frapposelli / Wwhrd
Labels
Projects that are alternatives of or similar to Wwhrd
WWHRD? (What Would Henry Rollins Do?)
Have Henry Rollins check vendored licenses in your Go project.
Please note that wwhrd
only checks packages stored under vendor/
, if you are using Go modules (go mod
), you can add go mod vendor
before running wwhrd
, this will dump a copy of the vendored packages inside the local repo.
Installation
go get -u github.com/frapposelli/wwhrd
Using Brew on macOS:
brew install frapposelli/tap/wwhrd
Configuration file
Configuration for wwhrd
is stored in .wwhrd.yml
at the root of the repo you want to check.
The format is compatible with Anderson, just run wwhrd check -f .anderson.yml
.
---
denylist:
- GPL-2.0
allowlist:
- Apache-2.0
- MIT
exceptions:
- github.com/jessevdk/go-flags
- github.com/pmezard/go-difflib/difflib
Having a license in the blacklist
section will fail the check, unless the package is listed under exceptions
.
exceptions
can also be listed as wildcards:
exceptions:
- github.com/davecgh/go-spew/spew/...
Will make a blanket exception for all the packages under github.com/davecgh/go-spew/spew
.
Use it in your CI!
$ wwhrd check
INFO[0006] Found Approved license license=Apache-2.0 package="github.com/xanzy/ssh-agent"
INFO[0006] Found Approved license license=BSD-3-Clause package="golang.org/x/crypto/ed25519"
INFO[0006] Found Approved license license=Apache-2.0 package="gopkg.in/src-d/go-git.v4/internal/revision"
INFO[0006] Found Approved license license=Apache-2.0 package="gopkg.in/src-d/go-git.v4/plumbing/format/config"
INFO[0006] Found Approved license license=BSD-3-Clause package="golang.org/x/exp/rand"
INFO[0006] Found Approved license license=BSD-3-Clause package="gonum.org/v1/gonum/internal/cmplx64"
INFO[0006] Found Approved license license=Apache-2.0 package="gopkg.in/src-d/go-git.v4/plumbing/cache"
INFO[0006] Found Approved license license=MIT package="github.com/montanaflynn/stats"
INFO[0006] Found Approved license license=MIT package="github.com/ekzhu/minhash-lsh"
FATA[0006] Exiting: Non-Approved license found
$ echo $?
1
Generate a dependency graph
Starting from version v0.3.0
, wwhrd graph
can be used to generate a graph in DOT language, the graph can then be parsed by Graphviz or other compatible tools.
To generate a PNG of the dependencies of your repository, you can run:
$ wwhrd graph -o - | dot -Tpng > wwhrd-graph.png
The -o -
option will print the DOT output to STDOUT
.
Usage
$ wwhrd
Usage:
wwhrd [OPTIONS] <check | graph | list>
What would Henry Rollins do?
Application Options:
-v, --version Show CLI version
-q, --quiet quiet mode, do not log accepted packages
-d, --debug verbose mode, log everything
Help Options:
-h, --help Show this help message
Available commands:
check Check licenses against config file (aliases: chk)
graph Generate dot graph dependency tree (aliases: dot)
list List licenses (aliases: ls)
Acknowledgments
WWHRD? graphic by Mitch Clem, used with permission, support him!.