feat: update dependencies and bump go version (#26)

* feat: bump to a supported go version

* feat: replace godirwalk with upstream walkdir function

WalkDir avoids calling os.Lstat on every visited file or directory
and was introduced in go 1.16

* feat: replace pkgerr with upstream embed package

go 1.16 added the new embed package and pkger is archived

* feat: bump dependencies

* lint: regenerate notice file

* ci: do not install pkger
we are not using it anymore

* ci: checkout repo before setting up go

* fix: do not copy transport locks

assignment copies lock value to transport: net/http.Transport contains sync.Mutex

* feat: replace deprecated ioutil calls

* feat: inline funcitons

.github/workflows/build.yml

@@ -13,18 +13,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v4
+
     - name: Set up Go
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
       with:
-        go-version: 1.17
-      id: go
-
-    - name: Install pkger
-      run: |
-        go get -u github.com/markbates/pkger/cmd/pkger
-
-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
+        go-version-file: 'go.mod'
 
     - name: Generate assets
       run: |

.github/workflows/release.yml

@@ -9,18 +9,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v4
+
     - name: Set up Go
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v5
       with:
-        go-version: 1.17
-      id: go
-
-    - name: Install pkger
-      run: |
-        go get -u github.com/markbates/pkger/cmd/pkger
-
-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v2
+        go-version-file: 'go.mod'
 
     - name: Generate assets
       run: |

CONTRIBUTING.md

@@ -1,3 +1,3 @@
 ## Prerequisites
 
-To submit a PR, please ensure you run `make generate` to ensure the NOTICE file is up to date. This may require you have `pkger` installed already, which you can do with `go get github.com/markbates/pkger/cmd/pkger`.
+To submit a PR, please ensure you run `make generate` to ensure the NOTICE file is up to date.

NOTICE

@@ -258,79 +258,13 @@ Contents of probable licence file $GOMODCACHE/github.com/google/licenseclassifie
    limitations under the License.
 
 
---------------------------------------------------------------------------------
-Module  : github.com/karrick/godirwalk
-Version : v1.15.6
-Time    : 2020-04-08T22:16:01Z
-Licence : BSD-2-Clause
-
-Contents of probable licence file $GOMODCACHE/github.com/karrick/[email protected]/LICENSE:
-
-BSD 2-Clause License
-
-Copyright (c) 2017, Karrick McDermott
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
-
-* Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
---------------------------------------------------------------------------------
-Module  : github.com/markbates/pkger
-Version : v0.17.0
-Time    : 2020-06-03T18:03:53Z
-Licence : MIT
-
-Contents of probable licence file $GOMODCACHE/github.com/markbates/[email protected]/LICENSE:
-
-The MIT License (MIT)
-
-Copyright (c) 2019 Mark Bates
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
-
-
 --------------------------------------------------------------------------------
 Module  : github.com/stretchr/testify
-Version : v1.6.1
-Time    : 2020-06-05T10:48:45Z
+Version : v1.9.0
+Time    : 2024-02-29T14:36:18Z
 Licence : MIT
 
-Contents of probable licence file $GOMODCACHE/github.com/stretchr/testify@v1.6.1/LICENSE:
+Contents of probable licence file $GOMODCACHE/github.com/stretchr/testify@v1.9.0/LICENSE:
 
 MIT License
 
@@ -357,13 +291,13 @@ SOFTWARE.
 
 --------------------------------------------------------------------------------
 Module  : golang.org/x/mod
-Version : v0.18.0
-Time    : 2024-05-14T17:47:13Z
+Version : v0.20.0
+Time    : 2024-07-30T14:22:55Z
 Licence : BSD-3-Clause
 
-Contents of probable licence file $GOMODCACHE/golang.org/x/mod@v0.18.0/LICENSE:
+Contents of probable licence file $GOMODCACHE/golang.org/x/mod@v0.20.0/LICENSE:
 
-Copyright (c) 2009 The Go Authors. All rights reserved.
+Copyright 2009 The Go Authors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
@@ -375,7 +309,7 @@ notice, this list of conditions and the following disclaimer.
 copyright notice, this list of conditions and the following disclaimer
 in the documentation and/or other materials provided with the
 distribution.
-   * Neither the name of Google Inc. nor the names of its
+   * Neither the name of Google LLC nor the names of its
 contributors may be used to endorse or promote products derived from
 this software without specific prior written permission.
 
