Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bring back support for non go modules projects to v1.1+ #128

Open
Bobgy opened this issue Apr 12, 2022 · 6 comments
Open

Bring back support for non go modules projects to v1.1+ #128

Bobgy opened this issue Apr 12, 2022 · 6 comments

Comments

@Bobgy
Copy link
Collaborator

Bobgy commented Apr 12, 2022

In v1.1, we made a breaking change of no longer supporting non go modules managed projects per discussions in #70. However, #125 seems to show that some users are still using GOPATH.

Creating this issue to track users who are still using GOPATH mode.
Please thumbs up if this affected you or comment about your scenario.

@Bobgy Bobgy changed the title Bring back support for non go modules projects Bring back support for non go modules projects to v1.1+ Apr 12, 2022
@Bobgy
Copy link
Collaborator Author

Bobgy commented May 4, 2022

JFYI, you can keep using go-licenses v1.0.0 before any further actions are taken.

go install github.com/google/[email protected]

@TylerGillson
Copy link

TylerGillson commented Sep 14, 2023

@Bobgy this is impacting our GH actions using the following config:

jobs:
  golicense-pr-scan:
    runs-on: ubuntu-latest
    steps:
      - name: install-git
        run: sudo apt-get install -y git

      - name: install-golicenses
        run: GOBIN=/usr/local/bin go install github.com/google/go-licenses@latest

      - name: checkout
        uses: actions/checkout@v3

      - name: Configure git for private modules
        env:
          TOKEN: ${{ secrets.TOKEN }}
          USER: ${{ secrets.USER }}
        run: git config --global url."https://${USER}:${TOKEN}@github.com".insteadOf "https://github.com"

      - name: Set up Go
        uses: actions/setup-go@v3
        with:
          go-version: 1.21

      - name: golicense-scan
        run: |
          go-licenses check ./... --ignore github.com/myorg

We can't downgrade to v1.0.0 as we require --ignore. Any suggestions?

TylerGillson added a commit to validator-labs/validator-plugin-aws that referenced this issue Nov 8, 2023
TylerGillson added a commit to validator-labs/validator-plugin-aws that referenced this issue Nov 9, 2023
* test: add security checks

Signed-off-by: Tyler Gillson <[email protected]>

* fix: downgrade golicenses per google/go-licenses#128

Signed-off-by: Tyler Gillson <[email protected]>

* fix: debug bulwark

Signed-off-by: Tyler Gillson <[email protected]>

* fix: add org flag for bulwark

Signed-off-by: Tyler Gillson <[email protected]>

* fix: use dev image for gitleaks

Signed-off-by: Tyler Gillson <[email protected]>

* fix: apply all gosec rules

Signed-off-by: Tyler Gillson <[email protected]>

* chore: switch back to public bulwark images

Signed-off-by: Tyler Gillson <[email protected]>

---------

Signed-off-by: Tyler Gillson <[email protected]>
robbkidd added a commit to honeycombio/refinery that referenced this issue Feb 1, 2024
v1.1.0 dropped support for packages that aren't Go modules. That or any
later version run against our current repo state will error with:

> Package <package> does not have module info. Non go modules projects
> are no longer supported. For feedback, refer to
> google/go-licenses#128.

Pinning our install to v1.0.0 seems to produce the LICENSES output
consistent with what the project has been tracking so far.
robbkidd added a commit to honeycombio/refinery that referenced this issue Feb 2, 2024
## Which problem is this PR solving?

[go-licenses v1.1.0 dropped support for packages that aren't Go
modules](https://github.com/google/go-licenses/releases/tag/v1.1.0).
That or any later version run against our current repo state will result
in many dozens of this error:

> Package •thingie• does not have module info. Non go modules projects
are no longer supported. For feedback, refer to
google/go-licenses#128.

## Short description of the changes

Pinning our install to v1.0.0 seems to produce the LICENSES output
consistent with what the project has been tracking so far.
@TylerGillson
Copy link

Simply changing go-licenses check ./... --ignore github.com/myorg to go-licenses check --ignore github.com/myorg ./... fixed this for me 🤦🏼‍♂️

mmontes11 added a commit to mariadb-operator/mariadb-operator that referenced this issue Mar 18, 2024
mmontes11 added a commit to mariadb-operator/mariadb-operator that referenced this issue Mar 18, 2024
mmontes11 added a commit to mariadb-operator/mariadb-operator that referenced this issue Mar 18, 2024
vdemeester added a commit to vdemeester/tektoncd-plumbing that referenced this issue Jun 18, 2024
This should fixes issues we are getting with `go.mod` files containing
the `toolchain` directive.

See google/go-licenses#128.

Signed-off-by: Vincent Demeester <[email protected]>
vdemeester added a commit to vdemeester/tektoncd-plumbing that referenced this issue Jun 18, 2024
This should fixes issues we are getting with `go.mod` files containing
the `toolchain` directive.

See google/go-licenses#128.

Signed-off-by: Vincent Demeester <[email protected]>
tekton-robot pushed a commit to tektoncd/plumbing that referenced this issue Jun 19, 2024
This should fixes issues we are getting with `go.mod` files containing
the `toolchain` directive.

See google/go-licenses#128.

Signed-off-by: Vincent Demeester <[email protected]>
matzew added a commit to matzew/knative-hack that referenced this issue Sep 3, 2024
This should fixes issues we are getting with `go.mod` files containing
the `toolchain` directive.

See google/go-licenses#128.

Signed-off-by: Matthias Wessendorf <[email protected]>
@jbw976
Copy link

jbw976 commented Sep 18, 2024

I ran into this today when trying to do a license scan of the https://github.com/crossplane/crossplane project.

go install github.com/google/go-licenses@latest
git clone https://github.com/crossplane/crossplane.git
cd crossplane
go-licenses csv ./...

That shows many error messages like the following in the output:

E0918 09:17:45.767529   80705 library.go:117] Package bytes does not have module info. Non go modules projects are no longer supported. For feedback, refer to https://github.com/google/go-licenses/issues/128.
E0918 09:17:45.767626   80705 library.go:117] Package fmt does not have module info. Non go modules projects are no longer supported. For feedback, refer to https://github.com/google/go-licenses/issues/128.
E0918 09:17:45.785420   80705 library.go:117] Package errors does not have module info. Non go modules projects are no longer supported. For feedback, refer to https://github.com/google/go-licenses/issues/128.
E0918 09:17:45.803444   80705 library.go:117] Package cmp does not have module info. Non go modules projects are no longer supported. For feedback, refer to https://github.com/google/go-licenses/issues/128.
E0918 09:17:45.803465   80705 library.go:117] Package sort does not have module info. Non go modules projects are no longer supported. For feedback, refer to https://github.com/google/go-licenses/issues/128.
...

Looks like it's mostly the standard library. I was able to get some license scan output after running go install github.com/google/[email protected]. Is there a different way I should be invoking latest to work successfully?

@initialed85
Copy link

initialed85 commented Sep 27, 2024

@TylerGillson

Simply changing go-licenses check ./... --ignore github.com/myorg to go-licenses check --ignore github.com/myorg ./... fixed this for me 🤦🏼‍♂️

Legend, that same fix worked for me too

EDIT: Sorry, the opposite is true for me lol (I had ./... last, now I have it first)- I am at least unblocked now though.

@orsinium
Copy link

I have the same issue as reported by @jbw976 above. I have a go.mod-backed proprietary project, and running go-licenses on it spits out a bunch of errors for the stdlib imports.

go-licenses report ./...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants