Use Google's licensecheck to identify licenses

[fgksgf]

• Use Google's licensecheck to identify licenses, which is used by pkg.go.dev
• Add binary licenses by dep resolve (dogfooding)

[fgksgf]

When execute ./bin/darwin/license-eye dep resolve -o dist/licenses -s dist/LICENSE.tpl, got:

Failed to resolve the license of <github.com/kr/logfmt@v0.0.0-20140226030751-b84e30acd515>: cannot find license file 
Failed to resolve the license of <github.com/pascaldekloe/goe@v0.0.0-20180627143212-57f6aae5913c>: cannot identify the license, coverage: 21.6% 

Then I explored their repositories and found that they add their licenses recently, but the versions that we depend on do not have valid licenses.

So do we need add their current licenses or not? @kezhenxu94

[kezhenxu94]

When execute ./bin/darwin/license-eye dep resolve -o dist/licenses -s dist/LICENSE.tpl, got:

Failed to resolve the license of <github.com/kr/logfmt@v0.0.0-20140226030751-b84e30acd515>: cannot find license file 

Failed to resolve the license of <github.com/pascaldekloe/goe@v0.0.0-20180627143212-57f6aae5913c>: cannot identify the license, coverage: 21.6% 

Then I explored their repositories and found that they add their licenses recently, but the versions that we depend on do not have valid licenses.

So do we need add their current licenses or not? @kezhenxu94

Can we try to upgrade to the newer versions that have licenses? That would be more safe

[fgksgf]

Can we try to upgrade to the newer versions that have licenses? That would be more safe

Since we depend on them indirectly, I executed go get -u ./... && go mod tidy to upgrade all dependencies. Then we still have one dependency (indirect) that can not resolve the license:

Failed to resolve the license of <github.com/chzyer/logex@v1.1.10>: cannot find license file

[kezhenxu94]

Can we try to upgrade to the newer versions that have licenses? That would be more safe

Since we depend on them indirectly, I executed go get -u ./... && go mod tidy to upgrade all dependencies. Then we still have one dependency (indirect) that can not resolve the license:

Failed to resolve the license of <github.com/chzyer/logex@v1.1.10>: cannot find license file

@fgksgf I just wanted to suggest you to add the following config into .licenserc.yaml but found it doesn't work for this dependency due tu #108

dependency:
  files: #...
  licenses:
    - name: github.com/chzyer/logex
      version: v1.1.10
      license: MIT

[kezhenxu94]

For this kind of old dependencies, we need the licenses config to manually identify the licenses

[kezhenxu94]

This solution is much more neat than before and we don't have to maintain the ugly rules... Thanks for doing this @fgksgf just some nits that you might want to improve

[fgksgf]

Good catch, I will handle this at the weekend. @kezhenxu94