WWHRD? (What Would Henry Rollins Do?)
Have Henry Rollins check vendored licenses in your Go project.
Please note that wwhrd
only checks packages stored under vendor/
, if you are using Go modules (go mod
), you can add go mod vendor
before running wwhrd
, this will dump a copy of the vendored packages inside the local repo.
Installation
go get -u github.com/frapposelli/wwhrd
Using Brew on macOS:
brew install frapposelli/tap/wwhrd
Configuration file
Configuration for wwhrd
is stored in .wwhrd.yml
at the root of the repo you want to check.
The format is borrowed from Anderson and it's 1:1 compatible (just run wwhrd check -f .anderson.yml
).
---
blacklist:
- GPL-2.0
whitelist:
- Apache-2.0
- MIT
exceptions:
- github.com/jessevdk/go-flags
- github.com/pmezard/go-difflib/difflib
Having a license in the blacklist
section will fail the check, unless the package is listed under exceptions
.
exceptions
can also be listed as wildcards:
exceptions:
- github.com/davecgh/go-spew/spew/...
Will make a blanket exception for all the packages under github.com/davecgh/go-spew/spew
.
Use it in your CI!
$ wwhrd check
INFO[0000] Found Approved license license=MIT package=github.com/stretchr/testify/assert
ERRO[0000] Found Non-Approved license license=FreeBSD package=github.com/pmezard/go-difflib/difflib
INFO[0000] Found Approved license license=MIT package=github.com/ryanuber/go-license
INFO[0000] Found Approved license license=Apache-2.0 package=github.com/cloudfoundry-incubator/candiedyaml
WARN[0000] Found exceptioned package license=NewBSD package=github.com/jessevdk/go-flags
FATA[0000] Exiting: Non-Approved license found
$ echo $?
1
Generate a dependency graph
Starting from version v0.3.0
, wwhrd graph
can be used to generate a graph in DOT language, the graph can then be parsed by Graphviz or other compatible tools.
To generate a PNG of the dependencies of your repository, you can run:
$ wwhrd graph -o - | dot -Tpng > wwhrd-graph.png
The -o -
option will print the DOT output to STDOUT
.
Usage
$ wwhrd
Usage:
wwhrd [OPTIONS] <check | graph | list>
What would Henry Rollins do?
Application Options:
-v, --version Show CLI version
-q, --quiet quiet mode, do not log accepted packages
Help Options:
-h, --help Show this help message
Available commands:
check Check licenses against config file (aliases: chk)
graph Generate dot graph dependency tree (aliases: dot)
list List licenses (aliases: ls)
Acknowledgments
WWHRD? graphic by Mitch Clem, used with permission, support him!.