https://github.com/andersy005/gh-action-py-liccheck
A GitHub Action to check license of Python packages and their dependencies.
https://github.com/andersy005/gh-action-py-liccheck
hacktoberfest
Last synced: 11 months ago
JSON representation
A GitHub Action to check license of Python packages and their dependencies.
- Host: GitHub
- URL: https://github.com/andersy005/gh-action-py-liccheck
- Owner: andersy005
- License: mit
- Created: 2021-02-14T04:29:20.000Z (over 5 years ago)
- Default Branch: main
- Last Pushed: 2025-07-01T12:31:55.000Z (11 months ago)
- Last Synced: 2025-07-05T03:01:44.938Z (11 months ago)
- Topics: hacktoberfest
- Language: TypeScript
- Homepage:
- Size: 2.4 MB
- Stars: 3
- Watchers: 2
- Forks: 6
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: changelog.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://results.pre-commit.ci/latest/github/andersy005/gh-action-py-liccheck/main)
# `andersy005/gh-action-py-liccheck`
- [`andersy005/gh-action-py-liccheck`](#andersy005gh-action-py-liccheck)
- [Usage](#usage)
- [Basic](#basic)
- [With custom locations for strategy and requirements files](#with-custom-locations-for-strategy-and-requirements-files)
- [GitHub action outcomes](#github-action-outcomes)
- [Arguments](#arguments)
- [How `liccheck` works](#how-liccheck-works)
- [Example strategy files](#example-strategy-files)
- [Contributing](#contributing)
- [License](#license)
This GitHub action checks license of Python packages and their dependencies via the [liccheck](https://github.com/dhatim/python-license-check) package.
## Usage
To integrate this action with your action pipelines, add the following step to your workflow file (e.g. `.github/workflows/ci.yml`).
### Basic
The basic usage uses the default values defined in table below. Therefore, as a user you don't have to specify any argument:
```yaml
- name: License Checker
uses: andersy005/gh-action-py-liccheck@main
```
### With custom locations for strategy and requirements files
```yaml
- name: License Checker
uses: andersy005/gh-action-py-liccheck@main
with:
strategy-ini-file: ./my-strategy.ini
level: standard
requirements-txt-file: ./my-requirements.txt
no-deps: true
liccheck-version: 0.6.4
```
## GitHub action outcomes
Once this action finishes running, it reports the status of compliance of packages. Depending on your settings (strategy, level, etc), you should see something of this sort in your workflow's logs:
Outcome 1 - Success
Outcome 2 - Failure
## Arguments
This action currently supports four inputs from the user: `strategy-ini-file`, `level`, `requirements-txt-file`, and `no-deps`.
These inputs, along with their descriptions and usage contexts, are listed in the table below:
| Input | Description | Usage | Default |
| :---------------------: | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | :------: | :----------------: |
| `strategy-ini-file` | Path to a strategy ini file or a pyproject.toml file to use. See [examples](#example-strategy-files) below. | Optional | `pyproject.toml` |
| `requirements-txt-file` | Path to a requirements.txt file to use. | Optional | `requirements.txt` |
| `no-deps` | Whether **not** to check dependencies. | Optional | `false` |
| `level` | Level for testing compliance of packages, where: `standard` - At least one authorized license (default); `cautious` - Per standard but no unauthorized licenses; `paranoid` - All licenses must be authorized. | Optional | `standard` |
| `liccheck-version` | Set the liccheck package version. | Optional | `0.6.4` |
## How `liccheck` works
`liccheck` verifies compliance of packages defined in a `requirements.txt` file against a strategy defined in either a `pyproject.toml` or `.ini` file. To use this GitHub action, you have to define the following three items in your strategy file:
- authorized license list
- unauthorized license list
- authorized package list (optional)
**NOTE:** The packages from your `requirements.txt` need to all be installed in a Python environment prior to using this GitHub action.
## Example strategy files
Here are some examples showcasing how to define a strategy in both `pyproject.toml` and `.ini` files:
Example pyproject.toml
```toml
[tool.liccheck]
# Authorized and unauthorized licenses in LOWER CASE
authorized_licenses = [
"bsd",
"new bsd",
"bsd license",
"new bsd license",
"simplified bsd",
"apache",
"apache 2.0",
"apache software license",
"apache software",
"gnu lgpl",
"lgpl with exceptions or zpl",
"isc license",
"isc license (iscl)",
"mit",
"mit license",
"python software foundation license",
"zpl 2.1"
]
unauthorized_licenses = [
"gpl v3"
]
[tool.liccheck.authorized_packages]
uuid = "<=1.30"
```
Example strategy.ini
```ini
# Authorized and unauthorized licenses in LOWER CASE
[Licenses]
authorized_licenses:
bsd
new bsd
bsd license
new bsd license
simplified bsd
apache
apache 2.0
apache software license
apache software
gnu lgpl
lgpl with exceptions or zpl
isc license
isc license (iscl)
mit
mit license
python software foundation license
zpl 2.1
unauthorized_licenses:
gpl v3
[Authorized Packages]
uuid: 1.30
```
## Contributing
Contributions are welcome!
## License
The code and documentation in this project are released under the
[MIT License](LICENSE).