google / addlicense Goto Github PK
View Code? Open in Web Editor NEWA program which ensures source code files have copyright license headers by scanning directory patterns recursively
License: Apache License 2.0
A program which ensures source code files have copyright license headers by scanning directory patterns recursively
License: Apache License 2.0
The readme has an example command using docker, but it fails
docker run -v ${PWD}:/go/src/app/ -it google/addlicense -c "Google LLC" *.go
docker pull google/addlicense
Using default tag: latest
Error response from daemon: pull access denied for google/addlicense, repository does not exist or may require 'docker login': denied: requested access to the resource is denied
Even after reading the home page several times, it took me a while to figure out that the basic thing I wanted to do simply required passing "." as a pattern. Could that be added to the README?
I have many directories with go code. For the addlicence works, I have to do this:
docker run --rm -it -v ${PWD}:/src ghcr.io/google/addlicense \
-check \
-ignore "**/*.swagger.go" \
-ignore "**/**/*.swagger.go" \
*/*/*.go
**/**/**/**/**/**/*.go \
**/**/**/**/**/*.go \
**/**/**/**/*.go \
**/**/**/*.go \
**/**/*.go \
**/*.go \
*.go
Is there a better way only to check Golang code in any path? And ignore some file patterns in any path?
I have just found out that addlicense does not modify the copyright year if a license text is already present. Could it be extended to check whether the license text + copyright holder + year is actually present? Currently it is e.g. not possible to switch to a new license by re-running addlicense -l $new_license
without having to delete all existing license texts or to bump the copyright year.
It would be great to have a non-multiline comment support enabled with a new flag. Multiline comments /*\n*\n*\n*/
takes more lines and makes it harder to read for me. Here is a simple proposal:
$ touch foo.c
$ addlicense -s=only -c Furkan .
Actual: (Multiline comment)
/*
* Copyright 2022 Furkan
* SPDX-License-Identifier: Apache-2.0
*/
New flag way: (comment)
// Copyright 2022 Furkan
// SPDX-License-Identifier: Apache-2.0
Docker container to run addlicense from.
A Dockerfile is included in the Nokia fork of addlicense. An image is also available on dockerhub if you are interested.
The tool adds license header on top of <?xml which breaks XML files.
Same for HTML.
Sometimes it's necessary to set a year span in the license header, e.g. "2010-2019", but it's only possible to pass integers. Any chance this feature could be added?
Seems like this is required now.
I just discovered go-enry, which GitHub is using in parts of their new code search. It looks like there may be a bit there that would be useful for automatically excluding generated, vendored, and binary files. I don't think they track comment style, so we couldn't replace that, but this other stuff looks useful.
Hi, can addlicense
support adding the license header to .txt, .patch and .tmpl files? Or is it intentional to not support these use cases?
We want to use addlicense
to add the license header to various types of files automatically and we're willing to contribute if it is not a design decision to not support them.
I'm using the addlicense container like so:
$ podman run --rm -v $PWD:/src ghcr.io/google/addlicense -v -check -ignore node_modules/** .
But this doesn't skip node_modules
directory. However, if I changed it to -ignore=node_modules/**
, then it skips node_modules
as expected.
If this isn't a bug then it should be made clear in the readme that =
is required
We (w/@Dentrax) thought that in scenarios such as checking license headers, we use addlicence tool like the following way:
license-check:
name: license boilerplate check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: '1.17.x'
- name: Install addlicense
run: go install github.com/google/addlicense@latest
- name: Check license headers
run: |
set -e
addlicense -l apache -c 'The Sigstore Authors' -v *
git diff --exit-code
As you can see from the above GitHub Action definition, we use additional git commands to check that is there any leaked license headers in the codebase, so, what we are proposing is that we add this logic into addlicence tool with an additional flag-like --fail-on-diff
.
Currently if the year is set to empty string -y=""
the first header will have two consecutive empty spaces between Copyright
and Holder
.
