Skip to content

frapposelli/wwhrd

Repository files navigation

WWHRD? (What Would Henry Rollins Do?) Github Actions codecov

WWHRD?

Have Henry Rollins check vendored licenses in your Go project.

Please note that wwhrd only checks packages stored under vendor/, if you are using Go modules (go mod), you can add go mod vendor before running wwhrd, this will dump a copy of the vendored packages inside the local repo.

Installation

go get -u github.com/frapposelli/wwhrd

Using Brew on macOS:

brew install frapposelli/tap/wwhrd

Configuration file

Configuration for wwhrd is stored in .wwhrd.yml at the root of the repo you want to check.

The format is compatible with Anderson, just run wwhrd check -f .anderson.yml.

---
denylist:
  - GPL-2.0

allowlist:
  - Apache-2.0
  - MIT

exceptions:
  - github.com/jessevdk/go-flags
  - github.com/pmezard/go-difflib/difflib

Having a license in the denylist section will fail the check, unless the package is listed under exceptions.

exceptions can also be listed as wildcards:

exceptions:
  - github.com/davecgh/go-spew/spew/...

Will make a blanket exception for all the packages under github.com/davecgh/go-spew/spew.

Use it in your CI!

$ wwhrd check
INFO[0006] Found Approved license                        license=Apache-2.0 package="github.com/xanzy/ssh-agent"
INFO[0006] Found Approved license                        license=BSD-3-Clause package="golang.org/x/crypto/ed25519"
INFO[0006] Found Approved license                        license=Apache-2.0 package="gopkg.in/src-d/go-git.v4/internal/revision"
INFO[0006] Found Approved license                        license=Apache-2.0 package="gopkg.in/src-d/go-git.v4/plumbing/format/config"
INFO[0006] Found Approved license                        license=BSD-3-Clause package="golang.org/x/exp/rand"
INFO[0006] Found Approved license                        license=BSD-3-Clause package="gonum.org/v1/gonum/internal/cmplx64"
INFO[0006] Found Approved license                        license=Apache-2.0 package="gopkg.in/src-d/go-git.v4/plumbing/cache"
INFO[0006] Found Approved license                        license=MIT package="github.com/montanaflynn/stats"
INFO[0006] Found Approved license                        license=MIT package="github.com/ekzhu/minhash-lsh"
FATA[0006] Exiting: Non-Approved license found
$ echo $?
1

Generate a dependency graph

Starting from version v0.3.0, wwhrd graph can be used to generate a graph in DOT language, the graph can then be parsed by Graphviz or other compatible tools.

To generate a PNG of the dependencies of your repository, you can run:

$ wwhrd graph -o - | dot -Tpng > wwhrd-graph.png

The -o - option will print the DOT output to STDOUT.

Usage

$ wwhrd
Usage:
  wwhrd [OPTIONS] <check | graph | list>

What would Henry Rollins do?

Application Options:
  -v, --version  Show CLI version
  -q, --quiet    quiet mode, do not log accepted packages
  -d, --debug    verbose mode, log everything

Help Options:
  -h, --help     Show this help message

Available commands:
  check  Check licenses against config file (aliases: chk)
  graph  Generate dot graph dependency tree (aliases: dot)
  list   List licenses (aliases: ls)

Acknowledgments

WWHRD? graphic by Mitch Clem, used with permission, support him!.