license_finder 0.5.0 → 0.6.0

data/.travis.yml

@@ -0,0 +1,22 @@
+rvm:
+  - 1.9.3
+  - 1.9.2
+  - jruby-18mode
+  - jruby-19mode
+  - rbx-18mode
+  - rbx-19mode
+  - ruby-head
+  - jruby-head
+  - 1.8.7
+  - ree
+
+matrix:
+  allow_failures:
+    - rvm: jruby-18mode
+    - rvm: jruby-19mode
+    - rvm: rbx-18mode
+    - rvm: rbx-19mode
+    - rvm: ruby-head
+    - rvm: jruby-head
+    - rvm: 1.8.7
+    - rvm: ree

data/README.markdown

@@ -1,38 +1,61 @@
 # License Finder
 
 [![Build Status](https://secure.travis-ci.org/pivotal/LicenseFinder.png)](http://travis-ci.org/pivotal/LicenseFinder)
+[![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/pivotal/LicenseFinder)
 
 With bundler it's easy for your project to depend on many gems.  This decomposition is nice, but managing licenses becomes difficult.  This tool gathers info about the licenses of the gems in your project.
 
 ## Installation
-=====
 
 Add license_finder to your Rails project's Gemfile and `bundle`:
 
 ```ruby
-gem 'license_finder', :git => "https://github.com/pivotal/LicenseFinder.git"
+gem 'license_finder'
 ```
 
-Now, initialize license finder:
+## Usage
+
+License finder will generate reports of action items - i.e., dependencies that do not fall within your license "whitelist".
 
 ```sh
-$ bundle exec rake license:init
+$ bundle exec license_finder
 ```
 
-This will create a `config/license_finder.yml` file that lets you configure license finder.
-This is where you should add licenses which are allowed on the project, so they will be automatically approved.
+The first time you run this, `license_finder` will create a default configuration file `./config/license_finder.yml`:
 
-## Usage
 
-Once you've whitelisted licenses, you can then tell license finder to analyze your Gemfile and generate a list of
-dependencies that have non-whitelisted licenses:
+```yaml
+---
+whitelist:
+#- MIT
+#- Apache 2.0
+ignore_groups:
+#- test
+#- development
+```
+
+This allows you to configure bundler groups and add licenses to the whitelist.
 
-```sh
-$ bundle exec rake license:action_items
+On a brand new Rails project, you could expect `license_finder` to output something like the following
+(assuming you whitelisted the MIT license in your `config/license_finder.yml`):
+
+```
+Dependencies that need approval:
+
+highline, 1.6.14, ruby
+json, 1.7.5, ruby
+mime-types, 1.19, ruby
+rails, 3.2.8, other
+rdoc, 3.12, other
+rubyzip, 0.9.9, ruby
+xml-simple, 1.1.1, other
 ```
 
-This will write out a dependencies.yml and dependencies.txt file in the root of your project, as well as
-output a list of unapproved dependencies to the console. It will also return a non-zero exit status if there
+The executable task will also write out a dependencies.yml, dependencies.txt, and dependencies.html file in the root of your project.
+
+The latter two files are human readable reports that you could send to your non-technical business partners, lawyers, etc.
+
+`license_finder` will also return a non-zero exit status if there are
 unapproved dependencies. You could use this in a CI build, for example, to alert you whenever someone adds an
 unapproved dependency to the project.
 
@@ -41,15 +64,15 @@ and then edited the resulting file).
 
 ### Manually approving dependencies
 
-Whenever you have a dependency that falls outside of your whitelist, `rake license:action_items` will tell you.
+Whenever you have a dependency that falls outside of your whitelist, `license_finder` will tell you.
 If your business decides that this is an acceptable risk, you can manually approve the dependency by finding its
 section in the `dependencies.yml` file and setting its `approved` attribute to true. For example, lets assume you've only
 whitelisted the "MIT" license in your `config/license_finder.yml`. You then add the 'awesome_gpl_gem' to your Gemfile,
-which we'll assume is licensed with the `GPL` license. You then run `rake license_finder:action_items` and see
+which we'll assume is licensed with the `GPL` license. You then run `license_finder` and see
 the gem listed in the output:
 
 ```txt
-awesome_gpl_gem 1.0.0, GPL
+awesome_gpl_gem, 1.0.0, GPL
 ```
 
 Your business tells you that in this case, it's acceptable to use this gem. You should now update your `dependencies.yml`
@@ -62,7 +85,7 @@ file, setting the `approved` attribute to `true` for the `awesome_gpl_gem` secti
   approved: true
 ```
 
-If you rerun `rake license:action_items`, you should no longer see `awesome_gpl_gem` in the output.
+If you rerun `license_finder`, you should no longer see `awesome_gpl_gem` in the output.
 
 
 ## Manually managing Javascript Dependencies
@@ -82,89 +105,26 @@ You could then update the "approved" attribute to true once you have signoff fro
 remember any manually added licenses between successive runs.
 
 
-## Usage outside Rails
-
-As a standalone script:
-
-```sh
-$ git clone http://github.com/pivotal/LicenseFinder.git license_finder
-$ cd /path/to/your/project
-$ /path/to/license_finder/bin/license_finder
-```
-
-Optionally add `--with-licenses` to include the full text of the licenses in the output.
-
+## Usage with Rake
 
-## Sample Output
+First, add license finder to your project's Gemfile:
 
-File: `config/license_finder.yml`:
-
-```yaml
----
-whitelist:
-- MIT
-- Apache 2.0
-ignore_groups:
-- test
-- development
+```ruby
+gem "license_finder"
 ```
 
-File: `dependencies.yml`:
-
-```yaml
----
-- name: "json_pure"
-  version: "1.5.1"
-  license: "other"
-  approved: false
+Next, update your project's Rakefile with the license finder rake task:
 
-- name: "rake"
-  version: "0.8.7"
-  license: "MIT"
-  approved: true
+```ruby
+require 'bundler/setup'
+require 'license_finder'
+LicenseFinder.load_rake_tasks
 ```
 
-File: `dependencies.txt`:
-
-    json_pure 1.5.1, other
-    rake 0.8.7, MIT
+You can now run `bundle exec rake license_finder`. This is the equivalent of running `bundle exec license_finder`.
 
-File: `bin/license_finder`:
-
-```yaml
----
-json_pure 1.5.1:
-  dependency_name: json_pure
-  dependency_version: 1.5.1
-  install_path: /some/path/.rvm/gems/ruby-1.9.2-p180/gems/json_pure-1.5.1
-  license_files:
-  - file_name: COPYING
-    header_type: other
-    body_type: other
-    disclaimer_of_liability: other
-  - file_name: COPYING-json-jruby
-    header_type: other
-    body_type: other
-    disclaimer_of_liability: other
-  readme_files:
-  - file_name: README
-    mentions_license: true
-  - file_name: README-json-jruby.markdown
-    mentions_license: false
----
-rake 0.8.7:
-  dependency_name: rake
-  dependency_version: 0.8.7
-  install_path: /some/path/.rvm/gems/ruby-1.9.2-p180/gems/rake-0.8.7
-  license_files:
-  - file_name: MIT-LICENSE
-    header_type: other
-    body_type: mit
-    disclaimer_of_liability: "mit: THE AUTHORS OR COPYRIGHT HOLDERS"
-  readme_files:
-  - file_name: README
-    mentions_license: true
-```
+This could be handy if you have a build for CI that you want to break when you have unapproved dependencies. The
+rake task will `exit 1` immediately if there are unapproved dependencies, stopping your build dead in its tracks!
 
 ## A note to gem authors / maintainers
 
@@ -178,3 +138,7 @@ end
 ```
 
 And add a `LICENSE` file to your gem that contains your license text.
+
+## License
+
+LicenseFinder is released under the terms of the MIT License. http://www.opensource.org/licenses/mit-license

data/Rakefile

@@ -18,4 +18,4 @@ Cucumber::Rake::Task.new(:features) do |t|
   t.cucumber_opts = "features --format pretty"
 end
 
-task default: [:spec, :features]
+task :default => [:spec, :features]

data/bin/license_finder

@@ -1,4 +1,4 @@
 #!/usr/bin/env ruby
 
 require 'license_finder'
-LicenseFinder::CLI.new.check_for_action_items
+LicenseFinder::CLI.check_for_action_items

data/features/approve_dependencies.feature

@@ -0,0 +1,49 @@
+Feature: Approving non-whitelisted Dependencies
+  So that I can track the dependencies of my application which my business has approved
+  As an application developer using license finder
+  I want to be able to manually approve dependencies that have licenses which fall outside of my whitelist
+
+  Scenario: Manually approving a non-whitelisted dependency
+    Given I have an app with license finder
+    And my app depends on a gem "gpl_gem" licensed with "GPL"
+    And I whitelist the "MIT" license
+
+    When I run "license_finder"
+    Then I should see the following settings for "gpl_gem":
+      """
+      version: "0.0.0"
+      license: "GPL"
+      approved: false
+      """
+
+    When I update the settings for "gpl_gem" with the following content:
+      """
+      approved: true
+      """
+    When I run "license_finder"
+    Then I should not see "gpl_gem" in its output
+
+  Scenario: Manually adding a non-bundled dependency
+    Given I have an app with license finder
+    When I run "license_finder"
+    And I add the following content to "dependencies.yml":
+      """
+      - name: "my_javascript_library"
+        version: "0.0.0"
+        license: "GPL"
+        approved: false
+      """
+    Then I should see the following settings for "my_javascript_library":
+      """
+      version: "0.0.0"
+      license: "GPL"
+      approved: false
+      """
+    When I run "license_finder"
+    Then I should see "my_javascript_library" in its output
+    When I update the settings for "my_javascript_library" with the following content:
+      """
+      approved: true
+      """
+    When I run "license_finder"
+    Then I should not see "my_javascript_library" in its output

data/features/html_report.feature

@@ -0,0 +1,48 @@
+Feature: HTML Report
+  So that I can easily view a report outlining my application dependencies and licenses
+  As a non-technical application product owner
+  I want license finder to generate an easy-to-understand HTML report
+
+  Background:
+    Given I have an app with license finder
+
+  Scenario: Dependency details listed in HTML report
+    Given my application depends on a gem "mit_licensed_gem" with:
+      | license | summary     | description | version | homepage                           | bundler_groups |
+      | MIT     | mit is cool | seriously   | 0.0.1   | http://mit_licensed_gem.github.com | test           |
+    When I run "license_finder"
+    And I should see the "mit_licensed_gem" in the html with the following details:
+      | license | summary     | description | name                    | bundler_groups |
+      | MIT     | mit is cool | seriously   | mit_licensed_gem v0.0.1 | test           |
+    And the text "MIT" should link to "http://opensource.org/licenses/mit-license"
+    And the text "mit_licensed_gem" should link to "http://mit_licensed_gem.github.com"
+
+  Scenario: Approval status of dependencies indicated in HTML report
+    Given my app depends on a gem "gpl_licensed_gem" licensed with "GPL"
+    And my app depends on a gem "mit_licensed_gem" licensed with "MIT"
+    And I whitelist the "MIT" license
+    When I run "license_finder"
+    Then I should see the "gpl_licensed_gem" in the html flagged as "unapproved"
+    And I should see the "mit_licensed_gem" in the html flagged as "approved"
+
+  Scenario: Dependency summary
+    Given my app depends on a gem "gpl_licensed_gem" licensed with "GPL"
+    And my app depends on a gem "mit_licensed_gem" licensed with "MIT"
+    And I whitelist the following licenses: "MIT, other"
+    When I run "license_finder"
+    # rake, bundler, license_finder, my_app, gpl_licensed_gem, mit_licensed_gem
+    Then I should see "6 total" in the html
+    # gpl_licensed_gem
+    And I should see "1 unapproved" in the html
+    # gpl_licensed_gem
+    And I should see "1 GPL" in the html
+
+  Scenario: Implicit dependencies list their parent dependencies
+    Given I have a rails app with license finder
+    When I run "license_finder"
+    Then I should see the "activerecord" in the html with the following details:
+      | parent |
+      | rails  |
+    And I should see "rails" in the html with the following details:
+      | children     |
+      | activerecord |

data/features/license_finder.feature

@@ -0,0 +1,36 @@
+Feature: License Finder command line executable
+  So that I can report and manage my application's dependencies and licenses to my business
+  As an application developer
+  I want a command-line interface
+
+  Scenario: Running without a configuration file
+    Given I have an app with license finder
+    And my app does not have a "config" directory
+    When I run "license_finder"
+    Then I should see a "config" directory
+    And I should see the file "config/license_finder.yml" with the following content:
+      """
+      ---
+      whitelist:
+      #- MIT
+      #- Apache 2.0
+      ignore_groups:
+      #- test
+      #- development
+      dependencies_file_dir: './'
+      """
+
+  Scenario: Auditing an application with non-whitelisted licenses
+    Given I have an app with license finder
+    And my app depends on a gem "mit_licensed_gem" licensed with "MIT"
+    When I run "license_finder"
+    Then it should exit with status code 1
+    And I should see "mit_licensed_gem" in its output
+
+  Scenario: Auditing an application with whitelisted licenses
+    Given I have an app with license finder
+    And my app depends on a gem "mit_licensed_gem" licensed with "MIT"
+    And I whitelist the following licenses: "MIT, other"
+    When I run "license_finder"
+    Then it should exit with status code 0
+    And I should see "All gems are approved for use" in its output

data/features/license_finder_rake_task.feature

@@ -0,0 +1,36 @@
+Feature: License Finder command line executable
+  So that I can report and manage my application's dependencies and licenses to my business
+  As an application developer
+  I want a command-line interface
+
+  Scenario: Running without a configuration file
+    Given I have an app with rake and license finder
+    And my app does not have a "config" directory
+    When I run "rake license_finder"
+    Then I should see a "config" directory
+    And I should see the file "config/license_finder.yml" with the following content:
+      """
+      ---
+      whitelist:
+      #- MIT
+      #- Apache 2.0
+      ignore_groups:
+      #- test
+      #- development
+      dependencies_file_dir: './'
+      """
+
+  Scenario: Auditing an application with non-whitelisted licenses
+    Given I have an app with rake and license finder
+    And my app depends on a gem "mit_licensed_gem" licensed with "MIT"
+    When I run "rake license_finder"
+    Then it should exit with status code 1
+    And I should see "mit_licensed_gem" in its output
+
+  Scenario: Auditing an application with whitelisted licenses
+    Given I have an app with rake and license finder
+    And my app depends on a gem "mit_licensed_gem" licensed with "MIT"
+    And I whitelist the following licenses: "MIT, other"
+    When I run "rake license_finder"
+    Then it should exit with status code 0
+    And I should see "All gems are approved for use" in its output

data/features/rails_rake.feature

@@ -0,0 +1,9 @@
+Feature: The rake task is automatically made available in Rails project
+  So that I do not have to modify the Rails rakefile
+  As an application developer
+  I want the license_finder rake task automatically loaded for me in a rails project
+
+  Scenario: The application is a Rails app
+    Given I have a rails app with license finder
+    When I run "rake license_finder"
+    Then I should see "Dependencies that need approval:" in its output

data/features/step_definitions/steps.rb

@@ -1,41 +1,39 @@
 require 'fileutils'
+require 'capybara'
 
-Given /^I have a rails application with license finder$/ do
-  @user = DSL::User.new
+Given /^I have a rails app(?:lication)? with license finder$/ do
+  @user = ::DSL::User.new
   @user.create_rails_app
 end
 
-Given /^I have an application with license finder$/ do
-  @user = DSL::User.new
+Given /^I have an app(?:lication)? with license finder$/ do
+  @user = ::DSL::User.new
   @user.create_nonrails_app
 end
 
 
-Given /^I have an application setup with rake and license finder$/ do
-  @user = DSL::User.new
+Given /^I have an app(?:lication)? with rake and license finder$/ do
+  @user = ::DSL::User.new
   @user.create_nonrails_app
   @user.add_license_finder_to_rakefile
-  @user.execute_command "rake license:init"
 end
 
-Given /^my application does not have a config directory$/ do
-  FileUtils.rm_rf(@user.config_path)
-  File.exists?(@user.config_path).should be_false
-end
+Given /^my app(?:lication)? does not have a "([^"]+)" directory$/ do |name|
+  path = @user.app_path(name)
 
-Then /^the config directory should exist$/ do
-  File.exists?(@user.config_path).should be_true
+  FileUtils.rm_rf(path)
+  File.should_not be_exists(path)
 end
 
-Given /^my application's rake file requires license finder$/ do
-  @user.add_license_finder_to_rakefile
+Then /^I should see a "([^"]+)" directory$/ do |name|
+  File.should be_exists(@user.app_path(name))
 end
 
-Given /^my (?:rails )?app depends on a gem "(.*?)" licensed with "(.*?)"$/ do |gem_name, license|
+Given /^my (?:rails )?app(?:lication)? depends on a gem "(.*?)" licensed with "(.*?)"$/ do |gem_name, license|
   @user.add_dependency_to_app gem_name, :license => license
 end
 
-Given /^my (?:rails )?app depends on a gem "(.*?)" licensed with "(.*?)" in the "(.*?)" bundler groups$/ do |gem_name, license, bundler_groups|
+Given /^my (?:rails )?app(?:lication)? depends on a gem "(.*?)" licensed with "(.*?)" in the "(.*?)" bundler groups$/ do |gem_name, license, bundler_groups|
   @user.add_dependency_to_app gem_name, :license => license, :bundler_groups => bundler_groups
 end
 
@@ -59,12 +57,15 @@ When /^I add the following content to "([^"]*)":$/ do |filename, text|
   @user.append_to_file(filename, @content = text)
 end
 
-When /^my application depends on a gem "([^"]*)" with:$/ do |gem_name, gem_info|
+When /^my app(?:lication)? depends on a gem "([^"]*)" with:$/ do |gem_name, gem_info|
   info = gem_info.hashes.first
   @user.add_dependency_to_app(gem_name,
-    :license      => info["license"],
-    :summary      => info["summary"],
-    :description  => info["description"]
+    :license        => info["license"],
+    :summary        => info["summary"],
+    :description    => info["description"],
+    :version        => info["version"],
+    :homepage       => info["homepage"],
+    :bundler_groups => info["bundler_groups"]
   )
 end
 
@@ -76,19 +77,18 @@ Then /^I should not see "(.*?)" in its output$/ do |gem_name|
   @output.should_not include gem_name
 end
 
-Then /^license finder should generate a file "([^"]*)" with the following content:$/ do |filename, text|
-  File.read(File.join(@user.app_path, filename)).should == text.gsub(/^\s+/, "")
+Then /^I should see the file "([^"]*)" with the following content:$/ do |filename, text|
+  File.read(@user.app_path(filename)).should == text.gsub(/^\s+/, "")
 end
 
-Then /^license finder should generate a file "([^"]*)" containing:$/ do |filename, text|
-  File.read(File.join(@user.app_path, filename)).should include(text.gsub(/^\s+/, ""))
+Then /^I should see the file "([^"]*)" containing:$/ do |filename, text|
+  File.read(@user.app_path(filename)).should include(text.gsub(/^\s+/, ""))
 end
 
 Then /^I should see the following settings for "([^"]*)":$/ do |name, yaml|
   expected_settings = YAML.load(yaml)
   all_settings = YAML.load(File.read(@user.dependencies_file_path))
   actual_settings = all_settings.detect { |gem| gem['name'] == name }
-
   actual_settings.should include expected_settings
 end
 
@@ -96,6 +96,29 @@ Then /^it should exit with status code (\d)$/ do |status|
   $?.exitstatus.should == status.to_i
 end
 
+Then /^I should see the "([^"]*)" in the html flagged as "([^"]*)"$/ do |gem_name, css_class|
+  html = File.read(@user.dependencies_html_path)
+  page = Capybara.string(html)
+  gpl_gem = page.find("##{gem_name}")
+  gpl_gem[:class].should == css_class
+end
+
+Then /^I should see (?:the )?"([^"]*)" in the html with the following details:$/ do |gem_name, table|
+  html = File.read(@user.dependencies_html_path)
+  page = Capybara.string(html)
+  section = page.find("##{gem_name}")
+
+  table.hashes.first.each do |property_name, property_value|
+    section.should have_content property_value
+  end
+end
+
+Then /^I should see "([^"]*)" in the html$/ do |text|
+  html = File.read(@user.dependencies_html_path)
+  page = Capybara.string(html)
+
+  page.should have_content text
+end
 
 module DSL
   class User
@@ -106,6 +129,8 @@ module DSL
 
       add_gem_dependency('rake')
       add_gem_dependency('license_finder', :path => root_path)
+
+      bundle_app
     end
 
     def create_rails_app
@@ -147,7 +172,9 @@ module DSL
       license = options.fetch(:license)
       summary = options.fetch(:summary, "")
       description = options.fetch(:description, "")
-      bundler_groups = options.fetch(:bundler_groups, "").split(',').map(&:strip)
+      bundler_groups = options.fetch(:bundler_groups, "").to_s.split(',').map(&:strip)
+      version = options[:version] || "0.0.0"
+      homepage = options[:homepage]
 
       gem_dir = File.join(projects_path, gem_name)
 
@@ -156,11 +183,12 @@ module DSL
         file.write <<-GEMSPEC
           Gem::Specification.new do |s|
             s.name = "#{gem_name}"
-            s.version = "0.0.0"
+            s.version = "#{version}"
             s.author = "Cucumber"
             s.summary = "#{summary}"
             s.license = "#{license}"
             s.description = "#{description}"
+            s.homepage = "#{homepage}"
           end
         GEMSPEC
       end
@@ -175,6 +203,7 @@ module DSL
     end
 
     def configure_license_finder_whitelist(whitelisted_licenses=[])
+      FileUtils.mkdir_p(config_path)
       File.open(File.join(config_path, "license_finder.yml"), "w") do |f|
         f.write({'whitelist' => whitelisted_licenses}.to_yaml)
       end
@@ -188,8 +217,16 @@ module DSL
       @output
     end
 
-    def app_path
-      File.join(projects_path, app_name)
+    def app_path(sub_directory = nil)
+      path = app_path = Pathname.new(File.join(projects_path, app_name)).cleanpath.to_s
+
+      if sub_directory
+        path = Pathname.new(File.join(app_path, sub_directory)).cleanpath.to_s
+
+        raise "#{name} is outside of the app" unless path =~ %r{^#{app_path}/}
+      end
+
+      path
     end
 
     def config_path
@@ -200,6 +237,10 @@ module DSL
       File.join(app_path, 'dependencies.yml')
     end
 
+    def dependencies_html_path
+      File.join(app_path, 'dependencies.html')
+    end
+
     private
 
     def bundle_app
@@ -245,7 +286,13 @@ module DSL
     end
 
     def root_path
-      File.realpath(File.join(File.dirname(__FILE__), "..", ".."))
+      Pathname.new(File.join(File.dirname(__FILE__), "..", "..")).realpath.to_s
     end
   end
 end
+
+
+When /^the text "([^"]*)" should link to "([^"]*)"$/ do |text, link|
+  html = Capybara.string File.read(@user.dependencies_html_path)
+  html.find(:xpath, "//a[@href='#{link}']").text.should == text
+end