Now:
// Copyright[ ][ ]OpenTelemetry Authors
After:
// Copyright[ ]OpenTelemetry Authors
Unless I'm missing something in the documentation, there's no way to update the license and apply this change in the relevant files. This is particularly important when the year span changes and an update mechanism would be useful.
On some runs, freuqnetly enough, this completely erases the existing code, and replaces it with license text.
My guess is that there's perhaps a race condition somewhere in the code.
To replicate this, the following works for me -
find | xargs ~/go/bin/addlicense
I have about 15 files.
There's a good chance that this erases one of my files with just the license. If it didn't -
git reset --hard
And go to step 1 until you see this happening.
License could have different formats. For Instance, instead of string "copyright" some licenses just has "(c)". As of now this plugin just checks for string "copyright".
Line 289 in a029431
This tool right now adds a link with http:// for Apache 2.0 license
// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
but some of our internal tests check for https://
. https://github.com/GoogleCloudPlatform/golang-samples/blob/73d60a5de091dcdda5e4f753b594ef18eee67906/license_test.go#L32
I know the license text itself uses http://
to apply the license, but should we switch to https://?
Would be nice to have a way to specify ignore pattern(s) in form of regex applied to path of the file(from project's root(e.g. current directry for the tool)).
I just tried SPDX flag first time and noticed addlicense adds copyright line before the SPDX identifier.
$ addlicense -s=only -c Furkan .
Actual:
Copyright ...
SPDX-License-Identifier:
My expectation according to other open source projects, solidity, etc.:
SPDX-License-Identifier:
Copyright ...
Any ways to reorder of those? Shouldn't the right way is the bottom one?
This is a feature request: for a caller, it would be good to know if the execution modified any file (e.g., as part of a presubmit test). One option is to change the exit code if at least one file has been modified. Another option (I would recommend) is to add an option (for instance, -l
) which will print all the filenames that have been modified (see discussion at golang/go#24230 for a similar idea).
Happy to send a PR for option 2, if likely to be merged. Thanks.
Hey folks,
Is there any way to ignore subdirectories based on the directory name? We currently have a lerna monorepo and I find it difficult to exclude multiple node_modules
folders.
The optimal would be to use it like this
addlicense -c "Neo4j Inc." -f license.txt -check ./**/*.{js,ts,css} -ignore **/node_modules/*
but it doesn't seem to work.
The directories also are in the following tree structure
.
├── CONTRIBUTING.md
├── README.md
├── lerna.json
├── license.js
├── license.txt
├── node_modules
├── package.json
├── packages
│ ├── base
│ │ ├── node_modules
│ │ ├── package.json
│ │ ├── src
│ ├── html-storybook
│ │ ├── node_modules
│ │ ├── package.json
│ ├── react
│ │ ├── node_modules
│ │ ├── package.json
│ │ ├── src
│ │ └── tsconfig.json
│ └── react-storybook
│ ├── node_modules
│ ├── package.json
│ └── src
├── tsconfig.json
└── yarn.lock
I would like to know which version of addlicense I have installed to know whether I need to install a new one to fix a bug or update to the version a repo has pinned.
Logs like:
#5 18.53 # github.com/golang/dep/gps
#5 18.53 pkg/mod/github.com/golang/[email protected]/gps/constraint.go:103:21: cannot use sv (type *semver.Version) as type semver.Version in field value
#5 18.53 pkg/mod/github.com/golang/[email protected]/gps/constraint.go:122:16: invalid type assertion: c.(semver.Version) (non-interface type *semver.Constraints on left)
#5 18.53 pkg/mod/github.com/golang/[email protected]/gps/constraint.go:149:4: undefined: semver.Constraint
Relates to issue: golang/dep#2223
Can be fixed by using this suggestion on that issue: golang/dep#2223 (comment)
It looks like y'all are doing a conversion to print ampersand for an html file. I'm working in a plain text code base so this kind of conversion doesn't make much sense.
Both local and global one
The capability to list files that will be modified, but without modifying them, will be very useful.
