bibliothecary 6.10.4 → 6.12.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/.circleci/config.yml +28 -0
  3. data/README.md +1 -0
  4. data/lib/bibliothecary.rb +2 -2
  5. data/lib/bibliothecary/parsers/conda.rb +3 -4
  6. data/lib/bibliothecary/parsers/maven.rb +17 -3
  7. data/lib/bibliothecary/parsers/npm.rb +23 -0
  8. data/lib/bibliothecary/parsers/nuget.rb +33 -1
  9. data/lib/bibliothecary/parsers/pypi.rb +29 -1
  10. data/lib/bibliothecary/runner.rb +19 -12
  11. data/lib/bibliothecary/version.rb +1 -1
  12. metadata +4 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a0fe6cf7ec6515474ae77b8675dce1e61fc29d66a7f01603cbd3d47da401810f
4
- data.tar.gz: cd9653505a89fe19e9524d980e845046c043e3d6147f9139a77f24f206ad5496
3
+ metadata.gz: 5353b0fbb338eaeec8f162cdcaf3e3d5750afc2ed82d23eddf13367f92ebd39c
4
+ data.tar.gz: f76ddb1b0bbcf754d65ad136a6c010f132a0b4e8cc1be0501525eafb2186beb6
5
5
  SHA512:
6
- metadata.gz: c3260f87303449999f892cb1f7a860eed43755800310772f2e4a2a55676f54a3170e2099da31a373ab1a3be31640101f2a830e76556552e8e16dd857337a290e
7
- data.tar.gz: 9d11c0d38c59222971e4515089f7a44e5e90379e9317d4176a54d6303131d8d30ff90ac23b069533f5b1556f11cf2bf5a9c53b867ebf5f088b44ea283d5f4c4b
6
+ metadata.gz: 473789f139eb246fcb13433c2307951f6d777db0e82a71179dace7a36f9b82903a655b82aa283844da41f85fc0c1ca1cb4c7845e9ce322295acd6b7f46639012
7
+ data.tar.gz: e30f25772c86b511ac390f739d6ff5e19e871a3269c272359f823233c9ab7d38ef3f537d8c7b08842016d2641ac90c4d0b2603b1d1e2503524613a91ad0b33e2
data/.circleci/config.yml ADDED
@@ -0,0 +1,28 @@
1
+ version: 2.1
2
+ orbs:
3
+ ruby: circleci/ruby@0.1.2
4
+
5
+ jobs:
6
+ test:
7
+ docker:
8
+ - image: circleci/ruby:2.6.6-stretch-node
9
+ executor: ruby/default
10
+ steps:
11
+ - checkout
12
+ - run:
13
+ name: Which bundler?
14
+ command: bundle -v
15
+ - ruby/bundle-install
16
+ - run:
17
+ name: Run specs
18
+ command: bundle exec rake spec
19
+ - run:
20
+ name: CodeClimate
21
+ command: bundle exec codeclimate-test-reporter
22
+
23
+ workflows:
24
+ version: 2.1
25
+ test:
26
+ jobs:
27
+ - test
28
+
data/README.md CHANGED
@@ -88,6 +88,7 @@ All available config options are in: https://github.com/librariesio/bibliothecar
88
88
  - *.nuspec
89
89
  - paket.lock
90
90
  - *.csproj
91
+ - project.assets.json
91
92
  - Bower
92
93
  - bower.json
93
94
  - CPAN
data/lib/bibliothecary.rb CHANGED
@@ -21,8 +21,8 @@ module Bibliothecary
21
21
  runner.load_file_list(path)
22
22
  end
23
23
 
24
- def self.init_package_manager(info)
25
- runner.init_package_manager(info)
24
+ def self.applicable_package_managers(info)
25
+ runner.applicable_package_managers(info)
26
26
  end
27
27
 
28
28
  def self.load_file_info_list(path)
data/lib/bibliothecary/parsers/conda.rb CHANGED
@@ -26,14 +26,13 @@ module Bibliothecary
26
26
  }
27
27
  end
28
28
 
29
- def self.parse_conda(info)
30
- dependencies = call_conda_parser_web(info, "manifest")[:manifest]
29
+ def self.parse_conda(info, kind = "manifest")
30
+ dependencies = call_conda_parser_web(info, kind)[kind.to_sym]
31
31
  dependencies.map { |dep| dep.merge(type: "runtime") }
32
32
  end
33
33
 
34
34
  def self.parse_conda_lockfile(info)
35
- dependencies = call_conda_parser_web(info, "lockfile")[:lockfile]
36
- dependencies.map { |dep| dep.merge(type: "runtime") }
35
+ parse_conda(info, "lockfile")
37
36
  end
38
37
 
