Skip to content

Commit da1ad16

Browse files
lpcoxlpcox
authored
Add agentic workflow for daily GPL dependency detection (#902)
Implements automated daily scanning of go.mod dependencies to detect GPL-licensed packages (GPL, AGPL, LGPL) that may conflict with project licensing requirements. ## Workflow Capabilities - **Multi-source license detection**: Queries pkg.go.dev API, fetches LICENSE files via GitHub MCP, and pattern-matches SPDX identifiers - **Transitive dependency tracking**: Uses `go mod why` to trace GPL packages through the dependency graph - **Stateful operation**: Cache memory prevents duplicate issue creation and tracks resolutions across runs - **Actionable remediation**: Generated issues include dependency paths, license implications, alternative packages, and removal commands ## Configuration ```yaml schedule: daily # Fuzzy scheduling, auto-scattered permissions: read-all # Safe outputs for write operations network: [proxy.golang.org, ...] # Go ecosystem + GitHub API safe-outputs: create-issue: max 3 # New GPL dependencies add-comment: max 2 # Resolution tracking noop: # Silent success ``` ## Detection Scope Identifies all GPL-family licenses requiring review: - GPL-2.0/3.0 (all variants: only, or-later) - AGPL-3.0 (network use = distribution) - LGPL-2.0/2.1/3.0 (linking restrictions) Issues include full dependency path, license type, removal strategies, and verification commands. Comments on existing issues when GPL packages are removed. ## Files - `.github/workflows/gpl-dependency-checker.md` - Workflow definition (editable without recompilation) - `.github/workflows/gpl-dependency-checker.lock.yml` - Compiled GitHub Actions workflow <!-- START COPILOT CODING AGENT TIPS --> --- ✨ Let Copilot coding agent [set things up for you](https://github.com/github/gh-aw-mcpg/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot) — coding agent works faster and does higher quality work when set up for your repo.
2 parents 3a5f60d + b5a9417 commit da1ad16

2 files changed

Lines changed: 1563 additions & 0 deletions

File tree

0 commit comments

Comments
 (0)