Skip to content

Fix dependency license configuration#33

Merged
miki3421 merged 1 commit into
apache:mainfrom
miki3421:agent/fix-dependency-license-check
Jul 10, 2026
Merged

Fix dependency license configuration#33
miki3421 merged 1 commit into
apache:mainfrom
miki3421:agent/fix-dependency-license-check

Conversation

@miki3421

Copy link
Copy Markdown
Contributor

What changed

  • Removes package.json from dependency.files because the repository has no root Node project or npm lockfile.
  • Adds version-scoped license declarations for four Go modules that License Eye cannot identify automatically.

Root cause

The release workflow failed in the dependency license check for two independent reasons. License Eye attempted npm ci for the configured package.json input, but no root package.json or package-lock.json exists. It also reported four Go dependencies as Unknown because their license files were absent from the module archive or not recognized by its text matcher.

License declarations

  • github.com/xi2/xz: Unlicense classification for its explicit public-domain dedication
  • github.com/fatih/color: MIT
  • github.com/go-task/template: BSD-3-Clause
  • github.com/olekukonko/tablewriter: MIT

These are declarations, not exclusions. License Eye continues checking compatibility for these and all other dependencies. Each override is restricted to the exact version in go.mod.

Validation

  • Passed License Eye dependency check using apache/skywalking-eyes main at commit 29bd646002b6, matching the action used by CI
  • YAML syntax parsed successfully
  • git diff --check passed

@miki3421 miki3421 merged commit 51bb4b9 into apache:main Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant