cocoapods-whitelist 0.3.0 → 0.5.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6da1231f35d7f1c52238b04c2768d659be74cd24d77e47dbfc01d412b78fdb96
-  data.tar.gz: b26d0408060bc95c389c13cca463ba0ae53c40c0fe2cf406e064018cc2640ee6
+  metadata.gz: df9811a2f73baf94fbffa4b66502c4b2d53235a661f29096662f5d3658584400
+  data.tar.gz: b8e55e5ea04eec1f3760ac15b0809d272ce723e18365bdc728abb01c01d1b206
 SHA512:
-  metadata.gz: cdeea15ed4860699ba65725fb5088c7c9072e0cf1fb1c9719855ebc0c6bfe9451aad0069422a886788f5bf35e6d12d4837eefd2d4d86d823d42db644fc80dcac
-  data.tar.gz: 5ea2bdfc77748180a2e0dc4fb0053d932edcaec433ce821a2abd39e269f451119ac4f94682257c2d214e814f0b4d6767adea628230987c3fec398d34f3546574
+  metadata.gz: ef87c35379e76239424379d9225cd8646e90ad91b3963ad6d3ae8b0fbc5e435f648bd03d5107709f61be6ccf18f700b381dc837a03e0abddfc920d50d17e1766
+  data.tar.gz: 218f8ab7fc4d67148255629f519302f8c90716664f0fabe2f62e20bdd628ed2a056bc388c82052545ef8a378760e352d9d9d6ccf2e006fb2ab6a245e63acf81c

data/.pre-commit-config.yaml

@@ -0,0 +1,15 @@
+repos:
+  # Websec hook is MANDATORY, DO NOT comment it.
+  - repo: https://github.com/melisource/fury_websec-git-hooks
+    rev: v1.1.0
+    hooks:
+      - id: pre_commit_hook
+        stages: [commit]
+      - id: post_commit_hook
+        stages: [post-commit]
+  - repo: https://github.com/melisource/fury_datasec-git-hooks
+    rev: 1.0.3
+    hooks:
+      - id: pre_commit_hook
+        stages: [commit]
+        verbose: true

data/.ruby-version

@@ -0,0 +1 @@
+3.1.4

data/CHANGELOG.md

@@ -1,3 +1,11 @@
+## 0.5.3
+### Changed
+- Get podspec specification functions changed to support KMP podspec path.
+
+## 0.4.0
+### Changed
+- Add "allows_granular_projects" flag to whitelist for support the projects specified
+
 ## 0.2.1
 ### Changed
 - Improve dependency injection message to inform the local source is being used.

data/Gemfile.lock

@@ -1,112 +1,119 @@
 PATH
   remote: .
   specs:
-    cocoapods-whitelist (0.2.0)
+    cocoapods-whitelist (0.5.1)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    CFPropertyList (3.0.3)
-    activesupport (5.2.4.5)
+    CFPropertyList (3.0.6)
+      rexml
+    activesupport (6.1.7.6)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    addressable (2.7.0)
-      public_suffix (>= 2.0.2, < 5.0)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
+    addressable (2.8.5)
+      public_suffix (>= 2.0.2, < 6.0)
     algoliasearch (1.27.5)
       httpclient (~> 2.8, >= 2.8.3)
       json (>= 1.5.1)
     atomos (0.1.3)
     bacon (1.2.0)
-    claide (1.0.3)
-    cocoapods (1.10.1)
-      addressable (~> 2.6)
+    claide (1.1.0)
+    cocoapods (1.13.0)
+      addressable (~> 2.8)
       claide (>= 1.0.2, < 2.0)
-      cocoapods-core (= 1.10.1)
+      cocoapods-core (= 1.13.0)
       cocoapods-deintegrate (>= 1.0.3, < 2.0)
-      cocoapods-downloader (>= 1.4.0, < 2.0)
+      cocoapods-downloader (>= 1.6.0, < 2.0)
       cocoapods-plugins (>= 1.0.0, < 2.0)
       cocoapods-search (>= 1.0.0, < 2.0)
-      cocoapods-trunk (>= 1.4.0, < 2.0)
+      cocoapods-trunk (>= 1.6.0, < 2.0)
       cocoapods-try (>= 1.1.0, < 2.0)
       colored2 (~> 3.1)
       escape (~> 0.0.4)
       fourflusher (>= 2.3.0, < 3.0)
       gh_inspector (~> 1.0)
-      molinillo (~> 0.6.6)
+      molinillo (~> 0.8.0)
       nap (~> 1.0)
-      ruby-macho (~> 1.4)
-      xcodeproj (>= 1.19.0, < 2.0)
-    cocoapods-core (1.10.1)
-      activesupport (> 5.0, < 6)
-      addressable (~> 2.6)
+      ruby-macho (>= 2.3.0, < 3.0)
+      xcodeproj (>= 1.23.0, < 2.0)
+    cocoapods-core (1.13.0)
+      activesupport (>= 5.0, < 8)
+      addressable (~> 2.8)
       algoliasearch (~> 1.0)
       concurrent-ruby (~> 1.1)
       fuzzy_match (~> 2.0.4)
       nap (~> 1.0)
       netrc (~> 0.11)
-      public_suffix
+      public_suffix (~> 4.0)
       typhoeus (~> 1.0)
-    cocoapods-deintegrate (1.0.4)
-    cocoapods-downloader (1.4.0)
+    cocoapods-deintegrate (1.0.5)
+    cocoapods-downloader (1.6.3)
     cocoapods-plugins (1.0.0)
       nap
-    cocoapods-search (1.0.0)
-    cocoapods-trunk (1.5.0)
+    cocoapods-search (1.0.1)
+    cocoapods-trunk (1.6.0)
       nap (>= 0.8, < 2.0)
       netrc (~> 0.11)
     cocoapods-try (1.2.0)
     colored2 (3.1.2)
-    concurrent-ruby (1.1.8)
+    concurrent-ruby (1.2.2)
     escape (0.0.4)
-    ethon (0.12.0)
-      ffi (>= 1.3.0)
-    ffi (1.14.2)
+    ethon (0.16.0)
+      ffi (>= 1.15.0)
+    ffi (1.16.3)
     fourflusher (2.3.1)
     fuzzy_match (2.0.4)
     gh_inspector (1.1.3)
     httpclient (2.8.3)
-    i18n (1.8.9)
+    i18n (1.14.1)
       concurrent-ruby (~> 1.0)
-    json (2.5.1)
-    minitest (5.14.4)
-    mocha (1.12.0)
+    json (2.6.3)
+    minitest (5.20.0)
+    mocha (2.1.0)
+      ruby2_keywords (>= 0.0.5)
     mocha-on-bacon (0.2.3)
       mocha (>= 0.13.0)
-    molinillo (0.6.6)
+    molinillo (0.8.0)
     nanaimo (0.3.0)
     nap (1.1.0)
     netrc (0.11.0)
     prettybacon (0.0.2)
       bacon (~> 1.2)
-    public_suffix (4.0.6)
+    public_suffix (4.0.7)
     rake (12.3.3)
-    ruby-macho (1.4.0)
-    thread_safe (0.3.6)
+    rexml (3.2.6)
+    ruby-macho (2.5.1)
+    ruby2_keywords (0.0.5)
     typhoeus (1.4.0)
       ethon (>= 0.9.0)
-    tzinfo (1.2.9)
-      thread_safe (~> 0.1)
-    xcodeproj (1.19.0)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    xcodeproj (1.23.0)
       CFPropertyList (>= 2.3.3, < 4.0)
       atomos (~> 0.1.3)
       claide (>= 1.0.2, < 2.0)
       colored2 (~> 3.1)
       nanaimo (~> 0.3.0)
+      rexml (~> 3.2.4)
+    zeitwerk (2.6.12)
 
 PLATFORMS
-  ruby
+  universal-darwin-22
 
 DEPENDENCIES
   bacon
   bundler (~> 2.0)
   cocoapods
   cocoapods-whitelist!
+  json
   mocha
   mocha-on-bacon
   prettybacon
   rake (~> 12.0)
 
 BUNDLED WITH
-   2.1.4
+   2.4.22

data/cocoapods-whitelist.gemspec

@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
   spec.email         = ['mobile@mercadolibre.com']
   spec.description   = %q{A short description of cocoapods-whitelist.}
   spec.summary       = %q{A longer description of cocoapods-whitelist.}
-  spec.homepage      = 'https://github.com/mercadolibre/mobile-cocoapods_whitelist'
+  spec.homepage      = 'https://github.com/melisource/mobile-cocoapods_whitelist'
   spec.license       = 'MIT'
 
   spec.files         = `git ls-files`.split($/)

data/lib/cocoapods-whitelist/client/whitelist_resolver.rb

@@ -1,4 +1,5 @@
 require 'singleton'
+require 'open-uri'
 require 'cocoapods-whitelist/model/allowed_dependency'
 
 class WhitelistResolver
@@ -26,7 +27,7 @@ class WhitelistResolver
 
     def load_whitelist
         begin
-            open(@whitelist_url) { |io|
+            URI.open(@whitelist_url) { |io|
                 buffer = io.read
                 @whitelist = parse_whitelist(buffer)
                 @whitelist_loaded = true
@@ -40,7 +41,14 @@ class WhitelistResolver
     def parse_whitelist(raw_whitelist)
         json = JSON.parse(raw_whitelist)
         return json["whitelist"].map { |dependencyJson|
-            AllowedDependency.new(dependencyJson["name"], dependencyJson["version"], dependencyJson["expire"], dependencyJson["source"], dependencyJson["target"])
+            AllowedDependency.new(
+                dependencyJson["name"],
+                dependencyJson["version"],
+                dependencyJson["expire"],
+                dependencyJson["source"],
+                dependencyJson["target"],
+                dependencyJson["allows_granular_projects"]
+            )
         }
     end
 end

data/lib/cocoapods-whitelist/command/whitelist.rb

@@ -47,7 +47,7 @@ module Pod
         load_excluded()
         specifications = get_podspec_specifications
 
-        if specifications.empty?
+        if specifications == nil || specifications.empty?
             UI.puts "No Podspec found".yellow
             return
         end
@@ -93,13 +93,27 @@ module Pod
             name.start_with?(item.name.match(POD_NAME_REGEX).captures[POD_BASE_REGEX_POSITION]) && (!item.version || versions.grep(/#{item.version}/).any?) && (item.target == 'production')
           }
 
-          # Checks if any of the allowed dependencies are expired, if so, fail with error
           allowedDependency.each { |dependency|
+
+            # Checks the granularity 
+            if dependency.allows_granular_projects != nil
+              granular_projects = dependency.allows_granular_projects.select { |granular_project|
+                granular_project == pod_name
+              }
+
+              if granular_projects.empty?
+                not_allowed.push("#{name} Reason: Granular dependency not allowed for this project.")
+                next
+              end
+            end
+          
+            # Checks if any of the allowed dependencies are expired, if so, fail with error
             if dependency.expire?
               not_allowed.push("#{name} Reason: Expired version. Please check the whitelist.")
             end
-          }
 
+          }
+          
           if allowedDependency.empty?
             not_allowed.push("#{name} (#{versions.join(", ")}) Reason: Specified version hasn't match any whitelisted version or Pod name is not valid")
             next
@@ -127,17 +141,17 @@ module Pod
         if @pospec_path
           return [Pod::Specification.from_file(@pospec_path)]
         end
-
-        # Search .podspec in current directory
-        podspecs = Dir.glob("./*.podspec")
-
-        if podspecs.count == 0
-          # Search .podspec in parent directory.
-          # Some projects has Podfile into a subdirectory ("Example"), and run "pod install" from there.
-          podspecs = Dir.glob("../*.podspec")
+        # 1 Arg = Search .podspec in current directory
+        # 2 Arg = Search .podspec in parent and sub directories. Some projects have Podfile into a subdirectory ("Example"), and run "pod install" from there.
+        # 3 Arg = Search .podspec in all directories
+        # 4 Arg = Search .podspec in parent and sub directories. Search is executed from children folder.
+        podspec_search_paths = ["./*.podspec", "../*.podspec", "./**/*.podspec", "../**/*.podspec"]
+        podspec_search_paths.each do |regex|
+          pod_specs = Dir.glob(regex)
+          if pod_specs.count != 0
+            return pod_specs.map { |path|  Pod::Specification.from_file(path) }
+          end
         end
-
-        return podspecs.map { |path|  Pod::Specification.from_file(path) }
       end
 
       def show_error_message(message)
@@ -163,6 +177,7 @@ module Pod
           FileUtils.mkdir_p(File.dirname(@outfile))
         end
       end
+
       ## Load a list of pods excluded from the validations, wrapped in ValidationExcluded.
       def load_excluded
         path = File.expand_path("../../exclude/excluded.json", __FILE__)
@@ -171,6 +186,7 @@ module Pod
         @excluded_list = parse_excluded(file)
         @excluded_list_loaded = true
       end
+      
       ## Aux function to populate the ValidationExcluded models from the JSON data.
       def parse_excluded(list)
         json = JSON.parse(list)

data/lib/cocoapods-whitelist/gem_version.rb

@@ -1,3 +1,3 @@
 module CocoapodsWhitelist
-  VERSION = "0.3.0"
+  VERSION = "0.5.3"
 end

data/lib/cocoapods-whitelist/model/allowed_dependency.rb

@@ -4,13 +4,15 @@ class AllowedDependency
     attr_accessor :expire
     attr_accessor :source
     attr_accessor :target
+    attr_accessor :allows_granular_projects
 
-    def initialize(name, version, expire, source, target)
+    def initialize(name, version, expire, source, target, allows_granular_projects)
       @name = name
       @version = version
       @expire = expire
       @source = source
       @target = target
+      @allows_granular_projects = allows_granular_projects
     end
   
     def expire?

data/spec/mocks/allowed_with_granular.podspec

@@ -0,0 +1,13 @@
+Pod::Spec.new do |s|
+  s.name         = "MLSearch"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+  s.dependency 'Analytics', '~>5.1'
+
+end

data/spec/mocks/not_allowed_with_granular.podspec

@@ -0,0 +1,13 @@
+Pod::Spec.new do |s|
+  s.name         = "MeliSDK"
+  s.version      = "3.17.0"
+  s.summary      = "Componente de search"
+  s.homepage     = "http://www.mercadolibre.com.ar"
+  s.license      = "none"
+  s.author       = { "Mobile team" => "mobile@mercadolibre.com" }
+  s.platform     = :ios, "7.0"
+  s.source       = { :git => "git@github.com:mercadolibre/search-ios.git", :tag => s.version.to_s }
+  s.requires_arc = true
+  s.dependency 'Analytics', '~>5.1'
+
+end

data/spec/mocks/whitelist.json

@@ -33,6 +33,14 @@
 			"name": "MLMyDependency",
 			"version": "1.0.0|2.0.0",
 			"target": "production"
+		},
+		{
+			"name": "Analytics",
+			"version": "^~>5.[0-9]+$",
+			"target": "production",
+			"allows_granular_projects": [
+				"MLSearch"
+			]
 		}
 	]
 }

data/spec/source_helper_spec.rb

@@ -6,11 +6,11 @@ describe SourceHelper do
 
             SourceHelper.instance.specs = [] # Avoid a non-empty SourceHelper
 
-            private_sources = [ "git@github.com:mercadolibre/mobile-ios_specs.git", "git@github.com:testable/testable_specs.git" ]
+            private_sources = [ "git@github.com:melisource/mobile-ios_specs.git", "git@github.com:testable/testable_specs.git" ]
             
             private_meli_specs = ["MyMELIPod1", "MyMELIPod2", "MyMELIPod3"]
             meli_mock = mock()
-            meli_mock.stubs(:url).returns("git@github.com:mercadolibre/mobile-ios_specs.git")
+            meli_mock.stubs(:url).returns("git@github.com:melisource/mobile-ios_specs.git")
             meli_mock.stubs(:pods).returns(private_meli_specs)
 
             private_cocoapods_cdn_specs = ["MyPublicPod1", "MyPublicPod2", "MyPublicPod2"]
@@ -38,11 +38,11 @@ describe SourceHelper do
 
             SourceHelper.instance.specs = [] # Avoid a non-empty SourceHelper
 
-            private_sources = [ "git@github.com:mercadolibre/mobile-ios_specs.git", "git@github.com:testable/testable_specs.git" ]
+            private_sources = [ "git@github.com:melisource/mobile-ios_specs.git", "git@github.com:testable/testable_specs.git" ]
             
             private_meli_specs = []
             meli_mock = mock()
-            meli_mock.stubs(:url).returns("git@github.com:mercadolibre/mobile-ios_specs.git")
+            meli_mock.stubs(:url).returns("git@github.com:melisource/mobile-ios_specs.git")
             meli_mock.stubs(:pods).returns(private_meli_specs)
 
             private_cocoapods_cdn_specs = []

data/spec/source_validator_spec.rb

@@ -4,7 +4,7 @@ describe SourceValidator do
     describe 'functionality' do
       it 'external dependency that comes from a public source should be valid' do
 
-        private_sources = [ "git@github.com:mercadolibre/mobile-ios_specs.git" ]
+        private_sources = [ "git@github.com:melisource/mobile-ios_specs.git" ]
         private_specs = ["MyPod1", "MyPod1", "MyPod3"]
 
         stub_url = stub(:url => 'https://cdn.cocoapods.org/')
@@ -20,7 +20,7 @@ describe SourceValidator do
       end
 
       it 'internal dependency that comes from a public source should not be valid' do
-        private_sources = [ "git@github.com:mercadolibre/mobile-ios_specs.git" ]
+        private_sources = [ "git@github.com:melisource/mobile-ios_specs.git" ]
         private_specs = ["MyPod1", "MyPod1", "MyPod3", "MyInternalPod"]
 
         stub_url = stub(:url => 'https://cdn.cocoapods.org/')
@@ -37,10 +37,10 @@ describe SourceValidator do
 
       it 'internal dependency that comes from private source should be valid' do
 
-        private_sources = [ "git@github.com:mercadolibre/mobile-ios_specs.git" ]
+        private_sources = [ "git@github.com:melisource/mobile-ios_specs.git" ]
         private_specs = ["MyPod1", "MyPod1", "MyPod3", "MyInternalPod"]
 
-        stub_url = stub(:url => 'git@github.com:mercadolibre/mobile-ios_specs.git')
+        stub_url = stub(:url => 'git@github.com:melisource/mobile-ios_specs.git')
         spec_mock = mock()
         spec_mock.stubs(:spec_source).returns(stub_url)
         spec_mock.stubs(:defined_in_file).returns(nil?)
@@ -54,7 +54,7 @@ describe SourceValidator do
 
       it 'development pods should be valid' do
 
-        private_sources = [ "git@github.com:mercadolibre/mobile-ios_specs.git" ]
+        private_sources = [ "git@github.com:melisource/mobile-ios_specs.git" ]
         private_specs = ["MyPod1", "MyPod1", "MyPod3", "MyInternalPod"]
 
         stub_url = stub(:url => '')

data/spec/whitelist_resolver_spec.rb

@@ -6,7 +6,7 @@ describe WhitelistResolver do
     describe 'functionality' do
         it 'whitelist should be loaded from an specific url' do
             whitelist = WhitelistResolver.instance.get_whitelist(WHITELIST_PATH)
-            whitelist.size.should.equal 6
+            whitelist.size.should.equal 7
         end
         
         it 'if not URL is specified, whitelist comes from default URL' do

data/spec/whitelist_spec.rb

@@ -171,6 +171,21 @@ module Pod
         command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}"])
         lambda { command.run }.should.not.raise
       end
+
+      it 'allowed granular dependency should be valid' do
+        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+        specification = Pod::Specification.from_file('./spec/mocks/allowed_with_granular.podspec')
+        command.expects(:get_podspec_specifications).returns([specification])
+        lambda { command.run }.should.not.raise Informative
+      end
+
+      it 'not allowed granular dependency should not be valid' do
+        command = Command.parse(['whitelist', "--config=#{WHITELIST_FILE}", "--fail-on-error"])
+        specification = Pod::Specification.from_file('./spec/mocks/not_allowed_with_granular.podspec')
+        command.expects(:get_podspec_specifications).returns([specification])
+        lambda { command.run }.should.raise Informative
+      end
+
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cocoapods-whitelist
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.5.3
 platform: ruby
 authors:
 - Mobile Team
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-03-22 00:00:00.000000000 Z
+date: 2024-01-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -47,6 +47,8 @@ extra_rdoc_files: []
 files:
 - ".circleci/config.yml"
 - ".gitignore"
+- ".pre-commit-config.yaml"
+- ".ruby-version"
 - CHANGELOG.md
 - Gemfile
 - Gemfile.lock
@@ -68,10 +70,12 @@ files:
 - lib/cocoapods-whitelist/model/validation_excluded.rb
 - lib/cocoapods-whitelist/validator/source_validator.rb
 - lib/cocoapods_plugin.rb
+- spec/mocks/allowed_with_granular.podspec
 - spec/mocks/bad_name.podspec
 - spec/mocks/free_version.podspec
 - spec/mocks/major_version_fixed.podspec
 - spec/mocks/not_allowed.podspec
+- spec/mocks/not_allowed_with_granular.podspec
 - spec/mocks/whitelist.json
 - spec/mocks/whitelist_with_expired_dependencies.json
 - spec/mocks/whitelisted_podname.podspec
@@ -95,7 +99,7 @@ files:
 - spec/spec_helper.rb
 - spec/whitelist_resolver_spec.rb
 - spec/whitelist_spec.rb
-homepage: https://github.com/mercadolibre/mobile-cocoapods_whitelist
+homepage: https://github.com/melisource/mobile-cocoapods_whitelist
 licenses:
 - MIT
 metadata: {}
@@ -114,15 +118,17 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.3
+rubygems_version: 3.0.9
 signing_key:
 specification_version: 4
 summary: A longer description of cocoapods-whitelist.
 test_files:
+- spec/mocks/allowed_with_granular.podspec
 - spec/mocks/bad_name.podspec
 - spec/mocks/free_version.podspec
 - spec/mocks/major_version_fixed.podspec
 - spec/mocks/not_allowed.podspec
+- spec/mocks/not_allowed_with_granular.podspec
 - spec/mocks/whitelist.json
 - spec/mocks/whitelist_with_expired_dependencies.json
 - spec/mocks/whitelisted_podname.podspec