Ensure license compliance in your Go projects with a simple GitHub Action that automates dependency checking.

Managing software licenses in Go projects is crucial but often overlooked. As a project grows and incorporates more dependencies, keeping track of their licenses becomes increasingly complex. Failing to comply with license requirements can lead to legal issues, reputational damage, and potential project disruptions.

Introducing go-licenses-action

go-licenses-action is a GitHub Action I created to automate license checking for Go projects. It leverages Google’s fantastic go-licenses tool to scan your Go module dependencies and verify their licenses against your policy.

What makes this GitHub Action particularly convenient:

1. Works out of the box with sensible defaults
2. Configure allowed or disallowed licenses and scanning behavior
3. Clear reporting of license violations

Integration go-licenses-action to your GitHub Actions workflow is straightforward. Here’s a simple example:

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]
jobs:
  license-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4    
      - uses: joeig/go-licenses-action@v1
        with:
          # Optional: Specify disallowed license types
          disallowed-types: 'forbidden,unknown'

This workflow will run on every push to the main branch and on pull requests. It checks that no dependencies use licenses from the disallowed types list. If any dependency uses a non-compliant license, the workflow will fail, alerting you to the issue before it becomes a problem.

Advanced configuration

For more complex projects, you can customize the behavior:

• Specify which licenses are allowed using the allowed-licenses parameter
• Include or exclude test dependencies with the include-tests parameter
• Target specific directories with the working-directory parameter

Refer to README.md for all available options.