Hi, can addlicense support adding the license header to .txt, .patch and .tmpl files? Or is it intentional to not support these use cases?

We want to use addlicense to add the license header to various types of files automatically and we're willing to contribute if it is not a design decision to not support them.

Would be nice for example to configure comment styles for different file extensions in a config file, instead of having to modify the source code. The config file could also be used to configure paths to ignore, or to configure the patterns that determine whether a file already has a license header.

Implementations of these features are included in the Nokia fork of addlicense. If you are interested in pulling only some parts, see the different branches there.

Hello :)

Currently .h files use /* style comments, and I'd like to contribute a way to use // comments instead. I presume just changing the default is not an option, so I'd like to ask what would be the most principled solution. A command line flag?

It looks like y'all are doing a conversion to print ampersand for an html file. I'm working in a plain text code base so this kind of conversion doesn't make much sense.

Sometimes it's necessary to set a year span in the license header, e.g. "2010-2019", but it's only possible to pass integers. Any chance this feature could be added?

Would be nice to have a way to specify ignore pattern(s) in form of regex applied to path of the file(from project's root(e.g. current directry for the tool)).

License could have different formats. For Instance, instead of string "copyright" some licenses just has "(c)". As of now this plugin just checks for string "copyright".

Hello there,

I'm using this on nancy, and more or less, great tool!

However, it's a bit too nuclear with the . pattern, and adding licenses to files that we need to exclude (primarily GitHub templates, but we also don't really need licenses on files that really don't have IP (Dockerfile, gorelease.yml, etc...), so I was looking at using the pattern to basically only check and apply to **/*.go files, and maybe a couple others here and there. There isn't really much documentation I can see on pattern, so I figured I'd ask about usage, and then send y'all a PR with it included in the README for other goofballs like myself!

Cheers!

This tool right now adds a link with http:// for Apache 2.0 license

// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

but some of our internal tests check for https://. https://github.com/GoogleCloudPlatform/golang-samples/blob/73d60a5de091dcdda5e4f753b594ef18eee67906/license_test.go#L32

I know the license text itself uses http:// to apply the license, but should we switch to https://?

Seems like this is required now.

Hi maintainers,

There are couple of cool fixes since your last release, would you mind doing a new release?

When licenses are added for files which prefix licenses with " * ", any empty lines end up generating trailing whitespace. This is undesirable and should instead be removed.

• Currently it only checks if the file has the license header and does not validate the year on the license
• Would be nice to check if the year on the header matches the one passed in as the argument or the default one (current year)

I've found that in recent versions of addlicense, any file generated by stringer is skipped or has its license comment striped, if present.

The files generated by strinnger have the following file header comments:

// Code generated by "stringer -type=EVENT"; DO NOT EDIT.

The "EVENT" value changes between files but the rest of the comment is standard. I suspect something in that comment is causing the file to be skipped by addlicense.

Unfortunately, it doesn't just skip those files, it actively strips the addlicense comment if you add it manually.

This is a feature request: for a caller, it would be good to know if the execution modified any file (e.g., as part of a presubmit test). One option is to change the exit code if at least one file has been modified. Another option (I would recommend) is to add an option (for instance, -l) which will print all the filenames that have been modified (see discussion at golang/go#24230 for a similar idea).

Happy to send a PR for option 2, if likely to be merged. Thanks.

Questions:

• Do we want this feature?
• Do we want an option for it?
• Do we want it enabled by default?

The tool adds license header on top of <?xml which breaks XML files.
Same for HTML.

addlicense currently always modifies source files in-place. This makes it difficult to use in scripts or integrate into other formatting tools, such as the fix Mercurial extension.

Since the filename is unknown when operating on content from stdin, this would entail adding an option to specify the filename to assume. For example, clang-format has an --assume-filename option for this purpose.

