A GitHub Action to check license of Python packages and their dependencies.
MIT License
andersy005/gh-action-py-liccheck
This GitHub action checks license of Python packages and their dependencies via the liccheck package.
To integrate this action with your action pipelines, add the following step to your workflow file (e.g. .github/workflows/ci.yml
).
The basic usage uses the default values defined in table below. Therefore, as a user you don't have to specify any argument:
- name: License Checker
uses: andersy005/gh-action-py-liccheck@main
- name: License Checker
uses: andersy005/gh-action-py-liccheck@main
with:
strategy-ini-file: ./my-strategy.ini
level: standard
requirements-txt-file: ./my-requirements.txt
no-deps: true
liccheck-version: 0.6.4
Once this action finishes running, it reports the status of compliance of packages. Depending on your settings (strategy, level, etc), you should see something of this sort in your workflow's logs:
This action currently supports four inputs from the user: strategy-ini-file
, level
, requirements-txt-file
, and no-deps
.
These inputs, along with their descriptions and usage contexts, are listed in the table below:
Input | Description | Usage | Default |
---|---|---|---|
strategy-ini-file |
Path to a strategy ini file or a pyproject.toml file to use. See examples below. | Optional | pyproject.toml |
requirements-txt-file |
Path to a requirements.txt file to use. | Optional | requirements.txt |
no-deps |
Whether not to check dependencies. | Optional | false |
level |
Level for testing compliance of packages, where: standard - At least one authorized license (default); cautious - Per standard but no unauthorized licenses; paranoid - All licenses must be authorized. |
Optional | standard |
liccheck-version |
Set the liccheck package version. | Optional | 0.6.4 |
liccheck
worksliccheck
verifies compliance of packages defined in a requirements.txt
file against a strategy defined in either a pyproject.toml
or .ini
file. To use this GitHub action, you have to define the following three items in your strategy file:
NOTE: The packages from your requirements.txt
need to all be installed in a Python environment prior to using this GitHub action.
Here are some examples showcasing how to define a strategy in both pyproject.toml
and .ini
files:
[tool.liccheck]
# Authorized and unauthorized licenses in LOWER CASE
authorized_licenses = [
"bsd",
"new bsd",
"bsd license",
"new bsd license",
"simplified bsd",
"apache",
"apache 2.0",
"apache software license",
"apache software",
"gnu lgpl",
"lgpl with exceptions or zpl",
"isc license",
"isc license (iscl)",
"mit",
"mit license",
"python software foundation license",
"zpl 2.1"
]
unauthorized_licenses = [
"gpl v3"
]
[tool.liccheck.authorized_packages]
uuid = "<=1.30"
# Authorized and unauthorized licenses in LOWER CASE
[Licenses]
authorized_licenses:
bsd
new bsd
bsd license
new bsd license
simplified bsd
apache
apache 2.0
apache software license
apache software
gnu lgpl
lgpl with exceptions or zpl
isc license
isc license (iscl)
mit
mit license
python software foundation license
zpl 2.1
unauthorized_licenses:
gpl v3
[Authorized Packages]
uuid: 1.30
Contributions are welcome!
The code and documentation in this project are released under the MIT License.