Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Libraries function returns non-licensed vendored package as the package with LICENSE from root project #143

Open
spankratov opened this issue Sep 5, 2022 · 5 comments · May be fixed by #178
Open

Libraries function returns non-licensed vendored package as the package with LICENSE from root project #143

spankratov opened this issue Sep 5, 2022 · 5 comments · May be fixed by #178

Comments

@spankratov
Copy link

Steps to reproduce:

  1. Create Go project with some external package as dependency and run go mod vendor to place this package inside vendor folder
  2. Delete LICENSE file from this package inside vendor folder
  3. Run go-licenses report or go-licenses check on your project. The command lists external package as package without a license (as it should be)
  4. Now add some default LICENSE in the root folder of your project. Project folder looks like this: go.mod go.sum LICENSE main.go vendor/
  5. Run go-licenses report or go-licenses check on your project again. Now commands consider external package as having LICENSE from the root project folder: go-licenses check doesn't fire an error and go-licenses report doesn't list external package at all (considering this as the part of root project).

I guess it's because when Libraries function calls Find function, it passes p.Module.Dir as rootDir (which is nil for vendored packages for some reason) and then Find does rootDir, err = filepath.Abs(rootDir), nil turns into working directory (root package folder) and findUpwards looks for license file until it finds it in root package folder.
@Bobgy
Copy link
Collaborator

Bobgy commented Sep 6, 2022

If the vendor folder is not modified, a simple workaround can be:

  1. Delete vendor folder
  2. Check licenses

@Bobgy
Copy link
Collaborator

Bobgy commented Sep 6, 2022

p.Module.Dir as rootDir (which is nil for vendored packages for some reason)

vendored modules do not have full metadata, as far as I know, this is working as intended.

@Bobgy
Copy link
Collaborator

Bobgy commented Sep 6, 2022

then Find does rootDir, err = filepath.Abs(rootDir), nil turns into working directory (root package folder)

This seems unexpected, can we infer a vendor dir and set a correct root package folder?

Looks like you already did some investigations, contribution welcomed!

@Bobgy
Copy link
Collaborator

Bobgy commented Sep 6, 2022

There were some special handling for vendored packages in

go-licenses/licenses/library.go

Line 152 in 5eedde1

if lib.module != nil && lib.module.Path != "" && lib.module.Dir == "" {

You might consider doing a similar check and infer root path of package.

This was referenced Jan 4, 2023
Closed
Open
@jaxesn
Copy link

jaxesn commented Jan 9, 2023

I took a pass at fixing this after running into something similar would appreciate any feedback and other thoughts/issues I may fully understand. #178

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Works around missing Module.dir for vendored Modules jaxesn/go-licenses
3 participants
@jaxesn @Bobgy @spankratov