This will also allow addlicense
to be used in CI environments, git-hooks, etc., to ensure licensing compliance.
Questions:
I'm looking to integrate addLicense into an existing suite of internal FOSS compliance-related tooling, and part of that would be eased by decoupling the addLicense functions from the CLI-specific code that uses them. I'd like to propose the following changes (which I will happily create a PR for), but I wanted to check in with maintainers prior to doing so:
main()
into a function that consists solely of flag parsing and calling a new Run()
functionmain()
into a Run()
function that takes in the parsed flag values and executes everything else (goroutines, etc)fileMatches
, addLicense
, licenseHeader
, isGenerated
, and hasLicense
@willnorris et al, are there any thoughts or concerns about that approach? My over-arching goal is to increase composability.
addlicense
currently always modifies source files in-place. This makes it difficult to use in scripts or integrate into other formatting tools, such as the fix
Mercurial extension.
Since the filename is unknown when operating on content from stdin, this would entail adding an option to specify the filename to assume. For example, clang-format
has an --assume-filename
option for this purpose.
Hi maintainers,
There are couple of cool fixes since your last release, would you mind doing a new release?
I used the command:
go get github.com/google/[email protected]
And the download started. However, it was interrupted by thiss error message:
build github.com/google/addlicense: cannot load io/fs: malformed module path "io/fs": missing dot in first path element
This is the whole download:
$ go get github.com/google/[email protected]
go: finding github.com v1.0.0
go: finding github.com/google v1.0.0
go: downloading github.com/bmatcuk/doublestar/v4 v4.0.2
go: downloading golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e
go: extracting golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e
go: extracting github.com/bmatcuk/doublestar/v4 v4.0.2
go: finding golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e
go: finding github.com/bmatcuk/doublestar/v4 v4.0.2
build github.com/google/addlicense: cannot load io/fs: malformed module path "io/fs": missing dot in first path element
Hello :)
Currently .h
files use /*
style comments, and I'd like to contribute a way to use //
comments instead. I presume just changing the default is not an option, so I'd like to ask what would be the most principled solution. A command line flag?
Would be nice for example to configure comment styles for different file extensions in a config file, instead of having to modify the source code. The config file could also be used to configure paths to ignore, or to configure the patterns that determine whether a file already has a license header.
Implementations of these features are included in the Nokia fork of addlicense. If you are interested in pulling only some parts, see the different branches there.
When licenses are added for files which prefix licenses with " * ", any empty lines end up generating trailing whitespace. This is undesirable and should instead be removed.
There is no point in having copyright headers in generated files. The standard for ignoring generated files in Go is the regexp ^// Code generated .* DO NOT EDIT\.$
.
See go generate help at;
https://github.com/golang/go/blob/go1.14.2/src/cmd/go/internal/generate/generate.go#L56
CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
HEREUNDER.
It seems the majority of Java projects puts the license on top of the file via multiple comments /* ... */
, but addlicense
uses //
for Java and Kotlin:
Lines 220 to 221 in a029431
Is there any reason for this? If not, I think we should move .java
, .kt
and .kts
a few lines above with other languages that use /* ... */
.
we've (w/@Dentrax) just noticed that this project currently uses GoReleaser to make a new release, and the buildx
tool to build and push container images, so, we can use GoReleaser to do the same for container images. By doing so, we can remove an additional step in the GitHub Actions workflow for building/pushing container images, also, we can sign our container images or binaries with cosign too.
Feel free to assign this to us, if you agree with this idea, we would love to work on this 🥳
The Apache License template indents the URL with 5 spaces:
Lines 104 to 111 in 53d978a
where the letter h
is under a
:
You may obtain a copy of the License at
|
http://www.apache.org/licenses/LICENSE-2.0
The generated license also indent with 5 spaces:
Lines 1 to 8 in 53d978a
In the Apache official license template: https://www.apache.org/licenses/LICENSE-2.0#apply
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
The URL is indented by 4 spaces and the letter h
is under m
.
