license_tests: pip-license-checker v0.46.1 fails on PEP 639 packages

[mikejgray]

Summary

The shared license_tests.yml workflow is failing across repos (e.g. ovos-skill-laugh) with Error: Checker License sources not found for common, well-known packages:

click:8.3.1              Error    Error: Checker License sources not found
idna:3.11                Error    Error: Checker License sources not found
importlib_metadata:8.7.1 Error    Error: Checker License sources not found
RapidFuzz:3.14.3         Error    Error: Checker License sources not found
regex:2026.2.28          Error    Error: Checker License sources not found
typing_extensions:4.15.0 Error    Error: Checker License sources not found
urllib3:2.6.3            Error    Error: Checker License sources not found
zipp:3.23.0              Error    Error: Checker License sources not found

Root Cause

pilosus/action-pip-license-checker@v2 pins to pip-license-checker 0.46.1, which queries the PyPI JSON API for the old License metadata field. Many packages have migrated to PEP 639's License-Expression field. The checker doesn't understand this format, so it returns Error instead of the actual license string.

Since the workflow sets fail: 'Copyleft,Other,Error', every unresolved package fails the check.

Fix

Upgrade pilosus/action-pip-license-checker to v3 in .github/workflows/license_tests.yml. v3 adds support for the new PyPI metadata format.

Secondary Issue

The workflow passes branch: ${{ github.head_ref }} from calling repos. github.head_ref is only set on pull_request events — on push events it is empty, causing the checkout step to silently fall back to the commit SHA. This works by accident but is fragile. Consider defaulting to github.ref_name instead.