FHPythonUtils/LicenseCheck

Question: poetry.lock file required for license checking?

afuetterer opened this issue · 3 comments

afuetterer commented

Question

  • I have read the comment above and have completed each step

Hi,

thanks for the great project. I didn't know that I needed this, but this is really helpful. Yesterday I added this via the pre-commit hook.

My question is: Is the poetry.lock file required for license checking? I was unsure what I was doing wrong, I got "WARN: 'UNKNOWN' License not identified so falling back to NO_LICENSE" consistently in CI.

I am writing a library and added poetry.lock to .gitignore.

I tried to create a minimal example of what is going wrong in CI here: https://github.com/afuetterer/minimal-example

I think the issue might come from the missing lockfile. Could that be it?

FredHappyface commented

Hey thanks for the issue. The lib will attempt to run poetry show, and it turns out that needs a poetry.lock file. See below

$ poetry show
Error: poetry.lock not found. Run `poetry lock` to create it.
$ poetry install
Updating dependencies
Resolving dependencies...

Writing lock file

Package operations: 30 installs, 1 update, 0 removals

...

Installing the current project: minimal-example (0.0.1)
$ poetry show
anyio               3.6.2     High level compatibility layer for multiple asynchronous event loop implementations
attrs               21.4.0    Classes Without Boilerplate
...
$ py -m licensecheck

                        list of packages
┏━━━━━━━━━━━━┳━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Compatible ┃ Package  ┃ License(s)                            ┃
┡━━━━━━━━━━━━╇━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ ✔          │ h11      │ MIT License                           │
│ ✔          │ sniffio  │ Apache Software License;; MIT License │
│ ✔          │ certifi  │ Mozilla Public License 2.0 (MPL 2.0)  │
│ ✔          │ httpcore │ BSD License                           │
│ ✔          │ idna     │ BSD License                           │
│ ✔          │ anyio    │ MIT License                           │
│ ✔          │ httpx    │ BSD License                           │
│ ✔          │ rfc3986  │ Apache Software License               │
└────────────┴──────────┴───────────────────────────────────────┘

Hope this helps :)

  • 👍1
afuetterer commented

Hi @FredHappyface, thank you for the explanation. So I guess I will just commit the lockfile as well.
Thanks for your awesome tool.

FredHappyface commented

Yeah that's probably worth doing for this. If you don't want to then make sure you do a poetry install/lock before running in cicd

Glad you find it useful!