I have many directories with go code. For the addlicence works, I have to do this:

docker run --rm -it -v ${PWD}:/src ghcr.io/google/addlicense \
       -check \
       -ignore "**/*.swagger.go" \
       -ignore "**/**/*.swagger.go" \
       */*/*.go
       **/**/**/**/**/**/*.go \
       **/**/**/**/**/*.go \
       **/**/**/**/*.go \
       **/**/**/*.go \
       **/**/*.go \
       **/*.go \
       *.go

Is there a better way only to check Golang code in any path? And ignore some file patterns in any path?

#83 adds support for publishing pre-built artifacts and docker image when git tags are pushed. The question now is, what version is the first tagged release? Is it v0.0.1, v0.1.0 or v1.0.0 ?

As @crazy-max noted in #83, we definitely want to follow semver on subsequent releases, but because there never has been a previous release, there are no real constraints on whether this is considered a v0 or v1 release.

Personally, I'm leaning toward v1.0.0. The tool has been around for a while and is quite stable. And it is also widely enough adopted by major projects (etcd, opentelemetry, kubeflow, kubernetes, ossf/scorecard among many others) that we need to treat the current API as stable, regardless of the lack of a formal v1.0 release.

@mco-gh what do you think?

The readme has an example command using docker, but it fails

docker run -v ${PWD}:/go/src/app/ -it google/addlicense -c "Google LLC" *.go

docker pull google/addlicense

Using default tag: latest
Error response from daemon: pull access denied for google/addlicense, repository does not exist or may require 'docker login': denied: requested access to the resource is denied

I have just found out that addlicense does not modify the copyright year if a license text is already present. Could it be extended to check whether the license text + copyright holder + year is actually present? Currently it is e.g. not possible to switch to a new license by re-running addlicense -l $new_license without having to delete all existing license texts or to bump the copyright year.

Currently if the year is set to empty string -y="" the first header will have two consecutive empty spaces between Copyright and Holder.

Now:
// Copyright[ ][ ]OpenTelemetry Authors

After:
// Copyright[ ]OpenTelemetry Authors

Even after reading the home page several times, it took me a while to figure out that the basic thing I wanted to do simply required passing "." as a pattern. Could that be added to the README?

Hi,
From what I see for some reason license added to the .java files in comment style.
When addlicense tool supports the common style which is already applied to the ".c" files.

https://github.com/google/addlicense/blob/master/main.go#L216-L217
Would you accept the PR to change that style?

Example from Spring boot project (probably the most common case of the Java project)
https://github.com/spring-projects/spring-boot/blob/master/spring-boot-project/spring-boot-actuator-autoconfigure/src/main/java/org/springframework/boot/actuate/autoconfigure/OnEndpointElementCondition.java#L1

Docker container to run addlicense from.

A Dockerfile is included in the Nokia fork of addlicense. An image is also available on dockerhub if you are interested.

On some runs, freuqnetly enough, this completely erases the existing code, and replaces it with license text.

My guess is that there's perhaps a race condition somewhere in the code.

To replicate this, the following works for me -

1. I invoke it like below (on a repo with just about 15 files) -

find | xargs ~/go/bin/addlicense

I have about 15 files.

There's a good chance that this erases one of my files with just the license. If it didn't -

2. Git reset to remove the lincense again -

git reset --hard

And go to step 1 until you see this happening.

Both local and global one

I just discovered go-enry, which GitHub is using in parts of their new code search. It looks like there may be a bit there that would be useful for automatically excluding generated, vendored, and binary files. I don't think they track comment style, so we couldn't replace that, but this other stuff looks useful.

I used the command:

go get github.com/google/[email protected]

And the download started. However, it was interrupted by thiss error message:
build github.com/google/addlicense: cannot load io/fs: malformed module path "io/fs": missing dot in first path element

This is the whole download:

$ go get github.com/google/[email protected]
go: finding github.com v1.0.0
go: finding github.com/google v1.0.0
go: downloading github.com/bmatcuk/doublestar/v4 v4.0.2
go: downloading golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e
go: extracting golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e
go: extracting github.com/bmatcuk/doublestar/v4 v4.0.2
go: finding golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e
go: finding github.com/bmatcuk/doublestar/v4 v4.0.2
build github.com/google/addlicense: cannot load io/fs: malformed module path "io/fs": missing dot in first path element

I would like to know which version of addlicense I have installed to know whether I need to install a new one to fix a bug or update to the version a repo has pinned.

we've (w/@Dentrax) just noticed that this project currently uses GoReleaser to make a new release, and the buildx tool to build and push container images, so, we can use GoReleaser to do the same for container images. By doing so, we can remove an additional step in the GitHub Actions workflow for building/pushing container images, also, we can sign our container images or binaries with cosign too.

Feel free to assign this to us, if you agree with this idea, we would love to work on this 🥳

There is no point in having copyright headers in generated files. The standard for ignoring generated files in Go is the regexp ^// Code generated .* DO NOT EDIT\.$.

See go generate help at;
https://github.com/golang/go/blob/go1.14.2/src/cmd/go/internal/generate/generate.go#L56

addlicense with a PHP file introduces the license header within separate PHP tags <?php ... ?> and introduces a blank line.

@@ -1,4 +1,20 @@
 <?php
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+?>
+
+<?php
 
 namespace App;

This style of change causes Symfony to fail:

...
[builder] Script cache:clear returned with error code 255
[builder] !!  
[builder] !!  
[builder] !!  Fatal error: Namespace declaration statement has to be the very first statement or after any declare call in the script in /workspace/src/Kernel.php on line 19
[builder] !!  Symfony\Component\ErrorHandler\Error\FatalError {#19
[builder] !!    -error: array:4 [
[builder] !!      "type" => 64
[builder] !!      "message" => "Namespace declaration statement has to be the very first statement or after any declare call in the script"
[builder] !!      "file" => "/workspace/src/Kernel.php"
[builder] !!      "line" => 19
[builder] !!    ]
[builder] !!    #message: "Compile Error: Namespace declaration statement has to be the very first statement or after any declare call in the script"
[builder] !!    #code: 0
[builder] !!    #file: "./src/Kernel.php"
[builder] !!    #line: 19
[builder] !!  }

Changing the header to be within the original PHP tags keeps Symfony happy.

I just tried SPDX flag first time and noticed addlicense adds copyright line before the SPDX identifier.

$ addlicense -s=only -c Furkan .

Actual:

Copyright ...
SPDX-License-Identifier:

My expectation according to other open source projects, solidity, etc.:

SPDX-License-Identifier:
Copyright ...

Any ways to reorder of those? Shouldn't the right way is the bottom one?

It seems the majority of Java projects puts the license on top of the file via multiple comments /* ... */, but addlicense uses // for Java and Kotlin:

Is there any reason for this? If not, I think we should move .java, .kt and .kts a few lines above with other languages that use /* ... */.

Unless I'm missing something in the documentation, there's no way to update the license and apply this change in the relevant files. This is particularly important when the year span changes and an update mechanism would be useful.

The tool only supports line comments at this time. Additionally, it will not detect existing general comment blocks, causing duplication where these have been used.

Example diff:

+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 /*

 Licensed under the Apache License, Version 2.0 (the "License");

I installed Go and then installed as instructed by the readme:

go get -u github.com/google/addlicense

addlicense is still not an executable on my system as far as I can tell. How do I run addlicense?

We (w/@Dentrax) thought that in scenarios such as checking license headers, we use addlicence tool like the following way:

  license-check:
    name: license boilerplate check
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-go@v2
        with:
          go-version: '1.17.x'
      - name: Install addlicense
        run: go install github.com/google/addlicense@latest
      - name: Check license headers
        run: |
          set -e
          addlicense -l apache -c 'The Sigstore Authors' -v *
          git diff --exit-code

As you can see from the above GitHub Action definition, we use additional git commands to check that is there any leaked license headers in the codebase, so, what we are proposing is that we add this logic into addlicence tool with an additional flag-like --fail-on-diff.

It would be great to have a non-multiline comment support enabled with a new flag. Multiline comments /*\n*\n*\n*/ takes more lines and makes it harder to read for me. Here is a simple proposal:

$ touch foo.c
$ addlicense -s=only -c Furkan .

Actual: (Multiline comment)

/*
 * Copyright 2022 Furkan
 * SPDX-License-Identifier: Apache-2.0
 */

New flag way: (comment)

// Copyright 2022 Furkan
// SPDX-License-Identifier: Apache-2.0

The Apache License template indents the URL with 5 spaces:

where the letter h is under a:

You may obtain a copy of the License at
     |
     http://www.apache.org/licenses/LICENSE-2.0

The generated license also indent with 5 spaces:

In the Apache official license template: https://www.apache.org/licenses/LICENSE-2.0#apply

Copyright [yyyy] [name of copyright owner]

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

The URL is indented by 4 spaces and the letter h is under m.

You can also find the LICENSE file is indent by 4 spaces (h under m):

The capability to list files that will be modified, but without modifying them, will be very useful.

This will also allow addlicense to be used in CI environments, git-hooks, etc., to ensure licensing compliance.

Logs like:

#5 18.53 # github.com/golang/dep/gps
#5 18.53 pkg/mod/github.com/golang/[email protected]/gps/constraint.go:103:21: cannot use sv (type *semver.Version) as type semver.Version in field value
#5 18.53 pkg/mod/github.com/golang/[email protected]/gps/constraint.go:122:16: invalid type assertion: c.(semver.Version) (non-interface type *semver.Constraints on left)
#5 18.53 pkg/mod/github.com/golang/[email protected]/gps/constraint.go:149:4: undefined: semver.Constraint

Relates to issue: golang/dep#2223
Can be fixed by using this suggestion on that issue: golang/dep#2223 (comment)

I'm looking to integrate addLicense into an existing suite of internal FOSS compliance-related tooling, and part of that would be eased by decoupling the addLicense functions from the CLI-specific code that uses them. I'd like to propose the following changes (which I will happily create a PR for), but I wanted to check in with maintainers prior to doing so:

1. Turn main() into a function that consists solely of flag parsing and calling a new Run() function
2. Break out the rest of main() into a Run() function that takes in the parsed flag values and executes everything else (goroutines, etc)
3. Export fileMatches, addLicense, licenseHeader, isGenerated, and hasLicense

@willnorris et al, are there any thoughts or concerns about that approach? My over-arching goal is to increase composability.

Hey folks,

Is there any way to ignore subdirectories based on the directory name? We currently have a lerna monorepo and I find it difficult to exclude multiple node_modules folders.

The optimal would be to use it like this

addlicense -c "Neo4j Inc." -f license.txt -check ./**/*.{js,ts,css} -ignore **/node_modules/*

but it doesn't seem to work.

The directories also are in the following tree structure

.
├── CONTRIBUTING.md
├── README.md
├── lerna.json
├── license.js
├── license.txt
├── node_modules
├── package.json
├── packages
│   ├── base
│   │   ├── node_modules
│   │   ├── package.json
│   │   ├── src
│   ├── html-storybook
│   │   ├── node_modules
│   │   ├── package.json
│   ├── react
│   │   ├── node_modules
│   │   ├── package.json
│   │   ├── src
│   │   └── tsconfig.json
│   └── react-storybook
│       ├── node_modules
│       ├── package.json
│       └── src
├── tsconfig.json
└── yarn.lock

I'm using the addlicense container like so:

$ podman run --rm -v $PWD:/src ghcr.io/google/addlicense -v -check -ignore node_modules/** .

But this doesn't skip node_modules directory. However, if I changed it to -ignore=node_modules/**, then it skips node_modules as expected.

If this isn't a bug then it should be made clear in the readme that = is required