action-pip-license-checker
action-pip-license-checker copied to clipboard
GitHub Action for license compliance: Python, JavaScript, iOS, Android and more.
GitHub Action for detecting license names and types
Detect license names and types for Python PyPI packages. Identify license types for given license names obtained by third-party tools. Great coverage of free/libre and open source licenses of all types: public domain, permissive, copyleft.
Supported formats:
-
Python: packages or
requirements.txt
(detect license name and license type) - JavaScript: CSV files generated by license-checker (detect license type)
- iOS: Apple Plist files generated by CocoaPods Acknowledgements plugin (detect license type)
- Android: JSON files generated by Gradle License Plugin (detect license type)
- Other: CSV files with package name and license name columns (detect license type).
Based on pip-license-check command-line tool.
Usage examples
Check all Python packages including transitive dependencies
jobs:
license_check:
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: '3.6'
- name: Get explicit and transitive dependencies
run: |
pip install -r requirements.txt
pip freeze > requirements-all.txt
- name: Check python
id: license_check_report
uses: pilosus/action-pip-license-checker@v2
with:
requirements: 'requirements-all.txt'
fail: 'Copyleft'
exclude: '(?i)^(pylint|aio[-_]*).*'
- name: Print report
if: ${{ always() }}
run: echo "${{ steps.license_check_report.outputs.report }}"
Check CSV file generated by JavaScript license-checker
package
jobs:
license_check:
runs-on: ubuntu-lastest
steps:
...
- name: Check license-checker CSV file without headers
id: license_check_report
uses: pilosus/action-pip-license-checker@v2
with:
external: 'npm-license-checker.csv'
external-format: 'csv'
external-options: '{:skip-header true}'
fail: 'StrongCopyleft,NetworkCopyleft,Other,Error'
fails-only: true
exclude: 'your-company-name.*'
exclude-license: '(?i)copyright'
totals: true
verbose: 1
github-token: ${{ secrets.OAUTH_TOKEN_GITHUB }}
...
Check JSON file generated by Android gradle-license-plugin
package
jobs:
license_check:
runs-on: ubuntu-latest
steps:
...
- name: Check gradle-license-plugin JSON file
id: license_check_report
uses: pilosus/action-pip-license-checker@v2
with:
external: 'gradle-license-plugin.json'
external-format: 'gradle'
external-options: '{:fully-qualified-names false}'
fail: 'StrongCopyleft,NetworkCopyleft,Other,Error'
fails-only: true
exclude: 'your-company-name.*'
totals: true
...
Check Plist file generated by iOS cocoapods-acknowledgements
package
jobs:
license_check:
runs-on: ubuntu-latest
steps:
...
- name: Check cocoapods-acknowledgements Plist file
id: license_check_report
uses: pilosus/action-pip-license-checker@v2
with:
external: 'cocoapods-acknowledgements.plist'
external-format: 'cocoapods'
external-options: '{:skip-header true :skip-footer true}'
fail: 'StrongCopyleft,NetworkCopyleft,Other,Error'
fails-only: true
exclude: 'your-company-name.*'
totals: true
...
Generate a report as a downloadable file
By using the report-format
input field and a third-party
actions/upload-artifact
action you can save the report as a file and download it. In the
following example the license check report is generated in
json-pretty
format and saved as a GitHub workflow artifact:
jobs:
license_check:
runs-on: ubuntu-latest
steps:
...
- name: Check licenses
id: license_check_report
uses: pilosus/action-pip-license-checker@5b5956a1093c68ebac6ff53c8427790d04ee5c26
with:
external: 'licenses.csv'
external-format: 'csv'
external-options: '{:skip-header false :package-column-index 0 :license-column-index 2}'
report-format: 'json-pretty'
formatter: '%-65s %-65s %-20s %-40s'
totals: true
headers: true
fail: 'StrongCopyleft,NetworkCopyleft,Other,Error'
verbose: 1
- name: Save report
if: ${{ always() }}
run: echo "${{ steps.license_check_report.outputs.report }}" > license-report.json
- name: Upload artifact
if: ${{ always() }}
uses: actions/upload-artifact@v3
with:
name: license-report
path: license-report.json
Then the report can be downloaded as an archived artifact.
Supported file formats and their options
See the documentation.
Integration examples
- Explicit dependencies only and its action run
- Explicit and transitive dependencies and its action run
- Third-party license list in CSV file and its action run
Inputs
All the inputs correspond with pip-license-checker
's
options.
requirements
Path to requirements file, e.g. requirements.txt
. Separate multiple files with comma: file1.txt,file2.txt,file3.txt
.
external
Path to an external file. Separate multiple files with comma: file1.csv,file2.csv,file3.csv
.
Used to check license types for the list of given packages with their licenses.
Allows to check license types for JavaScript, Java or any other dependencies with known licenses in one of the supported file formats.
external-format
External file format: csv
, cocoapods
, gradle
, etc.
See the full list of supported formats and their documentation here.
external-options
String of options in EDN format.
See the documentation for more details.
fail
Return non-zero exit code if license type provided via the input is found. Use one of the following values:
-
WeakCopyleft
-
StrongCopyleft
-
NetworkCopyleft
-
Copyleft
(includes all of above types of copyleft) -
Permissive
-
Other
(EULA, other non standard licenses) -
Error
(package or its license not found)
Separate multiple license types with comma: Copyleft,Other,Error
.
fails-only
Print only packages of license types specified with fail
input.
exclude
Regular expression (PCRE) to exclude matching packages from the check.
exclude-license
Regular expression (PCRE) to exclude matching license names from the check.
pre
Include pre-release and development versions.
totals
Print totals for license types found. Totals appended after the detailed list of the packages.
totals-only
Print only totals for license types found, do not include the detailed list of the packages checked.
headers
Print table headers for detailed list of the packages.
report-format
Report format: stdout
(default), json
, json-pretty
, csv
.
formatter
Printf-style formatter string for report formatting. Default value is %-35s %-55s %-30s
.
github-token
GitHub OAuth Token to increase rate-limits when requesting GitHub API. Recommended to keep a token as a GitHub secret.
verbose
Output verbosity level:
- 0 (or
false
, default) - no verbosity - 1 (or
true
) - errors only - 2 - errors, info
- 3 - errors, info, debug
Levels 1 and higher add a Misc
column to a report table.
Outputs
report
License check report.
Contributing
See Contributing guide.
Disclaimer
Software is provided on an "as-is" basis and makes no warranties regarding any information provided through it, and disclaims liability for damages resulting from using it. Using the software does not constitute legal advice nor does it create an attorney-client relationship.