses: actions/setup-python@v2
      with:
        python-version: '3.6'
    - name: Get explicit and transitive dependencies
      run: |
        pip install -r requirements.txt
        pip freeze > requirements-all.txt
    - name: Check python
      id: license_check_report
      uses: pilosus/action-pip-license-checker@v2
      with:
        requirements: 'requirements-all.txt'
        fail: 'Copyleft'
        exclude: '(?i)^(pylint|aio[-_]*).*'
    - name: Print report
      if: ${{ always() }}
      run: echo "${{ steps.license_check_report.outputs.report }}"

Check CSV file generated by JavaScript license-checker package

jobs:
  license_check:
    runs-on: ubuntu-lastest
    steps:
    ...
    - name: Check license-checker CSV file without headers
      id: license_check_report
      uses: pilosus/action-pip-license-checker@v2
      with:
        external: 'npm-license-checker.csv'
        external-format: 'csv'
        external-options: '{:skip-header true}'
        fail: 'StrongCopyleft,NetworkCopyleft,Other,Error'
        fails-only: true
        exclude: 'your-company-name.*'
        exclude-license: '(?i)copyright'
        totals: true
        verbose: 1
        github-token: ${{ secrets.OAUTH_TOKEN_GITHUB }}
        ...

Check JSON file generated by Android gradle-license-plugin package

jobs:
  license_check:
    runs-on: ubuntu-latest
    steps:
    ...
    - name: Check gradle-license-plugin JSON file
      id: license_check_report
      uses: pilosus/action-pip-license-checker@v2
      with:
        external: 'gradle-license-plugin.json'
        external-format: 'gradle'
        external-options: '{:fully-qualified-names false}'
        fail: 'StrongCopyleft,NetworkCopyleft,Other,Error'
        fails-only: true
        exclude: 'your-company-name.*'
        totals: true
        ...

Check Plist file generated by iOS cocoapods-acknowledgements package

jobs:
  license_check:
    runs-on: ubuntu-latest
    steps:
    ...
    - name: Check cocoapods-acknowledgements Plist file
      id: license_check_report
      uses: pilosus/action-pip-license-checker@v2
      with:
        external: 'cocoapods-acknowledgements.plist'
        external-format: 'cocoapods'
        external-options: '{:skip-header true :skip-footer true}'
        fail: 'StrongCopyleft,NetworkCopyleft,Other,Error'
        fails-only: true
        exclude: 'your-company-name.*'
        totals: true
        ...

Generate a report as a downloadable file

By using the report-format input field and a third-party actions/upload-artifact action you can save the report as a file and download it. In the following example the license check report is generated in json-pretty format and saved as a GitHub workflow artifact:

jobs:
  license_check:
    runs-on: ubuntu-latest
    steps:
    ...
      - name: Check licenses
        id: license_check_report
        uses: pilosus/action-pip-license-checker@5b5956a1093c68ebac6ff53c8427790d04ee5c26
        with:
          external: 'licenses.csv'
          external-format: 'csv'
          external-options: '{:skip-header false :package-column-index 0 :license-column-index 2}'
          report-format: 'json-pretty'
          formatter: '%-65s %-65s %-20s %-40s'
          totals: true
          headers: true
          fail: 'StrongCopyleft,NetworkCopyleft,Other,Error'
          verbose: 1
      - name: Save report
        if: ${{ always() }}
        run: echo "${{ steps.license_check_report.outputs.report }}" > license-report.json
      - name: Upload artifact
        if: ${{ always() }}
        uses: actions/upload-artifact@v3
        with:
          name: license-report
          path: license-report.json

Then the report can be downloaded as an archived artifact.

Supported file formats and their options

See the documentation.

Integration examples

• Explicit dependencies only and its action run
• Explicit and transitive dependencies and its action run
• Third-party license list in CSV file and its action run

Inputs

All the inputs correspond with pip-license-checker's options.

requirements

Path to requirements file, e.g. requirements.txt. Separate multiple files with comma: file1.txt,file2.txt,file3.txt.

external

Path to an external file. Separate multiple files with comma: file1.csv,file2.csv,file3.csv.

Used to check license types for the list of given packages with their licenses.

Allows to check license types for JavaScript, Java or any other dependencies with known licenses in one of the supported file formats.

external-format

External file format: csv, cocoapods, gradle, etc.

See the full list of supported formats and their documentation here.

external-options

String of options in EDN format.

See the documentation for more details.

fail

Return non-zero exit code if license type provided via the input is found. Use one of the following values:

• WeakCopyleft
• StrongCopyleft
• NetworkCopyleft
• Copyleft (includes all of above types of copyleft)
• Permissive
• Other (EULA, other non standard licenses)
• Error (package or its license not found)

Separate multiple license types with comma: Copyleft,Other,Error.

fails-only

Print only packages of license types specified with fail input.

exclude

Regular expression (PCRE) to exclude matching packages from the check.

exclude-license

Regular expression (PCRE) to exclude matching license names from the check.

pre

Include pre-release and development versions.

totals

Print totals for license types found. Totals appended after the detailed list of the packages.

totals-only

Print only totals for license types found, do not include the detailed list of the packages checked.

headers

Print table headers for detailed list of the packages.

report-format

Report format: stdout (default), json, json-pretty, csv.

formatter

Printf-style formatter string for report formatting. Default value is %-35s %-55s %-30s.

github-token

GitHub OAuth Token to increase rate-limits when requesting GitHub API. Recommended to keep a token as a GitHub secret.

verbose

Output verbosity level:

• 0 (or false, default) - no verbosity
• 1 (or true) - errors only
• 2 - errors, info
• 3 - errors, info, debug

Levels 1 and higher add a Misc column to a report table.

Outputs

report

License check report.

Contributing

See Contributing guide.

Disclaimer

Software is provided on an "as-is" basis and makes no warranties regarding any information provided through it, and disclaims liability for damages resulting from using it. Using the software does not constitute legal advice nor does it create an attorney-client relationship.