Provide --summary flag to generate the license summary file (#103)

Author: mrproliu

README.md

@@ -23,6 +23,7 @@ import (
 	"path/filepath"
 	"regexp"
 	"strings"
+	"text/template"
 
 	"github.com/spf13/cobra"
 
@@ -31,10 +32,15 @@ import (
 )
 
 var outDir string
+var summaryTplPath string
+var summaryTpl *template.Template
 
 func init() {
 	DepsResolveCommand.PersistentFlags().StringVarP(&outDir, "output", "o", "",
 		"the directory to output the resolved dependencies' licenses, if not set the dependencies' licenses won't be saved")
+	DepsResolveCommand.PersistentFlags().StringVarP(&summaryTplPath, "summary", "s", "",
+		"the template file to write the summary of dependencies' licenses, a new file named \"LICENSE\" will be "+
+			"created in the same directory as the template file, to save the final summary.")
 }
 
 var fileNamePattern = regexp.MustCompile(`[^a-zA-Z0-9\\.\-]`)
@@ -44,16 +50,27 @@ var DepsResolveCommand = &cobra.Command{
 	Aliases: []string{"r"},
 	Long:    "resolves all dependencies of a module and their transitive dependencies",
 	PreRunE: func(cmd *cobra.Command, args []string) error {
-		if outDir == "" {
-			return nil
-		}
-		absPath, err := filepath.Abs(outDir)
-		if err != nil {
-			return err
+		if outDir != "" {
+			absPath, err := filepath.Abs(outDir)
+			if err != nil {
+				return err
+			}
+			outDir = absPath
+			if err := os.MkdirAll(outDir, 0o700); err != nil && !os.IsExist(err) {
+				return err
+			}
 		}
-		outDir = absPath
-		if err := os.MkdirAll(outDir, 0o700); err != nil && !os.IsExist(err) {
-			return err
+		if summaryTplPath != "" {
+			absPath, err := filepath.Abs(summaryTplPath)
+			if err != nil {
+				return err
+			}
+			summaryTplPath = absPath
+			tpl, err := deps.ParseTemplate(summaryTplPath)
+			if err != nil {
+				return err
+			}
+			summaryTpl = tpl
 		}
 		return nil
 	},
@@ -64,6 +81,12 @@ var DepsResolveCommand = &cobra.Command{
 			return err
 		}
 
+		if summaryTpl != nil {
+			if err := writeSummary(&report); err != nil {
+				return err
+			}
+		}
+
 		if outDir != "" {
 			for _, result := range report.Resolved {
 				writeLicense(result)
@@ -102,3 +125,17 @@ func writeLicense(result *deps.Result) {
 		return
 	}
 }
+
+func writeSummary(rep *deps.Report) error {
+	file, err := os.Create(filepath.Join(filepath.Dir(summaryTplPath), "LICENSE"))
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+	summary, err := deps.GenerateSummary(summaryTpl, &Config.Header, rep)
+	if err != nil {
+		return err
+	}
+	_, err = file.WriteString(summary)
+	return err
+}

commands/deps_resolve.go

@@ -23,7 +23,14 @@ import (
 )
 
 type ConfigDeps struct {
-	Files []string `yaml:"files"`
+	Files   []string            `yaml:"files"`
+	License []*ConfigDepLicense `yaml:"licenses"`
+}
+
+type ConfigDepLicense struct {
+	Name    string `yaml:"name"`
+	Version string `yaml:"version"`
+	License string `yaml:"license"`
 }
 
 func (config *ConfigDeps) Finalize(configFile string) error {

pkg/deps/config.go

@@ -45,7 +45,7 @@ func (resolver *GoModResolver) CanResolve(file string) bool {
 }
 
 // Resolve resolves licenses of all dependencies declared in the go.mod file.
-func (resolver *GoModResolver) Resolve(goModFile string, report *Report) error {
+func (resolver *GoModResolver) Resolve(goModFile string, licenses []*ConfigDepLicense, report *Report) error {
 	if err := os.Chdir(filepath.Dir(goModFile)); err != nil {
 		return err
 	}
@@ -78,13 +78,19 @@ func (resolver *GoModResolver) Resolve(goModFile string, report *Report) error {
 
 	logger.Log.Debugln("Module size:", len(modules))
 
-	return resolver.ResolvePackages(modules, report)
+	return resolver.ResolvePackages(modules, licenses, report)
 }
 
 // ResolvePackages resolves the licenses of the given packages.
-func (resolver *GoModResolver) ResolvePackages(modules []*packages.Module, report *Report) error {
+func (resolver *GoModResolver) ResolvePackages(modules []*packages.Module, licenses []*ConfigDepLicense, report *Report) error {
 	for _, module := range modules {
-		err := resolver.ResolvePackageLicense(module, report)
+		var decalreLicense *ConfigDepLicense
+		for _, l := range licenses {
+			if l.Name == module.Path && l.Version == module.Version {
+				decalreLicense = l
+			}
+		}
+		err := resolver.ResolvePackageLicense(module, decalreLicense, report)
 		if err != nil {
 			logger.Log.Warnf("Failed to resolve the license of <%s>: %v\n", module.Path, err)
 			report.Skip(&Result{
@@ -99,7 +105,7 @@ func (resolver *GoModResolver) ResolvePackages(modules []*packages.Module, repor
 
 var possibleLicenseFileName = regexp.MustCompile(`(?i)^LICENSE|LICENCE(\.txt)?|COPYING(\.txt)?$`)
 
-func (resolver *GoModResolver) ResolvePackageLicense(module *packages.Module, report *Report) error {
+func (resolver *GoModResolver) ResolvePackageLicense(module *packages.Module, declareLicense *ConfigDepLicense, report *Report) error {
 	dir := module.Dir
 
 	for {
@@ -117,15 +123,22 @@ func (resolver *GoModResolver) ResolvePackageLicense(module *packages.Module, re
 			if err != nil {
 				return err
 			}
-			identifier, err := license.Identify(module.Path, string(content))
-			if err != nil {
-				return err
+			var licenseID string
+			if declareLicense != nil {
+				licenseID = declareLicense.License
+			} else {
+				identifier, err := license.Identify(module.Path, string(content))
+				if err != nil {
+					return err
+				}
+				licenseID = identifier
 			}
+
 			report.Resolve(&Result{
 				Dependency:      module.Path,
 				LicenseFilePath: licenseFilePath,
 				LicenseContent:  string(content),
-				LicenseSpdxID:   identifier,
+				LicenseSpdxID:   licenseID,
 				Version:         module.Version,
 			})
 			return nil

pkg/deps/golang.go

@@ -37,7 +37,7 @@ func (resolver *JarResolver) CanResolve(jarFile string) bool {
 	return filepath.Ext(jarFile) == ".jar"
 }
 
-func (resolver *JarResolver) Resolve(jarFile string, report *Report) error {
+func (resolver *JarResolver) Resolve(jarFile string, licenses []*ConfigDepLicense, report *Report) error {
 	state := NotFound
 	if err := resolver.ResolveJar(&state, jarFile, Unknown, report); err != nil {
 		dep := filepath.Base(jarFile)
@@ -76,7 +76,7 @@ func (resolver *JarResolver) ResolveJar(state *State, jarFile, version string, r
 				return err
 			}
 
-			return resolver.IdentifyLicense(jarFile, dep, buf.String(), version, report)
+			return resolver.IdentifyLicense(jarFile, dep, buf.String(), version, nil, report)
 		}
 	}
 
@@ -122,17 +122,23 @@ func (resolver *JarResolver) ReadFileFromZip(archiveFile *zip.File) (*bytes.Buff
 	return buf, nil
 }
 
-func (resolver *JarResolver) IdentifyLicense(path, dep, content, version string, report *Report) error {
-	identifier, err := license.Identify(path, content)
-	if err != nil {
-		return err
+func (resolver *JarResolver) IdentifyLicense(path, dep, content, version string, declareLicense *ConfigDepLicense, report *Report) error {
+	var licenseID string
+	if declareLicense != nil {
+		licenseID = declareLicense.License
+	} else {
+		identifier, err := license.Identify(path, content)
+		if err != nil {
+			return err
+		}
+		licenseID = identifier
 	}
 
 	report.Resolve(&Result{
 		Dependency:      dep,
 		LicenseFilePath: path,
 		LicenseContent:  content,
-		LicenseSpdxID:   identifier,
+		LicenseSpdxID:   licenseID,
 		Version:         version,
 	})
 	return nil

pkg/deps/jar.go

@@ -132,7 +132,7 @@ func TestResolveJar(t *testing.T) {
 		report := deps.Report{}
 		for _, jar := range jars {
 			if resolver.CanResolve(jar) {
-				if err := resolver.Resolve(jar, &report); err != nil {
+				if err := resolver.Resolve(jar, nil, &report); err != nil {
 					t.Error(err)
 					return
 				}

pkg/deps/jar_test.go

@@ -48,7 +48,7 @@ func (resolver *MavenPomResolver) CanResolve(mavenPomFile string) bool {
 }
 
 // Resolve resolves licenses of all dependencies declared in the pom.xml file.
-func (resolver *MavenPomResolver) Resolve(mavenPomFile string, report *Report) error {
+func (resolver *MavenPomResolver) Resolve(mavenPomFile string, licenses []*ConfigDepLicense, report *Report) error {
 	if err := os.Chdir(filepath.Dir(mavenPomFile)); err != nil {
 		return err
 	}
@@ -70,7 +70,7 @@ func (resolver *MavenPomResolver) Resolve(mavenPomFile string, report *Report) e
 		}
 	}
 
-	return resolver.ResolveDependencies(deps, report)
+	return resolver.ResolveDependencies(deps, licenses, report)
 }
 
 // CheckMVN check available maven tools, find local repositories and download all dependencies
@@ -142,10 +142,16 @@ func (resolver *MavenPomResolver) LoadDependencies() ([]*Dependency, error) {
 }
 
 // ResolveDependencies resolves the licenses of the given dependencies
-func (resolver *MavenPomResolver) ResolveDependencies(deps []*Dependency, report *Report) error {
+func (resolver *MavenPomResolver) ResolveDependencies(deps []*Dependency, licenses []*ConfigDepLicense, report *Report) error {
 	for _, dep := range deps {
 		state := NotFound
-		err := resolver.ResolveLicense(&state, dep, report)
+		var declareLicense *ConfigDepLicense
+		for _, l := range licenses {
+			if l.Name == fmt.Sprintf("%s:%s", dep.GroupID, dep.ArtifactID) && l.Version == dep.Version {
+				declareLicense = l
+			}
+		}
+		err := resolver.ResolveLicense(&state, dep, declareLicense, report)
 		if err != nil {
 			logger.Log.Warnf("Failed to resolve the license of <%s>: %v\n", dep.Jar(), state.String())
 			report.Skip(&Result{
@@ -159,17 +165,17 @@ func (resolver *MavenPomResolver) ResolveDependencies(deps []*Dependency, report
 }
 
 // ResolveLicense search all possible locations of the license, such as pom file, jar package
-func (resolver *MavenPomResolver) ResolveLicense(state *State, dep *Dependency, report *Report) error {
+func (resolver *MavenPomResolver) ResolveLicense(state *State, dep *Dependency, declareLicense *ConfigDepLicense, report *Report) error {
 	err := resolver.ResolveJar(state, filepath.Join(resolver.repo, dep.Path(), dep.Jar()), dep.Version, report)
 	if err == nil {
 		return nil
 	}
 
-	return resolver.ResolveLicenseFromPom(state, dep, report)
+	return resolver.ResolveLicenseFromPom(state, dep, declareLicense, report)
 }
 
 // ResolveLicenseFromPom search for license in the pom file, which may appear in the header comments or in license element of xml
-func (resolver *MavenPomResolver) ResolveLicenseFromPom(state *State, dep *Dependency, report *Report) (err error) {
+func (resolver *MavenPomResolver) ResolveLicenseFromPom(state *State, dep *Dependency, declareLicense *ConfigDepLicense, report *Report) (err error) {
 	pomFile := filepath.Join(resolver.repo, dep.Path(), dep.Pom())
 
 	pom, err := resolver.ReadLicensesFromPom(pomFile)
@@ -192,7 +198,7 @@ func (resolver *MavenPomResolver) ResolveLicenseFromPom(state *State, dep *Depen
 		return err
 	} else if headerComments != "" {
 		*state |= FoundLicenseInPomHeader
-		return resolver.IdentifyLicense(pomFile, dep.Jar(), headerComments, dep.Version, report)
+		return resolver.IdentifyLicense(pomFile, dep.Jar(), headerComments, dep.Version, declareLicense, report)
 	}
 
 	return fmt.Errorf("not found in pom file")

pkg/deps/maven.go

@@ -113,7 +113,7 @@ func TestResolveMaven(t *testing.T) {
 
 		if resolver.CanResolve(pomFile) {
 			report := deps.Report{}
-			if err := resolver.Resolve(pomFile, &report); err != nil {
+			if err := resolver.Resolve(pomFile, nil, &report); err != nil {
 				t.Error(err)
 				return
 			}

pkg/deps/maven_test.go

@@ -63,7 +63,7 @@ func (resolver *NpmResolver) CanResolve(file string) bool {
 }
 
 // Resolve resolves licenses of all dependencies declared in the package.json file.
-func (resolver *NpmResolver) Resolve(pkgFile string, report *Report) error {
+func (resolver *NpmResolver) Resolve(pkgFile string, licenses []*ConfigDepLicense, report *Report) error {
 	workDir := filepath.Dir(pkgFile)
 	if err := os.Chdir(workDir); err != nil {
 		return err
@@ -85,7 +85,7 @@ func (resolver *NpmResolver) Resolve(pkgFile string, report *Report) error {
 	// Walk through each package's root directory to resolve licenses
 	// Resolve from a package's package.json file or its license file
 	for _, pkg := range pkgs {
-		if result := resolver.ResolvePackageLicense(pkg.Name, pkg.Path); result.LicenseSpdxID != "" {
+		if result := resolver.ResolvePackageLicense(pkg.Name, pkg.Path, licenses); result.LicenseSpdxID != "" {
 			report.Resolve(result)
 		} else {
 			result.LicenseSpdxID = Unknown
@@ -185,32 +185,39 @@ func (resolver *NpmResolver) GetInstalledPkgs(pkgDir string) []*Package {
 // First, try to find and parse the package's package.json file to check the license file
 // If the previous step fails, then try to identify the package's LICENSE file
 // It's a necessary procedure to check the LICENSE file, because the resolver needs to record the license content
-func (resolver *NpmResolver) ResolvePackageLicense(pkgName, pkgPath string) *Result {
+func (resolver *NpmResolver) ResolvePackageLicense(pkgName, pkgPath string, licenses []*ConfigDepLicense) *Result {
 	result := &Result{
 		Dependency: pkgName,
 	}
 	// resolve from the package.json file
-	if err := resolver.ResolvePkgFile(result, pkgPath); err != nil {
+	if err := resolver.ResolvePkgFile(result, pkgPath, licenses); err != nil {
 		result.ResolveErrors = append(result.ResolveErrors, err)
 	}
 
 	// resolve from the LICENSE file
-	if err := resolver.ResolveLcsFile(result, pkgPath); err != nil {
+	if err := resolver.ResolveLcsFile(result, pkgPath, licenses); err != nil {
 		result.ResolveErrors = append(result.ResolveErrors, err)
 	}
 
 	return result
 }
 
 // ResolvePkgFile tries to find and parse the package.json file to capture the license field
-func (resolver *NpmResolver) ResolvePkgFile(result *Result, pkgPath string) error {
+func (resolver *NpmResolver) ResolvePkgFile(result *Result, pkgPath string, licenses []*ConfigDepLicense) error {
 	expectedPkgFile := filepath.Join(pkgPath, PkgFileName)
 	packageInfo, err := resolver.ParsePkgFile(expectedPkgFile)
 	if err != nil {
 		return err
 	}
 
 	result.Version = packageInfo.Version
+	for _, l := range licenses {
+		if l.Name == packageInfo.Name && l.Version == packageInfo.Version {
+			result.LicenseSpdxID = l.License
+			return nil
+		}
+	}
+
 	if lcs, ok := resolver.ResolveLicenseField(packageInfo.License); ok {
 		result.LicenseSpdxID = lcs
 		return nil
@@ -259,7 +266,7 @@ func (resolver *NpmResolver) ResolveLicensesField(licenses []Lcs) (string, bool)
 }
 
 // ResolveLcsFile tries to find the license file to identify the license
-func (resolver *NpmResolver) ResolveLcsFile(result *Result, pkgPath string) error {
+func (resolver *NpmResolver) ResolveLcsFile(result *Result, pkgPath string, licenses []*ConfigDepLicense) error {
 	depFiles, err := os.ReadDir(pkgPath)
 	if err != nil {
 		return err
@@ -278,6 +285,12 @@ func (resolver *NpmResolver) ResolveLcsFile(result *Result, pkgPath string) erro
 		if result.LicenseSpdxID != "" {
 			return nil
 		}
+		for _, l := range licenses {
+			if l.Name == info.Name() && l.Version == result.Version {
+				result.LicenseSpdxID = l.License
+				return nil
+			}
+		}
 		identifier, err := license.Identify(result.Dependency, string(content))
 		if err != nil {
 			return err