39
38
  private_class_method def self.call_conda_parser_web(file_contents, kind)
data/lib/bibliothecary/parsers/maven.rb CHANGED
@@ -154,7 +154,7 @@ module Bibliothecary
154
154
  end
155
155
  def self.parse_maven_tree(file_contents)
156
156
  file_contents = file_contents.gsub(/\r\n?/, "\n")
157
- captures = file_contents.scan(/^\[INFO\](?:(?:\+-)|\||(?:\\-)|\s)+((?:[\w\.-]+:)+[\w\.\-]+)/).flatten.uniq
157
+ captures = file_contents.scan(/^\[INFO\](?:(?:\+-)|\||(?:\\-)|\s)+((?:[\w\.-]+:)+[\w\.\-${}]+)/).flatten.uniq
158
158
  captures.map do |item|
159
159
  parts = item.split(":")
160
160
  case parts.count
@@ -205,8 +205,8 @@ module Bibliothecary
205
205
  json = JSON.parse(response.body)
206
206
  return [] unless json['dependencies']
207
207
  json['dependencies'].map do |dependency|
208
- name = [dependency["group"], dependency["name"]].join(':')
209
- next unless name =~ (/[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+(\.[A-Za-z0-9_-])?\:[A-Za-z0-9_-]/)
208
+ name = gradle_dependency_name(dependency["group"], dependency["name"])
209
+ next unless name =~ /[\w-]+\.[\w_-]+(\.[\w-])?\:[\w-]/
210
210
  {
211
211
  name: name,
212
212
  requirement: dependency["version"],
@@ -215,6 +215,20 @@ module Bibliothecary
215
215
  end.compact
216
216
  end
217
217
 
218
+ def self.gradle_dependency_name(group, name)
219
+ if group.empty? && name.include?(":")
220
+ group, name = name.split(":", 2)
221
+ end
222
+
223
+ # Strip comments, and single/doublequotes
224
+ [group, name].map do |part|
225
+ part
226
+ .gsub(/\s*\/\/.*$/, "") # Comments
227
+ .gsub(/^["']/, "") # Beginning single/doublequotes
228
+ .gsub(/["']$/, "") # Ending single/doublequotes
229
+ end.join(":")
230
+ end
231
+
218
232
  def self.extract_pom_info(xml, location, parent_properties = {})
219
233
  extract_pom_dep_info(xml, xml, location, parent_properties)
220
234
  end
data/lib/bibliothecary/parsers/npm.rb CHANGED
@@ -22,6 +22,10 @@ module Bibliothecary
22
22
  match_filename("package-lock.json") => {
23
23
  kind: 'lockfile',
24
24
  parser: :parse_package_lock
25
+ },
26
+ match_filename("npm-ls.json") => {
27
+ kind: 'lockfile',
28
+ parser: :parse_ls
25
29
  }
26
30
  }
27
31
  end
@@ -75,6 +79,25 @@ module Bibliothecary
75
79
  }
76
80
  end
77
81
  end
82
+
83
+ def self.parse_ls(file_contents)
84
+ manifest = JSON.parse(file_contents)
85
+
86
+ transform_tree_to_array(manifest.fetch('dependencies', {}))
87
+ end
88
+
89
+ private_class_method def self.transform_tree_to_array(deps_by_name)
90
+ deps_by_name.map do |name, metadata|
91
+ [
92
+ {
93
+ name: name,
94
+ requirement: metadata["version"],
95
+ lockfile_requirement: metadata.fetch("from", "").split('@').last,
96
+ type: "runtime"
97
+ }
98
+ ] + transform_tree_to_array(metadata.fetch("dependencies", {}))
99
+ end.flatten(1)
100
+ end
78
101
  end
79
102
  end
80
103
  end
data/lib/bibliothecary/parsers/nuget.rb CHANGED
@@ -35,7 +35,11 @@ module Bibliothecary
35
35
  match_filename("paket.lock") => {
36
36
  kind: 'lockfile',
37
37
  parser: :parse_paket_lock
38
- }
38
+ },
39
+ match_filename("project.assets.json") => {
40
+ kind: 'lockfile',
41
+ parser: :parse_project_assets_json
42
+ },
39
43
  }
40
44
  end
41
45
 
@@ -137,6 +141,34 @@ module Bibliothecary
137
141
  # we only have to enforce uniqueness by name because paket ensures that there is only the single version globally in the project
138
142
  packages.uniq {|package| package[:name] }
139
143
  end
144
+
145
+ def self.parse_project_assets_json(file_contents)
146
+ manifest = JSON.parse file_contents
147
+
148
+ frameworks = {}
149
+ manifest.fetch("targets",[]).each do |framework, deps|
150
+ frameworks[framework] = deps
151
+ .select { |name, details| details["type"] == "package" }
152
+ .map do |name, details|
153
+ name_split = name.split("/")
154
+ {
155
+ name: name_split[0],
156
+ requirement: name_split[1],
157
+ type: "runtime"
158
+ }
159
+ end
160
+ end
161
+
162
+ if frameworks.size > 0
163
+ # we should really return multiple manifests, but bibliothecary doesn't
164
+ # do that yet so at least pick deterministically.
165
+
166
+ # Note, frameworks can be empty, so remove empty ones and then return the last sorted item if any
167
+ frameworks = frameworks.delete_if { |k, v| v.empty? }
168
+ return frameworks[frameworks.keys.sort.last] unless frameworks.empty?
169
+ end
170
+ []
171
+ end
140
172
  end
141
173
  end
142
174
  end
data/lib/bibliothecary/parsers/pypi.rb CHANGED
@@ -39,7 +39,24 @@ module Bibliothecary
39
39
  match_filename("poetry.lock") => {
40
40
  kind: 'lockfile',
41
41
  parser: :parse_poetry_lock
42
- }
42
+ },
43
+ # Pip dependencies can be embedded in conda environment files
44
+ match_filename("environment.yml") => {
45
+ parser: :parse_conda,
46
+ kind: "manifest",
47
+ },
48
+ match_filename("environment.yaml") => {
49
+ parser: :parse_conda,
50
+ kind: "manifest",
51
+ },
52
+ match_filename("environment.yml.lock") => {
53
+ parser: :parse_conda,
54
+ kind: "lockfile",
55
+ },
56
+ match_filename("environment.yaml.lock") => {
57
+ parser: :parse_conda,
58
+ kind: "lockfile",
59
+ },
43
60
  }
44
61
  end
45
62
 
