A full-featured license tool to check and fix license headers and resolve dependencies' licenses.
You can use License-Eye in GitHub Actions or in your local machine.
To use License-Eye in GitHub Actions, add a step in your GitHub workflow.
- name: Check License Header
uses: apache/skywalking-eyes@main # always prefer to use a revision instead of `main`.
# with:
# log: debug # optional: set the log level. The default value is `info`.
# config: .licenserc.yaml # optional: set the config file. The default value is `.licenserc.yaml`.
# token: # optional: the token that license eye uses when it needs to comment on the pull request. Set to empty ("") to disable commenting on pull request. The default value is ${{ github.token }}
# mode: # optional: Which mode License-Eye should be run in. Choices are `check` or `fix`. The default value is `check`.
Add a .licenserc.yaml
in the root of your project, for Apache Software Foundation projects, the following configuration should be enough.
spdx-id: Apache-2.0
copyright-owner: Apache Software Foundation
- 'dist'
- 'licenses'
- '**/*.md'
comment: on-failure
NOTE: The full configurations can be found in the configuration section.
By default the action runs License-Eye in check mode, which will raise an error
if any of the processed files are missing license headers. If mode
is set to
, the action will instead apply the license header to any processed file
that is missing a license header. The fixed files can then be pushed back to the
pull request using another GitHub action. For example:
- name: Check License Header
uses: apache/skywalking-eyes@main
mode: fix
- name: Apply Changes
uses: EndBug/add-and-commit@v4
author_name: License Bot
author_email: [email protected]
message: 'Automatic application of license header'
Note: The exit code of fix mode is always 0 and can not be used to block CI status. Consider running the action in check mode if you would like CI to fail when a file is missing a license header.
docker run -it --rm -v $(pwd):/github/workspace apache/skywalking-eyes header check
docker run -it --rm -v $(pwd):/github/workspace apache/skywalking-eyes header fix
For users and developers who want to help to test the latest codes on main branch, we publish Docker image to GitHub
Container Registry for every commit in main branch, tagged with the commit sha, if it's the latest commit in main
branch, it's also tagged with latest
Note: these Docker images are not official Apache releases. For official releases, please refer to the download page for executable binary and the Docker hub for Docker images.
docker run -it --rm -v $(pwd):/github/workspace ghcr.io/apache/skywalking-eyes/license-eye header check
docker run -it --rm -v $(pwd):/github/workspace ghcr.io/apache/skywalking-eyes/license-eye header fix
git clone https://github.com/apache/skywalking-eyes
cd skywalking-eyes
make build
If you have Go SDK installed, you can also use go install
command to install the latest code.
go install github.com/apache/skywalking-eyes/cmd/license-eye@latest
license-eye -c test/testdata/.licenserc_for_test_check.yaml header check
Header Check Result
INFO Loading configuration from file: test/testdata/.licenserc_for_test_check.yaml
INFO Totally checked 30 files, valid: 12, invalid: 12, ignored: 6, fixed: 0
ERROR the following files don't have a valid license header:
exit status 1
bin/darwin/license-eye -c test/testdata/.licenserc_for_test_fix.yaml header fix
Header Fix Result
INFO Loading configuration from file: test/testdata/.licenserc_for_test_fix.yaml
INFO Totally checked 20 files, valid: 10, invalid: 10, ignored: 0, fixed: 10
This command serves as assistance for human beings to audit the dependencies license, it's exit code is always 0.
You can also use the --output
or -o
to save the dependencies' LICENSE
files to a specified directory so that
you can put them in distribution package if needed.
license-eye -c test/testdata/.licenserc_for_test_check.yaml dep resolve -o ./dependencies/licenses
Dependency Resolve Result
INFO GITHUB_TOKEN is not set, license-eye won't comment on the pull request
INFO Loading configuration from file: test/testdata/.licenserc_for_test_check.yaml
WARNING Failed to resolve the license of <github.com/gogo/protobuf>: cannot identify license content
WARNING Failed to resolve the license of <github.com/kr/logfmt>: cannot find license file
WARNING Failed to resolve the license of <github.com/magiconair/properties>: cannot identify license content
WARNING Failed to resolve the license of <github.com/miekg/dns>: cannot identify license content
WARNING Failed to resolve the license of <github.com/pascaldekloe/goe>: cannot identify license content
WARNING Failed to resolve the license of <github.com/russross/blackfriday/v2>: cannot identify license content
WARNING Failed to resolve the license of <gopkg.in/check.v1>: cannot identify license content
ERROR failed to identify the licenses of following packages (7):
This command can be used to perform automatic license compatibility check, when there is incompatible licenses found, the command will exit with status code 1 and fail the command.
license-eye -c test/testdata/.licenserc_for_test_check.yaml dep check
Dependency Check Result
INFO GITHUB_TOKEN is not set, license-eye won't comment on the pull request
INFO Loading configuration from file: .licenserc.yaml
WARNING Failed to resolve the license of <github.com/gogo/protobuf>: cannot identify license content
WARNING Failed to resolve the license of <github.com/kr/logfmt>: cannot find license file
WARNING Failed to resolve the license of <github.com/magiconair/properties>: cannot identify license content
WARNING Failed to resolve the license of <github.com/miekg/dns>: cannot identify license content
WARNING Failed to resolve the license of <github.com/pascaldekloe/goe>: cannot identify license content
WARNING Failed to resolve the license of <github.com/russross/blackfriday/v2>: cannot identify license content
WARNING Failed to resolve the license of <gopkg.in/check.v1>: cannot identify license content
ERROR the following licenses are incompatible with the main license: Apache-2.0
License: Unknown Dependency: github.com/gogo/protobuf
License: Unknown Dependency: github.com/kr/logfmt
License: Unknown Dependency: github.com/magiconair/properties
License: Unknown Dependency: github.com/miekg/dns
License: Unknown Dependency: github.com/pascaldekloe/goe
License: Unknown Dependency: github.com/russross/blackfriday/v2
License: Unknown Dependency: gopkg.in/check.v1
exit status 1
header: # <1>
spdx-id: Apache-2.0 # <2>
copyright-owner: Apache Software Foundation # <3>
content: | # <4>
Licensed to Apache Software Foundation (ASF) under one or more contributor
license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright
ownership. Apache Software Foundation (ASF) licenses this file to you under
the Apache License, Version 2.0 (the "License"); you may
not use this file except in compliance with the License.
You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
pattern: | # <5>
Licensed to the Apache Software Foundation under one or more contributor
license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright
ownership. The Apache Software Foundation licenses this file to you under
the Apache License, Version 2.0 \(the "License"\); you may
not use this file except in compliance with the License.
You may obtain a copy of the License at
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
paths: # <6>
- '**'
paths-ignore: # <7>
- 'dist'
- 'licenses'
- '**/*.md'
- '**/testdata/**'
- '**/go.mod'
- '**/go.sum'
- '**/assets/languages.yaml'
- '**/assets/assets.gen.go'
comment: on-failure # <8>
dependency: # <9>
files: # <10>
- go.mod
- The
section is configurations for source codes license header. - The SPDX ID of the license, it’s convenient when your license is standard SPDX license, so that you can simply specify this identifier without copying the whole license
. This will be used as the content whenfix
command needs to insert a license header. - The copyright owner to replace the
in theSPDX-ID
license template. - If you are not using the standard license text, you can paste your license text here, this will be used as the content when
command needs to insert a license header, if bothlicense
are specified,license
wins. - The
is an optional regexp. You don’t need this if all the file headers are the same aslicense
or the license ofSPDX-ID
, otherwise you need to compose a pattern that matches your license texts. - The
are the path list that will be checked (and fixed) by license-eye, default is['**']
. Formats like**/*
.md and**/bin/**
are supported. - The
are the path list that will be ignored by license-eye. By default,.git
and the content in.gitignore
will be inflated into thepaths-ignore
list. - On what condition License-Eye will comment the check results on the pull request,
. Options other thannever
require the environment variableGITHUB_TOKEN
to be set. dependency
section is configurations for resolving dependencies' licenses.files
are the files that declare the dependencies of a project, typically,go.mo
in Go project,pom.xml
in maven project, andpackage.json
in NodeJS project. If it's a relative path, it's relative to the.licenserc.yaml
NOTE: When the SPDX-ID
is Apache-2.0 and the owner is Apache Software foundation, the content would be a dedicated license specified by the ASF, otherwise, the license would be the standard one.
The header check
command theoretically supports all kinds of file types, while the supported file types of header fix
command can be found in this YAML file. In the YAML file, if the language has a non-empty property comment_style_id
, and the comment style id is declared in the comment styles file, then the language is supported by fix
Java: type: programming tm_scope: source.java ace_mode: java codemirror_mode: clike codemirror_mime_type: text/x-java color: "#b07219" extensions: - ".java" language_id: 181 comment_style_id: SlashAsterisk
- id: SlashAsterisk # (i) start: '/*' # (ii) middle: ' *' # (iii) end: ' */' # (iv)
- The
used in assets/languages.yaml. - The leading characters of the starting of a block comment.
- The leading characters of the middle lines of a block comment.
- The leading characters of the ending line of a block comment.
- The
- There is an activity diagram explaining the implemented license header fixing mechanism in-depth. The diagram's source file can be found here.
- If you find any file type should be supported by the aforementioned configurations, but it's not listed there, feel free to open a pull request to add the configuration into the two files.
- If you find the license template of an SPDX ID is not supported, feel free to open a pull request to add it into the template folder.
- Submit an issue by using [INFRA] as title prefix.
- Mail list: [email protected]. Mail to [email protected], follow the reply to subscribe the mail list.
- Join
channel at Apache Slack. If the link is not working, find the latest one at Apache INFRA WIKI. - Twitter, ASFSkyWalking