Detect license names and types for Python PyPI packages. Identify license types for given license names obtained by third-party tools. Great coverage of free/libre and open source licenses of all types: public domain, permissive, copyleft.
Supported formats:
- Python: packages or
requirements.txt(detect license name and license type) - JavaScript: CSV files generated by license-checker (detect license type)
- iOS: Apple Plist files generated by CocoaPods Acknowledgements plugin (detect license type)
- Android: JSON files generated by Gradle License Plugin (detect license type)
- Other: CSV files with package name and license name columns (detect license type).
Based on pip-license-check command-line tool.
jobs:
license_check:
runs-on: ubuntu-latest
steps:
- name: Checkout the code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Setup Python
uses: actions/setup-python@v2
with:
python-version: '3.6'
- name: Get explicit and transitive dependencies
run: |
pip install -r requirements.txt
pip freeze > requirements-all.txt
- name: Check python
id: license_check_report
uses: pilosus/action-pip-license-checker@v2
with:
requirements: 'requirements-all.txt'
fail: 'Copyleft'
exclude: '(?i)^(pylint|aio[-_]*).*'
- name: Print report
if: ${{ always() }}
run: echo "${{ steps.license_check_report.outputs.report }}"jobs:
license_check:
runs-on: ubuntu-lastest
steps:
...
- name: Check license-checker CSV file without headers
id: license_check_report
uses: pilosus/action-pip-license-checker@v2
with:
external: 'npm-license-checker.csv'
external-format: 'csv'
external-options: '{:skip-header true}'
fail: 'StrongCopyleft,NetworkCopyleft,Other,Error'
fails-only: true
exclude: 'your-company-name.*'
exclude-license: '(?i)copyright'
totals: true
verbose: 1
github-token: ${{ secrets.OAUTH_TOKEN_GITHUB }}
...jobs:
license_check:
runs-on: ubuntu-latest
steps:
...
- name: Check gradle-license-plugin JSON file
id: license_check_report
uses: pilosus/action-pip-license-checker@v2
with:
external: 'gradle-license-plugin.json'
external-format: 'gradle'
external-options: '{:fully-qualified-names false}'
fail: 'StrongCopyleft,NetworkCopyleft,Other,Error'
fails-only: true
exclude: 'your-company-name.*'
totals: true
...jobs:
license_check:
runs-on: ubuntu-latest
steps:
...
- name: Check cocoapods-acknowledgements Plist file
id: license_check_report
uses: pilosus/action-pip-license-checker@v2
with:
external: 'cocoapods-acknowledgements.plist'
external-format: 'cocoapods'
external-options: '{:skip-header true :skip-footer true}'
fail: 'StrongCopyleft,NetworkCopyleft,Other,Error'
fails-only: true
exclude: 'your-company-name.*'
totals: true
...By using the report-format input field and a third-party
actions/upload-artifact
action you can save the report as a file and download it. In the
following example the license check report is generated in
json-pretty format and saved as a GitHub workflow artifact:
jobs:
license_check:
runs-on: ubuntu-latest
steps:
...
- name: Check licenses
id: license_check_report
uses: pilosus/action-pip-license-checker@5b5956a1093c68ebac6ff53c8427790d04ee5c26
with:
external: 'licenses.csv'
external-format: 'csv'
external-options: '{:skip-header false :package-column-index 0 :license-column-index 2}'
report-format: 'json-pretty'
formatter: '%-65s %-65s %-20s %-40s'
totals: true
headers: true
fail: 'StrongCopyleft,NetworkCopyleft,Other,Error'
verbose: 1
- name: Save report
if: ${{ always() }}
run: echo "${{ steps.license_check_report.outputs.report }}" > license-report.json
- name: Upload artifact
if: ${{ always() }}
uses: actions/upload-artifact@v3
with:
name: license-report
path: license-report.jsonThen the report can be downloaded as an archived artifact.
See the documentation.
- Explicit dependencies only and its action run
- Explicit and transitive dependencies and its action run
- Third-party license list in CSV file and its action run
All the inputs correspond with pip-license-checker's
options.
Path to requirements file, e.g. requirements.txt. Separate multiple files with comma: file1.txt,file2.txt,file3.txt.
Path to an external file. Separate multiple files with comma: file1.csv,file2.csv,file3.csv.
Used to check license types for the list of given packages with their licenses.
Allows to check license types for JavaScript, Java or any other dependencies with known licenses in one of the supported file formats.
External file format: csv, cocoapods, gradle, etc.
See the full list of supported formats and their documentation here.
String of options in EDN format.
See the documentation for more details.
Return non-zero exit code if license type provided via the input is found. Use one of the following values:
WeakCopyleftStrongCopyleftNetworkCopyleftCopyleft(includes all of above types of copyleft)PermissiveOther(EULA, other non standard licenses)Error(package or its license not found)
Separate multiple license types with comma: Copyleft,Other,Error.
Print only packages of license types specified with fail input.
Regular expression (PCRE) to exclude matching packages from the check.
Regular expression (PCRE) to exclude matching license names from the check.
Include pre-release and development versions.
Print totals for license types found. Totals appended after the detailed list of the packages.
Print only totals for license types found, do not include the detailed list of the packages checked.
Print table headers for detailed list of the packages.
Report format: stdout (default), json, json-pretty, csv.
Printf-style formatter string for report formatting. Default value is %-35s %-55s %-30s.
GitHub OAuth Token to increase rate-limits when requesting GitHub API. Recommended to keep a token as a GitHub secret.
Output verbosity level:
- 0 (or
false, default) - no verbosity - 1 (or
true) - errors only - 2 - errors, info
- 3 - errors, info, debug
Levels 1 and higher add a Misc column to a report table.
License check report.
See Contributing guide.
Software is provided on an "as-is" basis and makes no warranties regarding any information provided through it, and disclaims liability for damages resulting from using it. Using the software does not constitute legal advice nor does it create an attorney-client relationship.