@@ -53,6 +70,17 @@ module Bibliothecary
53
70
  map_dependencies(manifest['dependencies'], 'runtime') + map_dependencies(manifest['dev-dependencies'], 'develop')
54
71
  end
55
72
 
73
+ def self.parse_conda(file_contents)
74
+ contents = YAML.safe_load(file_contents)
75
+ return [] unless contents
76
+
77
+ dependencies = contents["dependencies"]
78
+ pip = dependencies.find { |dep| dep.is_a?(Hash) && dep["pip"]}
79
+ return [] unless pip
80
+
81
+ Pypi.parse_requirements_txt(pip["pip"].join("\n"))
82
+ end
83
+
56
84
  def self.map_dependencies(packages, type)
57
85
  return [] unless packages
58
86
  packages.map do |name, info|
data/lib/bibliothecary/runner.rb CHANGED
@@ -32,14 +32,9 @@ module Bibliothecary
32
32
  load_file_info_list(path).map { |info| info.full_path }
33
33
  end
34
34
 
35
- def init_package_manager(info)
36
- # set the package manager on each info
37
- matches = package_managers.select { |pm| pm.match_info?(info) }
38
-
39
- info.package_manager = matches[0] if matches.length == 1
40
-
41
- # this is a bug at the moment if it's raised (we don't handle it sensibly)
42
- raise "Multiple package managers fighting over #{info.relative_path}: #{matches.map(&:to_s)}" if matches.length > 1
35
+ def applicable_package_managers(info)
36
+ managers = package_managers.select { |pm| pm.match_info?(info) }
37
+ managers.length > 0 ? managers : [nil]
43
38
  end
44
39
 
45
40
  def package_managers
@@ -48,29 +43,41 @@ module Bibliothecary
48
43
 
49
44
  def load_file_info_list_from_paths(paths)
50
45
  file_list = []
46
+
51
47
  paths.each do |path|
52
48
  info = FileInfo.new(nil, path)
53
49
 
54
50
  next if ignored_files.include?(info.relative_path)
55
51
 
56
- init_package_manager(info)
57
- file_list.push(info)
52
+ applicable_package_managers(info).each do |package_manager|
53
+ file = info.dup
54
+ file.package_manager = package_manager
55
+
56
+ file_list.push(file)
57
+ end
58
58
  end
59
+
59
60
  file_list
60
61
  end
61
62
 
62
63
  def load_file_info_list(path)
63
64
  file_list = []
65
+
64
66
  Find.find(path) do |subpath|
65
67
  info = FileInfo.new(path, subpath)
68
+
66
69
  Find.prune if FileTest.directory?(subpath) && ignored_dirs.include?(info.relative_path)
67
70
  next unless FileTest.file?(subpath)
68
71
  next if ignored_files.include?(info.relative_path)
69
72
 
70
- init_package_manager(info)
73
+ applicable_package_managers(info).each do |package_manager|
74
+ file = info.dup
75
+ file.package_manager = package_manager
71
76
 
72
- file_list.push(info)
77
+ file_list.push(file)
78
+ end
73
79
  end
80
+
74
81
  file_list
75
82
  end
76
83
 
data/lib/bibliothecary/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Bibliothecary
2
- VERSION = "6.10.4"
2
+ VERSION = "6.12.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: bibliothecary
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.10.4
4
+ version: 6.12.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Nesbitt
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-03-19 00:00:00.000000000 Z
11
+ date: 2021-05-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: toml-rb
@@ -216,6 +216,7 @@ executables:
216
216
  extensions: []
217
217
  extra_rdoc_files: []
218
218
  files:
219
+ - ".circleci/config.yml"
219
220
  - ".codeclimate.yml"
220
221
  - ".github/CONTRIBUTING.md"
221
222
  - ".gitignore"
@@ -288,7 +289,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
288
289
  - !ruby/object:Gem::Version
289
290
  version: '0'
290
291
  requirements: []
291
- rubygems_version: 3.0.3
292
+ rubygems_version: 3.1.2
292
293
  signing_key:
293
294
  specification_version: 4
294
295
  summary: Find and parse manifests