Works around missing Module.dir for vendored Modules #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jaxesn
force-pushed
the
jgw/fix-missing-license
branch
from
0dadf28
to
b336f76
Compare
g-gaston
reviewed
Jan 9, 2023
licenses/library.go
Outdated
Comment on lines
124
to
125
| splits := strings.SplitN(pkgDir, "/vendor/", 2) | ||
| stopAt = path.Join(splits[0], "vendor", p.Module.Path) |
There was a problem hiding this comment.
nit: I would extract this to a method to reuse it, like vendoredModuleDir(modulePath string) string
jaxesn
force-pushed
the
jgw/fix-missing-license
branch
from
b336f76
to
204f087
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ref: google#143
When scanning for a license for a particular module, go-licenses will traverse up the directory structure looking for LICENSE (or some variant of) file. The find code tries to use the module's
rootdiras a guard rail for this traversal up. The intent being that a license should be found at some point within the module's root, not above.In the case of vendored modules, the
Module.Dirreturned from the golang tools package is actually empty. I do not know exactly why this is, but it seems to be something about about what metadata exists, or does not exist, in the vendor directory for these modules. SinceModule.Diris empty and is used as the stopping point for traversal up the directory structure, if a module is missing a LICENSE the code will continue searching until it ultimately finds the LICENSE in the root of the repo, which in these cases is incorrect since these dependencies should have their own licenses.Since the root license is found, go-licenses does not inform the user of the missing license for that module, which it would normally do. In addition, this results in an odd side effect when running the csv subcommand. When go-licenses finds multiple packages using the same LICENSE file it groups them together and uses this to determine its final name in the csv file, typically
github.com/<org>/<repo>. Since deps missing LICENSES files match with the root package, the csv file ends up havinggithub.comlisted in one of the rows since its thecommonAncestor. I believe this matching of packages is to handle legit cases where modules have subfolders/submodules which are licensed together.The library code already had specific handling for vendored modules later in the process. This was extract out to be shared during the finding license process so that when vendor modules are detected the
rootDiris inferred based on the vendor directory and the package path to ensure the traversal stops at the module root.