-
-
Save robertohuertasm/4770217e40209ad6a65acb1d725c3f87 to your computer and use it in GitHub Desktop.
| # IMPORTANT!: ALL SECTIONS ARE MANDATORY | |
| [licenses] | |
| # This indicates which are the only licenses that Licensebat will accept. | |
| # The rest will be flagged as not allowed. | |
| accepted = ["MIT", "MSC", "BSD"] | |
| # This will indicate which licenses are not accepted. | |
| # The rest will be accepted, except for the unknown licenses or dependencies without licenses. | |
| # unaccepted = ["LGPL"] | |
| # Note that only one of the previous options can be enabled at once. | |
| # If both of them are informed, only accepted will be considered. | |
| [dependencies] | |
| # This will allow users to flag some dependencies so that Licensebat will not check for their license. | |
| ignored=["ignored_dep1", "ignored_dep2"] | |
| # If set to true, Licensebat will ignore the dev dependencies. | |
| ignore_dev_dependencies = true | |
| # If set to true, Licensebat will ignore the optional dependencies. | |
| ignore_optional_dependencies = true | |
| [behavior] | |
| # False by default, if true, it will only run the checks when one of the dependency files or the .licrc file has been modified. | |
| run_only_on_dependency_modification = true | |
| # False by default, if true, it will never block the build. | |
| do_not_block_pr = false |
Hi @tmillr, not sure what you mean by beyond... The tool basically gets the information about the license of a particular dependency from some source, most of the time, the registries. Then, depending on the language and the registry, it compares the declared license with the actual license (the file present in the repo) to double check that the real license is not contradicting the declared one and finally it compares that information with what you have declared in .licrc.
@robertohuertasm Thanks for the explanation. I just installed this app and was wondering how it works, or what it's doing exactly, because I was originally under the impression that everything was handled automatically and that no manual configuration was needed.
But then I got the error for missing the required config file, so then I started wondering if this app does any sort of automatic checking for implicit license conflicts at all. For example, some licenses cannot be combined (e.g. Apache 2.0 and GPL2), and manual configuration doesn't seem like it would be necessary to detect these sort of implicit conflicts.
That's a good point @tmillr but the tool does not that sort of verification, unfortunately. That would be a really cool feature to implement, though.
Okay I will add this file to my root repository
I will add to root
ok
Quick question @robertohuertasm: Does
Licensebatdo any sort of license validation beyond simply parsing out dependencies' licenses and then checking those for:.licrc)?
In other words, is there any sort of implicit, automatic license conflict detection going on beyond conflicts which merely arise due to 1 and 2 above?