cashapp/licensee

Feature Request: Add configuration to disable unused spdx-identifier, license-url and dependency warnings

mervyn-mccreight opened this issue · 6 comments

Imagine one wants to provide a centralized configuration of allowed libraries open for everyone to use.
It would be nice to have the ability to disable the warnings, otherwise one might get spammed with the warnings, because a centralized catalogue might most possibly cover more licenses than you actually use.

Makes sense!

Thanks for your quick reply!
I prepared a PR for this feature, looking forward to your feedback on it.

hfhbd commented

I don't see the use case without applying the plugin to the root project which is discouraged and should be prevented in upcoming Gradle releases. Instead, use convention plugins and apply the plugin for each project. This also allows you to allow some base spdx licenses and allow individual licenses at project level.

I don't see the use case without applying the plugin to the root project which is discouraged and should be prevented in upcoming Gradle releases. Instead, use convention plugins and apply the plugin for each project. This also allows you to allow some base spdx licenses and allow individual licenses at project level.

Suppose you have a project consisting of ten subprojects. There is a convention plugin enabling the licensee plugin. This convention plugin is used in all subprojects. All but one subproject have a dependency to a library that is licensed under the MIT license.

Now there are two possibilities to allow dependencies to the MIT-licensed library:

  • Allow the MIT license in all subprojects that depend on the library. Changes to nine different files are necessary.
  • Allow the MIT license in the convention plugin. Only one file needs to be changed.

While I don't see a reason why one should not go for the second option, a warning will be generated for the submodule that does not have the dependency to the MIT-licensed library.

Another use case could be when you work in an environment where you have a global allowed set of allowed open source licenses.

You could write a convenience plugin then in which you use this plugin and configure it to allow this specific set of licenses. That would be a one timer and the only reason to change something in this convenience plugin would be if the set of allowed licenses changes.

You could then use this plugin in all of your projects.

But going forward like this, one would possibly get a lot of warnings because of unused but allowed licenses.

In case anyone's still interested, a PR's been merged to support this: #285

Comes with a new config option:

licensee {
  unusedAction(UnusedAction.IGNORE) // defaults to WARN
}