You can also find the LICENSE file is indent by 4 spaces (h
under m
):
Lines 190 to 197 in 53d978a
$ go get -u github.com/google/addlicense
go get: installing executables with 'go get' in module mode is deprecated.
Use 'go install pkg@version' instead.
For more information, see https://golang.org/doc/go-get-install-deprecation
or run 'go help get' or 'go help install'.
#83 adds support for publishing pre-built artifacts and docker image when git tags are pushed. The question now is, what version is the first tagged release? Is it v0.0.1
, v0.1.0
or v1.0.0
?
As @crazy-max noted in #83, we definitely want to follow semver on subsequent releases, but because there never has been a previous release, there are no real constraints on whether this is considered a v0
or v1
release.
Personally, I'm leaning toward v1.0.0
. The tool has been around for a while and is quite stable. And it is also widely enough adopted by major projects (etcd, opentelemetry, kubeflow, kubernetes, ossf/scorecard among many others) that we need to treat the current API as stable, regardless of the lack of a formal v1.0 release.
@mco-gh what do you think?
I installed Go and then installed as instructed by the readme:
go get -u github.com/google/addlicense
addlicense
is still not an executable on my system as far as I can tell. How do I run addlicense
?
I've found that in recent versions of addlicense, any file generated by stringer is skipped or has its license comment striped, if present.
The files generated by strinnger have the following file header comments:
// Code generated by "stringer -type=EVENT"; DO NOT EDIT.
The "EVENT" value changes between files but the rest of the comment is standard. I suspect something in that comment is causing the file to be skipped by addlicense.
Unfortunately, it doesn't just skip those files, it actively strips the addlicense comment if you add it manually.
Hello there,
I'm using this on nancy
, and more or less, great tool!
However, it's a bit too nuclear with the .
pattern, and adding licenses to files that we need to exclude (primarily GitHub templates, but we also don't really need licenses on files that really don't have IP (Dockerfile, gorelease.yml, etc...), so I was looking at using the pattern to basically only check and apply to **/*.go
files, and maybe a couple others here and there. There isn't really much documentation I can see on pattern
, so I figured I'd ask about usage, and then send y'all a PR with it included in the README for other goofballs like myself!
Cheers!
Hi,
From what I see for some reason license added to the .java
files in comment
style.
When addlicense
tool supports the common style which is already applied to the ".c" files.
https://github.com/google/addlicense/blob/master/main.go#L216-L217
Would you accept the PR to change that style?
Example from Spring boot project (probably the most common case of the Java project)
https://github.com/spring-projects/spring-boot/blob/master/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/OnEndpointElementCondition.java#L1
The tool only supports line comments at this time. Additionally, it will not detect existing general comment blocks, causing duplication where these have been used.
Example diff:
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
/*
Licensed under the Apache License, Version 2.0 (the "License");
addlicense with a PHP file introduces the license header within separate PHP tags <?php ... ?>
and introduces a blank line.
@@ -1,4 +1,20 @@
<?php
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+?>
+
+<?php
namespace App;
This style of change causes Symfony to fail:
...
[builder] Script cache:clear returned with error code 255
[builder] !!
[builder] !!
[builder] !! Fatal error: Namespace declaration statement has to be the very first statement or after any declare call in the script in /workspace/src/Kernel.php on line 19
[builder] !! Symfony\Component\ErrorHandler\Error\FatalError {#19
[builder] !! -error: array:4 [
[builder] !! "type" => 64
[builder] !! "message" => "Namespace declaration statement has to be the very first statement or after any declare call in the script"
[builder] !! "file" => "/workspace/src/Kernel.php"
[builder] !! "line" => 19
[builder] !! ]
[builder] !! #message: "Compile Error: Namespace declaration statement has to be the very first statement or after any declare call in the script"
[builder] !! #code: 0
[builder] !! #file: "./src/Kernel.php"
[builder] !! #line: 19
[builder] !! }
Changing the header to be within the original PHP tags keeps Symfony happy.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.