-
Notifications
You must be signed in to change notification settings - Fork 124
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bring back support for non go modules projects to v1.1+ #128
Comments
JFYI, you can keep using go-licenses v1.0.0 before any further actions are taken.
|
@Bobgy this is impacting our GH actions using the following config: jobs:
golicense-pr-scan:
runs-on: ubuntu-latest
steps:
- name: install-git
run: sudo apt-get install -y git
- name: install-golicenses
run: GOBIN=/usr/local/bin go install github.com/google/go-licenses@latest
- name: checkout
uses: actions/checkout@v3
- name: Configure git for private modules
env:
TOKEN: ${{ secrets.TOKEN }}
USER: ${{ secrets.USER }}
run: git config --global url."https://${USER}:${TOKEN}@github.com".insteadOf "https://github.com"
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: 1.21
- name: golicense-scan
run: |
go-licenses check ./... --ignore github.com/myorg We can't downgrade to v1.0.0 as we require |
Signed-off-by: Tyler Gillson <[email protected]>
* test: add security checks Signed-off-by: Tyler Gillson <[email protected]> * fix: downgrade golicenses per google/go-licenses#128 Signed-off-by: Tyler Gillson <[email protected]> * fix: debug bulwark Signed-off-by: Tyler Gillson <[email protected]> * fix: add org flag for bulwark Signed-off-by: Tyler Gillson <[email protected]> * fix: use dev image for gitleaks Signed-off-by: Tyler Gillson <[email protected]> * fix: apply all gosec rules Signed-off-by: Tyler Gillson <[email protected]> * chore: switch back to public bulwark images Signed-off-by: Tyler Gillson <[email protected]> --------- Signed-off-by: Tyler Gillson <[email protected]>
v1.1.0 dropped support for packages that aren't Go modules. That or any later version run against our current repo state will error with: > Package <package> does not have module info. Non go modules projects > are no longer supported. For feedback, refer to > google/go-licenses#128. Pinning our install to v1.0.0 seems to produce the LICENSES output consistent with what the project has been tracking so far.
## Which problem is this PR solving? [go-licenses v1.1.0 dropped support for packages that aren't Go modules](https://github.com/google/go-licenses/releases/tag/v1.1.0). That or any later version run against our current repo state will result in many dozens of this error: > Package •thingie• does not have module info. Non go modules projects are no longer supported. For feedback, refer to google/go-licenses#128. ## Short description of the changes Pinning our install to v1.0.0 seems to produce the LICENSES output consistent with what the project has been tracking so far.
Simply changing |
This should fixes issues we are getting with `go.mod` files containing the `toolchain` directive. See google/go-licenses#128. Signed-off-by: Vincent Demeester <[email protected]>
This should fixes issues we are getting with `go.mod` files containing the `toolchain` directive. See google/go-licenses#128. Signed-off-by: Vincent Demeester <[email protected]>
This should fixes issues we are getting with `go.mod` files containing the `toolchain` directive. See google/go-licenses#128. Signed-off-by: Vincent Demeester <[email protected]>
This should fixes issues we are getting with `go.mod` files containing the `toolchain` directive. See google/go-licenses#128. Signed-off-by: Matthias Wessendorf <[email protected]>
I ran into this today when trying to do a license scan of the https://github.com/crossplane/crossplane project.
That shows many error messages like the following in the output:
Looks like it's mostly the standard library. I was able to get some license scan output after running |
Legend, that same fix worked for me too EDIT: Sorry, the opposite is true for me lol (I had ./... last, now I have it first)- I am at least unblocked now though. |
I have the same issue as reported by @jbw976 above. I have a go.mod-backed proprietary project, and running go-licenses on it spits out a bunch of errors for the stdlib imports.
|
In v1.1, we made a breaking change of no longer supporting non go modules managed projects per discussions in #70. However, #125 seems to show that some users are still using GOPATH.
Creating this issue to track users who are still using GOPATH mode.
Please thumbs up if this affected you or comment about your scenario.
The text was updated successfully, but these errors were encountered: