implement defaultCheckType to change behavior how dependency licenses are matched against allowedLicenses

The default behavior is that a dependency is fine when any of its
licenses are found inside allowedLicenses.

This fixes jk1#285

Author: balrok

README.md

@@ -85,6 +85,10 @@ licenseReport {
     // This is for the allowed-licenses-file in checkLicense Task
     // Accepts File, URL or String path to local or remote file
     allowedLicensesFile = new File("$projectDir/config/allowed-licenses.json")
+
+    // When ANY is set, it will not give an error if any license of a dependency is matched in allowedLicenses
+    // When ALL is set, it will give an error when not all licenses of a dependency are found in allowedLicenses
+    defaultCheckType = ANY
 }
 ```
 

src/main/groovy/com/github/jk1/license/LicenseReportExtension.groovy

@@ -15,6 +15,7 @@
  */
 package com.github.jk1.license
 
+import com.github.jk1.license.check.CheckType
 import com.github.jk1.license.filter.DependencyFilter
 import com.github.jk1.license.importer.DependencyDataImporter
 import com.github.jk1.license.render.ReportRenderer
@@ -41,6 +42,7 @@ class LicenseReportExtension {
     public String[] excludeGroups
     public String[] excludes
     public Object allowedLicensesFile
+    public CheckType defaultCheckType
 
     LicenseReportExtension(Project project) {
         unionParentPomLicenses = true
@@ -55,6 +57,7 @@ class LicenseReportExtension {
         excludes = []
         importers = []
         filters = []
+        defaultCheckType = CheckType.ANY
     }
 
     @Nested
@@ -104,6 +107,8 @@ class LicenseReportExtension {
         snapshot += excludes
         snapshot << 'unionParentPomLicenses'
         snapshot += unionParentPomLicenses
+        snapshot << "defaultCheckType"
+        snapshot += defaultCheckType
         snapshot.join("!")
     }
 

src/main/groovy/com/github/jk1/license/check/LicenseChecker.groovy

@@ -18,70 +18,80 @@ package com.github.jk1.license.check
 import groovy.json.JsonOutput
 import org.gradle.api.GradleException
 
+/**
+ * This class compares the found licences with the allowed licenses and creates a report for any missing license
+ */
 class LicenseChecker {
-
-    void checkAllDependencyLicensesAreAllowed(
-        Object allowedLicensesFile, File projectLicensesDataFile, File notPassedDependenciesOutputFile) {
+    static void checkAllDependencyLicensesAreAllowed(
+            Object allowedLicensesFile,
+            File projectLicensesDataFile,
+            File notPassedDependenciesOutputFile,
+            CheckType checkType) {
         List<Dependency> allDependencies = LicenseCheckerFileReader.importDependencies(projectLicensesDataFile)
         List<AllowedLicense> allowedLicenses = LicenseCheckerFileReader.importAllowedLicenses(allowedLicensesFile)
-        List<Dependency> notPassedDependencies = searchForNotAllowedDependencies(allDependencies, allowedLicenses)
+        List<Tuple2<Dependency, List<ModuleLicense>>> notPassedDependencies = getNotAllowedLicenses(allDependencies, allowedLicenses)
+        if (checkType == CheckType.ANY) {
+            // when we have ANY_MATCH check type, we will not show an error if any license is allowed
+            // this means: we are only interested in those dependencies where all licenses are not allowed
+            notPassedDependencies = notPassedDependencies.findAll { it.get(0).moduleLicenses == null || it.get(1).size() == it.get(0).moduleLicenses.size() }
+        }
         generateNotPassedDependenciesFile(notPassedDependencies, notPassedDependenciesOutputFile)
 
         if (!notPassedDependencies.isEmpty()) {
-            throw new GradleException("Some library licenses are not allowed.\n" +
-                "Read [$notPassedDependenciesOutputFile.path] for more information.")
+            throw new GradleException("Some library licenses are not allowed:\n" +
+                    "$notPassedDependenciesOutputFile.text\n\n" +
+                    "Read [$notPassedDependenciesOutputFile.path] for more information.")
         }
     }
 
-    private List<Dependency> searchForNotAllowedDependencies(
-        List<Dependency> dependencies, List<AllowedLicense> allowedLicenses) {
-        return dependencies.findAll { !isDependencyHasAllowedLicense(it, allowedLicenses) }
-    }
-
-    private void generateNotPassedDependenciesFile(
-        List<Dependency> notPassedDependencies, File notPassedDependenciesOutputFile) {
-        notPassedDependenciesOutputFile.text =
-            JsonOutput.prettyPrint(JsonOutput.toJson(
-                ["dependenciesWithoutAllowedLicenses": notPassedDependencies.collect { toAllowedLicenseList(it) }.flatten()]))
-    }
-
-    private boolean isDependencyHasAllowedLicense(Dependency dependency, List<AllowedLicense> allowedLicenses) {
-        for(allowedLicense in allowedLicenses) {
-            if (isDependencyMatchesAllowedLicense(dependency, allowedLicense)) return true
+    private static List<Tuple2<Dependency, List<ModuleLicense>>> getNotAllowedLicenses(List<Dependency> dependencies, List<AllowedLicense> allowedLicenses) {
+        List<Tuple2<Dependency, List<ModuleLicense>>> result = new ArrayList<>()
+        for (Dependency dependency : dependencies) {
+            List<AllowedLicense> perDependencyAllowedLicenses = allowedLicenses.findAll { isDependencyNameMatchesAllowedLicense(dependency, it) && isDependencyVersionMatchesAllowedLicense(dependency, it) }
+            // allowedLicense matches anything, so we don't need to further check
+            if (perDependencyAllowedLicenses.any { it.moduleLicense == null || it.moduleLicense == ".*" }) {
+                continue
+            }
+            def notAllowedLicenses = dependency.moduleLicenses.findAll { !isDependencyLicenseMatchesAllowedLicense(it, perDependencyAllowedLicenses) }
+            if (!notAllowedLicenses.isEmpty()) {
+                result.add(Tuple2.of(dependency, notAllowedLicenses))
+            }
         }
-        return false
+        return result
     }
 
-    private boolean isDependencyMatchesAllowedLicense(Dependency dependency, AllowedLicense allowedLicense) {
-        return isDependencyNameMatchesAllowedLicense(dependency, allowedLicense) &&
-            isDependencyLicenseMatchesAllowedLicense(dependency, allowedLicense) &&
-            isDependencyVersionMatchesAllowedLicense(dependency, allowedLicense)
+    private static void generateNotPassedDependenciesFile(
+            List<Tuple2<Dependency, List<ModuleLicense>>> notPassedDependencies, File notPassedDependenciesOutputFile) {
+        notPassedDependenciesOutputFile.text =
+                JsonOutput.prettyPrint(JsonOutput.toJson(
+                        ["dependenciesWithoutAllowedLicenses": notPassedDependencies.collect { toAllowedLicenseList(it.get(0), it.get(1)) }.flatten()]))
     }
 
-    private boolean isDependencyNameMatchesAllowedLicense(Dependency dependency, AllowedLicense allowedLicense) {
+    private static boolean isDependencyNameMatchesAllowedLicense(Dependency dependency, AllowedLicense allowedLicense) {
         return dependency.moduleName ==~ allowedLicense.moduleName || allowedLicense.moduleName == null ||
-            dependency.moduleName == allowedLicense.moduleName
+                dependency.moduleName == allowedLicense.moduleName
     }
 
-    private boolean isDependencyVersionMatchesAllowedLicense(Dependency dependency, AllowedLicense allowedLicense) {
+    private static boolean isDependencyVersionMatchesAllowedLicense(Dependency dependency, AllowedLicense allowedLicense) {
         return dependency.moduleVersion ==~ allowedLicense.moduleVersion || allowedLicense.moduleVersion == null ||
-            dependency.moduleVersion == allowedLicense.moduleVersion
+                dependency.moduleVersion == allowedLicense.moduleVersion
     }
 
-    private boolean isDependencyLicenseMatchesAllowedLicense(Dependency dependency, AllowedLicense allowedLicense) {
-        if (allowedLicense.moduleLicense == null || allowedLicense.moduleLicense == ".*") return true
+    private static boolean isDependencyLicenseMatchesAllowedLicense(ModuleLicense moduleLicense, List<AllowedLicense> allowedLicenses) {
+        for (AllowedLicense allowedLicense : allowedLicenses) {
+            if (allowedLicense.moduleLicense == null || allowedLicense.moduleLicense == ".*") return true
 
-        for (moduleLicenses in dependency.moduleLicenses)
-            if (moduleLicenses.moduleLicense ==~ allowedLicense.moduleLicense ||
-                moduleLicenses.moduleLicense == allowedLicense.moduleLicense) return true
+            if (moduleLicense.moduleLicense ==~ allowedLicense.moduleLicense ||
+                    moduleLicense.moduleLicense == allowedLicense.moduleLicense) return true
+        }
         return false
     }
 
-    private List<AllowedLicense> toAllowedLicenseList(Dependency dependency) {
-        if (dependency.moduleLicenses.isEmpty()) {
-            return [ new AllowedLicense(dependency.moduleName, dependency.moduleVersion, null) ]
+    private static List<AllowedLicense> toAllowedLicenseList(Dependency dependency, List<ModuleLicense> moduleLicenses) {
+        if (moduleLicenses.isEmpty()) {
+            return [new AllowedLicense(dependency.moduleName, dependency.moduleVersion, null)]
         } else {
-            return dependency.moduleLicenses.collect { new AllowedLicense(dependency.moduleName, dependency.moduleVersion, it.moduleLicense) }
+            return moduleLicenses.findAll { it }.collect { new AllowedLicense(dependency.moduleName, dependency.moduleVersion, it.moduleLicense) }
         }
     }
 }

src/main/groovy/com/github/jk1/license/check/LicenseCheckerModel.groovy

@@ -19,7 +19,7 @@ import groovy.transform.EqualsAndHashCode
 
 @EqualsAndHashCode
 class AllowedLicense {
-    String  moduleName, moduleLicense, moduleVersion
+    String moduleName, moduleLicense, moduleVersion
 
     AllowedLicense(String moduleName, String moduleVersion, String moduleLicense) {
         this.moduleName = moduleName
@@ -41,7 +41,7 @@ class Dependency {
     Dependency(Map dependencies) {
         this.moduleName = dependencies.moduleName
         this.moduleVersion = dependencies.moduleVersion
-        this.moduleLicenses = [ new ModuleLicense(dependencies.moduleLicense) ]
+        this.moduleLicenses = [new ModuleLicense(dependencies.moduleLicense)]
     }
 }
 
@@ -52,3 +52,15 @@ class ModuleLicense {
         this.moduleLicense = moduleLicense
     }
 }
+
+
+enum CheckType {
+    /**
+     * When checking the licenses of a dependency, it is allowed as long as one of them is inside the allowedLicenses
+     */
+    ANY,
+    /**
+     * When checking the licenses of a dependency, it is allowed when all of them are inside the allowedLicenses
+     */
+    ALL
+}

src/main/groovy/com/github/jk1/license/task/CheckLicenseTask.groovy

@@ -16,13 +16,16 @@
 package com.github.jk1.license.task
 
 import com.github.jk1.license.LicenseReportExtension
+import com.github.jk1.license.check.CheckType
 import com.github.jk1.license.check.LicenseChecker
 import org.gradle.api.DefaultTask
 import org.gradle.api.logging.Logger
 import org.gradle.api.logging.Logging
 import org.gradle.api.tasks.CacheableTask
 import org.gradle.api.tasks.Input
 import org.gradle.api.tasks.InputFile
+import org.gradle.api.tasks.InputFiles
+import org.gradle.api.tasks.Optional
 import org.gradle.api.tasks.OutputFile
 import org.gradle.api.tasks.PathSensitive
 import org.gradle.api.tasks.TaskAction
@@ -58,12 +61,21 @@ class CheckLicenseTask extends DefaultTask {
         new File("${config.absoluteOutputDir}/$NOT_PASSED_DEPENDENCIES_FILE")
     }
 
+    @Input
+    CheckType getDefaultCheckType() {
+        return config.defaultCheckType
+    }
+
     @TaskAction
     void checkLicense() {
         LOGGER.info("Startup CheckLicense for ${getProject().name}")
         LicenseChecker licenseChecker = new LicenseChecker()
         LOGGER.info("Check licenses if they are allowed to use.")
         licenseChecker.checkAllDependencyLicensesAreAllowed(
-            getAllowedLicenseFile(), getProjectDependenciesData(), notPassedDependenciesFile)
+                getAllowedLicenseFile(),
+                getProjectDependenciesData(),
+                notPassedDependenciesFile,
+                getDefaultCheckType()
+        )
     }
 }