sensslen / nuget-license Goto Github PK

View Code? Open in Web Editor NEW

This project forked from tomchavakis/nuget-license

14.0 14.0 5.0 2.25 MB

.NET Core tool to print or save all the licenses of a project

License: Apache License 2.0

C# 100.00%

nuget-license's People

Contributors

Stargazers

Forkers

notofug rafntor lahma garcipat uturista

nuget-license's Issues

export-licenses-texts option is missing

Are there any plans to reintroduce the --export-licenses-texts option, as we need this to comply with many open source licenses which explicitly require you include the actual license text

For example BSD says:

Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

chore(deps): update nuget monorepo to v6.10.0 (NuGet.Commands, NuGet.Packaging)

Detected dependencies

github-actions

.github/workflows/action.yml

actions/checkout v4

actions/setup-dotnet v4

actions/checkout v4

actions/setup-dotnet v4

nuget/setup-nuget v2

microsoft/setup-msbuild v2

microsoft/vstest-action v1.0.0

actions/checkout v4

actions/checkout v4

actions/setup-dotnet v4

actions/checkout v4

nuget/setup-nuget v2

microsoft/setup-msbuild v2

actions/checkout v4

actions/setup-dotnet v4

paulhatch/semantic-version v5.4.0

actions/checkout v4

nuget/setup-nuget v2

microsoft/setup-msbuild v2

paulhatch/semantic-version v5.4.0

.github/workflows/release.yml

actions/checkout v4

actions/setup-dotnet v4

actions/setup-dotnet v4

actions/setup-dotnet v4

nowsprinting/check-version-format-action v3

nuget/setup-nuget v2

microsoft/setup-msbuild v2

microsoft/vstest-action v1.0.0

thedoctor0/zip-release 0.7.6

softprops/action-gh-release v2

nuget

integration/ProjectWithReferenceContainingLicenseExpression/ProjectWithReferenceContainingLicenseExpression.csproj

CsvHelper 32.0.3

src/NuGetUtility/NuGetUtility.csproj

System.Collections.Immutable 8.0.0

Microsoft.Bcl.HashCode 1.1.1

Tethys.SPDX.ExpressionParser 2.1.2

NuGet.Packaging 6.9.1

NuGet.Commands 6.9.1

Microsoft.Build.Locator 1.7.8

McMaster.Extensions.CommandLineUtils 4.1.1

Check this box to trigger a request for Renovate to run again on this repository

The package CsvHelper (https://joshclose.github.io/CsvHelper/) provides "MS-PL OR Apache-2.0" as license information. The check fails since the value is not present in our allow list. In the previous version we didn't have this issue.

As a workaround I solved it by setting the license manually with the "--override-package-information" option to "Apache-2.0". But it would be great if the tool could handle multiple licenses out of the box.

Add Test to check whether all license mappings included still provide a license and the right license

Unhandled Exception after adding NuGet.Config to solution

We have the following project structure for our .NET 8 project

| MyProject
|- src
   |- MyProject.Common (contains .csproj + source)
   |- MyProject.WebApi (contains .csproj + source)
   |- ...
|- MyProject.sln
|- NuGet.Config

and are building a docker image for the application. In the Dockerfile we install nuget-license and execute it to generate a list of licenses

FROM mcr.microsoft.com/dotnet/sdk:8.0-jammy AS build

WORKDIR /app

COPY ./src ./src
COPY MyProject.sln NuGet.Config ./

RUN dotnet restore "src/MyProject.WebApi/MyProject.WebApi.csproj"
RUN dotnet build "src/MyProject.WebApi/MyProject.WebApi.csproj" --no-restore -c Release -o out

RUN dotnet tool install --global nuget-license
# Only pass projects to nuget-license that do not start with Tests.
RUN tests=$(find src/*/*.csproj -name '*.csproj' ! -path "src/Tests.*/*.csproj" -exec echo -n '"{}", ' \;)  \
    && tests=${tests::-2} && echo "[${tests}]" > projects-filter.json \
    && nuget-license --json-input projects-filter.json > LICENSES.html

...

Everything was working fine until NuGet.Config file was added to the solution. Since then build fails with following exception

Unhandled exception. NuGet.Configuration.NuGetConfigurationException: Unexpected failure reading NuGet.Config. Path: '/app/src/MyProject.Common/MyProject.Common.csproj/NuGet.Config'.
 ---> System.IO.IOException: The file '/app/src/MyProject.Common/MyProject.Common.csproj' already exists.
   at System.IO.FileSystem.CreateDirectory(String fullPath, UnixFileMode unixCreateMode)
   at System.IO.Directory.CreateDirectory(String path)
   at NuGet.Configuration.FileSystemUtility.AddFile(String fullPath, Action`1 writeToStream)
   at NuGet.Configuration.FileSystemUtility.GetOrCreateDocument(XDocument content, String fullPath)
   at NuGet.Configuration.SettingsFile.<>c__DisplayClass23_0.<.ctor>b__0()
   at NuGet.Configuration.SettingsFile.<>c__DisplayClass32_0.<ExecuteSynchronized>b__0()
   --- End of inner exception stack trace ---
   at NuGet.Configuration.SettingsFile.<>c__DisplayClass32_0.<ExecuteSynchronized>b__0()
   at NuGet.Common.ConcurrencyUtilities.ExecuteWithFileLocked(String filePath, Action action)
   at NuGet.Configuration.SettingsFile.ExecuteSynchronized(Action ioOperation)
   at NuGet.Configuration.SettingsFile..ctor(String directoryPath, String fileName, Boolean isMachineWide, Boolean isReadOnly)
   at NuGet.Configuration.Settings.ReadSettings(String settingsRoot, String settingsPath, Boolean isMachineWideSettings, Boolean isAdditionalUserWideConfig, SettingsLoadingContext settingsLoadingContext)
   at NuGet.Configuration.Settings.<>c__DisplayClass29_0.<LoadSettings>b__0(String f)
   at System.Linq.Enumerable.SelectEnumerableIterator`2.MoveNext()
   at System.Linq.Enumerable.WhereEnumerableIterator`1.MoveNext()
   at System.Collections.Generic.List`1.AddRange(IEnumerable`1 collection)
   at NuGet.Configuration.Settings.LoadSettings(String root, String configFileName, IMachineWideSettings machineWideSettings, Boolean loadUserWideSettings, Boolean useTestingGlobalPath, SettingsLoadingContext settingsLoadingContext)
   at NuGet.Configuration.Settings.LoadDefaultSettings(String root)
   at NuGetUtility.Program.GetPackageInfos(ProjectWithReferencedPackages projectWithReferences, IEnumerable`1 overridePackageInformation, CancellationToken cancellation) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 155
   at NuGetUtility.Program.<>c__DisplayClass35_0.<OnExecuteAsync>b__1(ProjectWithReferencedPackages p) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 132
   at NuGetUtility.Extension.AsyncEnumerableExtension.SelectMany[TSource,TResult](IEnumerable`1 input, Func`2 transform)+MoveNext() in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Extension/AsyncEnumerableExtension.cs:line 21
   at NuGetUtility.Extension.AsyncEnumerableExtension.SelectMany[TSource,TResult](IEnumerable`1 input, Func`2 transform)+System.Threading.Tasks.Sources.IValueTaskSource<System.Boolean>.GetResult()
   at NuGetUtility.LicenseValidator.LicenseValidator.Validate(IAsyncEnumerable`1 packages, CancellationToken token) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 35
   at NuGetUtility.LicenseValidator.LicenseValidator.Validate(IAsyncEnumerable`1 packages, CancellationToken token) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 35
   at NuGetUtility.Program.OnExecuteAsync(CancellationToken cancellationToken) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 133
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.InvokeAsync(MethodInfo method, Object instance, Object[] arguments)
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.OnExecute(ConventionContext context, CancellationToken cancellationToken)
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.<>c__DisplayClass0_0.<<Apply>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync(String[] args, CancellationToken cancellationToken)
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](CommandLineContext context, CancellationToken cancellationToken)
   at NuGetUtility.Program.Main(String[] args) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 93
   at NuGetUtility.Program.<Main>(String[] args)
/bin/bash: line 1:    13 Aborted                 nuget-license --json-input projects-filter.json > LICENSES.html

I'm not sure what's going on here and why it tries to load NuGet.Config file from Common project folder altough it's only located in root folder (as it should be). Any ideas what could be the problem here?

Running on asp.net api sln results in System.InvalidProjectFileException

Running using the the arguments nuget-license -i ApiServer.sln -t -d licenses on our Asp.net web api project results in the following exception:

Unhandled exception. Microsoft.Build.Exceptions.InvalidProjectFileException: The project file could not be loaded. Could not find file '/home/daniel/Work/hydra-src/apps/API-Server/Pttox.Forms.sln'.  /home/daniel/Work/hydra-src/apps/API-Server/Pttox.Forms.sln
   at Microsoft.Build.Shared.ProjectFileErrorUtilities.VerifyThrowInvalidProjectFile(Boolean condition, String errorSubCategoryResourceName, BuildEventFileInfo projectFile, Exception innerException, String resourceName, Object[] args)
   at Microsoft.Build.Construction.SolutionFile.ParseSolutionFile()
   at Microsoft.Build.Construction.SolutionFile.Parse(String solutionFile)
   at NuGetUtility.Wrapper.MsBuildWrapper.MsBuildAbstraction.GetProjectsFromSolution(String inputPath) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Wrapper/MsBuildWrapper/MsBuildAbstraction.cs:line 57
   at NuGetUtility.ReferencedPackagesReader.ProjectsCollector.GetProjects(String inputPath) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/ReferencedPackagesReader/ProjectsCollector.cs:line 15
   at System.Linq.Enumerable.SelectManySingleSelectorIterator`2.MoveNext()
   at System.Linq.Enumerable.SelectEnumerableIterator`2.MoveNext()
   at NuGetUtility.Extension.AsyncEnumerableExtension.SelectMany[TSource,TResult](IEnumerable`1 input, Func`2 transform)+MoveNext() in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Extension/AsyncEnumerableExtension.cs:line 19
   at NuGetUtility.Extension.AsyncEnumerableExtension.SelectMany[TSource,TResult](IEnumerable`1 input, Func`2 transform)+System.Threading.Tasks.Sources.IValueTaskSource<System.Boolean>.GetResult()
   at NuGetUtility.LicenseValidator.LicenseValidator.Validate(IAsyncEnumerable`1 packages) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 33
   at NuGetUtility.LicenseValidator.LicenseValidator.Validate(IAsyncEnumerable`1 packages) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 33
   at NuGetUtility.Program.OnExecuteAsync(CancellationToken cancellationToken) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 126
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.InvokeAsync(MethodInfo method, Object instance, Object[] arguments)
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.OnExecute(ConventionContext context, CancellationToken cancellationToken)
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.<>c__DisplayClass0_0.<<Apply>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync(String[] args, CancellationToken cancellationToken)
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](CommandLineContext context, CancellationToken cancellationToken)
   at NuGetUtility.Program.Main(String[] args) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 86
   at NuGetUtility.Program.<Main>(String[] args)
Aborted (core dumped)
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](CommandLineContext context, CancellationToken cancellationToken)
   at NuGetUtility.Program.Main(String[] args) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 86
   at NuGetUtility.Program.<Main>(String[] args)
Aborted (core dumped)

The readme says that the -i is "Project or Solution to be analyzed" so I would expect it to handle a sln file.

Investigate using Msbuild.locator to find c++ props

LicenseDownloadException: Failed to download license

I'm getting LicenseDownloadExceptions on two of my projects, one is a Asp.net webapi project and one is a .net maui project.

Maui Project
Command nuget-license -i Pttox.Forms.sln -t -d licenses -o jsonPretty

Output:

Unhandled exception. NuGetUtility.LicenseValidator.LicenseDownloadException: Failed to download license for package System.Buffers (4.3.0).
Context: /home/daniel/Work/hydra-src/apps/Xamarin-PTToX/src/Pttox.Forms/Pttox.Forms.csproj
 ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 429 (Too Many Requests).
   at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
   at System.Net.Http.HttpClient.GetStreamAsyncCore(HttpRequestMessage request, CancellationToken cancellationToken)
   at NuGetUtility.Wrapper.HttpClientWrapper.FileDownloader.DownloadFile(Uri url, String fileName) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Wrapper/HttpClientWrapper/FileDownloader.cs:line 17
   at NuGetUtility.Wrapper.HttpClientWrapper.FileDownloader.DownloadFile(Uri url, String fileName)
   at NuGetUtility.LicenseValidator.LicenseValidator.ValidateLicenseByUrl(IPackageMetadata info, String context, ConcurrentDictionary`2 result) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 164
   --- End of inner exception stack trace ---
   at NuGetUtility.LicenseValidator.LicenseValidator.ValidateLicenseByUrl(IPackageMetadata info, String context, ConcurrentDictionary`2 result) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 169
   at NuGetUtility.LicenseValidator.LicenseValidator.Validate(IAsyncEnumerable`1 packages) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 47
   at NuGetUtility.LicenseValidator.LicenseValidator.Validate(IAsyncEnumerable`1 packages) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 33
   at NuGetUtility.Program.OnExecuteAsync(CancellationToken cancellationToken) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 126
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.InvokeAsync(MethodInfo method, Object instance, Object[] arguments)
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.OnExecute(ConventionContext context, CancellationToken cancellationToken)
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.<>c__DisplayClass0_0.<<Apply>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync(String[] args, CancellationToken cancellationToken)
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](CommandLineContext context, CancellationToken cancellationToken)
   at NuGetUtility.Program.Main(String[] args) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 86
   at NuGetUtility.Program.<Main>(String[] args)
Aborted (core dumped)

Asp.net webapi project
Command : nuget-license -i ApiServer.sln -t -d licenses -o jsonPretty

Output:

Unhandled exception. NuGetUtility.LicenseValidator.LicenseDownloadException: Failed to download license for package NETStandard.Library (2.0.0).
Context: /home/daniel/Work/hydra-src/apps/API-Server/ApiServer.Tests/ApiServer.Tests.csproj
 ---> System.Net.Http.HttpRequestException: Response status code does not indicate success: 404 (Not Found).
   at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
   at System.Net.Http.HttpClient.GetStreamAsyncCore(HttpRequestMessage request, CancellationToken cancellationToken)
   at NuGetUtility.Wrapper.HttpClientWrapper.FileDownloader.DownloadFile(Uri url, String fileName) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Wrapper/HttpClientWrapper/FileDownloader.cs:line 17
   at NuGetUtility.Wrapper.HttpClientWrapper.FileDownloader.DownloadFile(Uri url, String fileName) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Wrapper/HttpClientWrapper/FileDownloader.cs:line 19
   at NuGetUtility.LicenseValidator.LicenseValidator.ValidateLicenseByUrl(IPackageMetadata info, String context, ConcurrentDictionary`2 result) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 164
   --- End of inner exception stack trace ---
   at NuGetUtility.LicenseValidator.LicenseValidator.ValidateLicenseByUrl(IPackageMetadata info, String context, ConcurrentDictionary`2 result) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 169
   at NuGetUtility.LicenseValidator.LicenseValidator.Validate(IAsyncEnumerable`1 packages) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 47
   at NuGetUtility.LicenseValidator.LicenseValidator.Validate(IAsyncEnumerable`1 packages) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/LicenseValidator/LicenseValidator.cs:line 33
   at NuGetUtility.Program.OnExecuteAsync(CancellationToken cancellationToken) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 126
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.InvokeAsync(MethodInfo method, Object instance, Object[] arguments)
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.OnExecute(ConventionContext context, CancellationToken cancellationToken)
   at McMaster.Extensions.CommandLineUtils.Conventions.ExecuteMethodConvention.<>c__DisplayClass0_0.<<Apply>b__0>d.MoveNext()
--- End of stack trace from previous location ---
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync(String[] args, CancellationToken cancellationToken)
   at McMaster.Extensions.CommandLineUtils.CommandLineApplication.ExecuteAsync[TApp](CommandLineContext context, CancellationToken cancellationToken)
   at NuGetUtility.Program.Main(String[] args) in /home/runner/work/nuget-license/nuget-license/src/NuGetUtility/Program.cs:line 86
   at NuGetUtility.Program.<Main>(String[] args)
Aborted (core dumped)

Cache licenses

Problem

With projects that depend on many libraries we may hit the same license URL a lot of times.

In fact, with some combinations, we may hit the same URL so many times that we trigger 429 errors and we fail to download the actual license.

Proposed solution

Cache the URL->License response combo, then when another package attempts to download from the same source we simply use the cached file.

Is the plan to add support for projects using packages.config?

Asking in an issue since no discussion activated here :-)

I see ref to packages.config-based projects and would love support for that.

I have mixed environment setup with C# (reference-style) and C++ projects that must use packages.config-style. (e.g : nlohmann/json#1132 (comment))

Beeing able to handle 'everything' would be great 👍

Not all package information in the output

Whe I'm analyzing our project im only getting a few things and some are missing.

received:

{
    "PackageId": "System.Text.RegularExpressions",
    "PackageVersion": "4.3.1",
    "PackageProjectUrl": "https://dot.net/",
    "License": "MS-EULA",
    "LicenseInformationOrigin": 1
}

expected:

{
    "PackageId": "System.Text.RegularExpressions",
    "PackageVersion": "4.3.1",
    "PackageProjectUrl": "https://dot.net/",
    "**RepositoryUrl**": "https://github.com/dotnet/runtime",
    "License": "MS-EULA",
    "**LicenseUrl**": 
    "**LicenseFile**":
    "LicenseInformationOrigin": 1
  }

LicesneUrl is legacy, maybe its worth merging them having LicenseFile higher prio.

I saw that there are properties in the metadata but it seems they are not used.

[Question] Print the projects of specific nuget?

Hi
in tomchavakis#192 I asked about included the nuget in each project.
it was added in MR tomchavakis#199

Any plan to add this (if not yet added)?