@@ -394,13 +328,13 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 --------------------------------------------------------------------------------
 Module  : golang.org/x/sync
-Version : v0.7.0
-Time    : 2024-03-04T17:26:02Z
+Version : v0.8.0
+Time    : 2024-07-16T16:06:58Z
 Licence : BSD-3-Clause
 
-Contents of probable licence file $GOMODCACHE/golang.org/x/sync@v0.7.0/LICENSE:
+Contents of probable licence file $GOMODCACHE/golang.org/x/sync@v0.8.0/LICENSE:
 
-Copyright (c) 2009 The Go Authors. All rights reserved.
+Copyright 2009 The Go Authors.
 
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are
@@ -412,7 +346,7 @@ notice, this list of conditions and the following disclaimer.
 copyright notice, this list of conditions and the following disclaimer
 in the documentation and/or other materials provided with the
 distribution.
-   * Neither the name of Google Inc. nor the names of its
+   * Neither the name of Google LLC nor the names of its
 contributors may be used to endorse or promote products derived from
 this software without specific prior written permission.
 

assets/assets.go

@@ -0,0 +1,26 @@
+// Licensed to Elasticsearch B.V. under one or more contributor
+// license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright
+// ownership. Elasticsearch B.V. licenses this file to you under
+// the Apache License, Version 2.0 (the "License"); you may
+// not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package assets // import "go.elastic.co/go-licence-detector/assets"
+
+import _ "embed"
+
+//go:embed licence.db
+var LicenceDB []byte
+
+//go:embed rules.json
+var Rules []byte

detector/detector.go

@@ -15,32 +15,30 @@
 // specific language governing permissions and limitations
 // under the License.
 
-//go:generate pkger -include=go.elastic.co/go-licence-detector:/assets -o=detector
-
 package detector // import "go.elastic.co/go-licence-detector/detector"
 
 import (
+	_ "embed"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
+	"io/fs"
+	"os"
 	"path/filepath"
 	"regexp"
 	"strings"
 	"time"
 
 	securejoin "github.com/cyphar/filepath-securejoin"
 	"github.com/google/licenseclassifier"
-	"github.com/karrick/godirwalk"
-	"github.com/markbates/pkger"
+	"go.elastic.co/go-licence-detector/assets"
 	"go.elastic.co/go-licence-detector/dependency"
 )
 
 const (
 	// detectionThreshold is the minimum confidence score required from the licence classifier.
 	detectionThreshold = 0.85
-	licenceDBPath      = "go.elastic.co/go-licence-detector:/assets/licence.db"
 )
 
 var errLicenceNotFound = errors.New("failed to detect licence")
@@ -63,7 +61,7 @@ type module struct {
 // NewClassifier creates a new instance of the licence classifier.
 func NewClassifier(dataPath string) (*licenseclassifier.License, error) {
 	if dataPath == "" {
-		return newClassiferFromEmbeddedDB()
+		return licenseclassifier.New(detectionThreshold, licenseclassifier.ArchiveBytes(assets.LicenceDB))
 	}
 
 	absPath, err := filepath.Abs(dataPath)
@@ -74,22 +72,6 @@ func NewClassifier(dataPath string) (*licenseclassifier.License, error) {
 	return licenseclassifier.New(detectionThreshold, licenseclassifier.Archive(absPath))
 }
 
-func newClassiferFromEmbeddedDB() (*licenseclassifier.License, error) {
-	f, err := pkger.Open(licenceDBPath)
-	if err != nil {
-		return nil, fmt.Errorf("failed to open bundled licence database: %w", err)
-	}
-
-	defer f.Close()
-
-	dbBytes, err := ioutil.ReadAll(f)
-	if err != nil {
-		return nil, fmt.Errorf("failed to read bundled licence database: %w", err)
-	}
-
-	return licenseclassifier.New(detectionThreshold, licenseclassifier.ArchiveBytes(dbBytes))
-}
-
 // Detect searches the dependencies on disk and detects licences.
 func Detect(data io.Reader, classifier *licenseclassifier.License, rules *Rules, overrides dependency.Overrides, includeIndirect bool) (*dependency.List, error) {
 	// parse the output of go mod list
@@ -287,18 +269,16 @@ func buildLicenceRegex() *regexp.Regexp {
 func findLicenceFile(root string, licenceRegex *regexp.Regexp) (string, error) {
 	errStopWalk := errors.New("stop walk")
 	var licenceFile string
-	err := godirwalk.Walk(root, &godirwalk.Options{
-		Callback: func(osPathName string, dirent *godirwalk.Dirent) error {
-			if licenceRegex.MatchString(dirent.Name()) {
-				if dirent.IsDir() {
-					return filepath.SkipDir
-				}
-				licenceFile = osPathName
-				return errStopWalk
+	err := filepath.WalkDir(root, func(osPathName string, dirent fs.DirEntry, err error) error {
+		if licenceRegex.MatchString(dirent.Name()) {
+			if dirent.IsDir() {
+				return filepath.SkipDir
 			}
-			return nil
-		},
-		Unsorted: false,
+			licenceFile = osPathName
+			return errStopWalk
+		}
+		return nil
+
 	})
 	if err != nil {
 		if errors.Is(err, errStopWalk) {
@@ -311,7 +291,7 @@ func findLicenceFile(root string, licenceRegex *regexp.Regexp) (string, error) {
 }
 
 func detectLicenceType(classifier *licenseclassifier.License, licenceFile string) (string, error) {
-	contents, err := ioutil.ReadFile(licenceFile)
+	contents, err := os.ReadFile(licenceFile)
 	if err != nil {
 		return "", fmt.Errorf("failed to read licence content from %s: %w", licenceFile, err)
 	}

detector/rules.go

@@ -20,46 +20,36 @@ package detector
 import (
 	"encoding/json"
 	"fmt"
-	"io"
-	"io/ioutil"
 	"os"
 
-	"github.com/markbates/pkger"
+	"go.elastic.co/go-licence-detector/assets"
 )
 
-const embeddedRulesFile = "go.elastic.co/go-licence-detector:/assets/rules.json"
-
 // rulesFile represents the structure of the rules file.
 type rulesFile struct {
-	Allowlist  []string `json:"allowlist"`
+	Allowlist []string `json:"allowlist"`
 	Maybelist []string `json:"maybelist"`
 }
 
 // Rules holds rules for the detector.
 type Rules struct {
-	AllowList  map[string]struct{}
+	AllowList map[string]struct{}
 	Maybelist map[string]struct{}
 }
 
 // LoadRules loads rules from the given path. Embedded rules file is loaded if the path is empty.
 func LoadRules(path string) (*Rules, error) {
-	var f io.ReadCloser
-	var err error
+	var ruleBytes []byte
 
 	if path == "" {
-		f, err = pkger.Open(embeddedRulesFile)
+		ruleBytes = assets.Rules
 	} else {
-		f, err = os.Open(path)
-	}
-
-	if err != nil {
-		return nil, fmt.Errorf("failed to open rules file: %w", err)
-	}
-	defer f.Close()
+		var err error
+		ruleBytes, err = os.ReadFile(path)
+		if err != nil {
+			return nil, fmt.Errorf("failed to read rules: %w", err)
+		}
 
-	ruleBytes, err := ioutil.ReadAll(f)
-	if err != nil {
-		return nil, fmt.Errorf("failed to read rules: %w", err)
 	}
 
 	var rf rulesFile
@@ -68,7 +58,7 @@ func LoadRules(path string) (*Rules, error) {
 	}
 
 	rules := &Rules{
-		AllowList:  make(map[string]struct{}, len(rf.Allowlist)),
+		AllowList: make(map[string]struct{}, len(rf.Allowlist)),
 		Maybelist: make(map[string]struct{}, len(rf.Maybelist)),
 	}