license_finder 0.7.3 → 0.8.0

data/readme.md

@@ -7,10 +7,10 @@ With bundler it's easy for your project to depend on many gems.  This decomposit
 
 ## Installation
 
-Add license_finder to your Rails project's Gemfile and `bundle`:
+Add license_finder to your project's Gemfile and `bundle`:
 
 ```ruby
-gem 'license_finder', git: "https://github.com/pivotal/LicenseFinder.git"
+gem 'license_finder'
 ```
 
 ## Usage
@@ -18,7 +18,7 @@ gem 'license_finder', git: "https://github.com/pivotal/LicenseFinder.git"
 License finder will generate reports of action items - i.e., dependencies that do not fall within your license "whitelist".
 
 ```sh
-$ bundle exec license_finder
+$ license_finder
 ```
 
 The first time you run this, `license_finder` will create a default configuration file `./config/license_finder.yml`:
@@ -32,6 +32,7 @@ whitelist:
 ignore_groups:
 #- test
 #- development
+dependencies_file_dir: './doc/'
 ```
 
 This allows you to configure bundler groups and add licenses to the whitelist.
@@ -51,7 +52,7 @@ rubyzip, 0.9.9, ruby
 xml-simple, 1.1.1, other
 ```
 
-The executable task will also write out a dependencies.yml, dependencies.txt, and dependencies.html file in the root of your project.
+The executable task will also write out a dependencies.db, dependencies.txt, and dependencies.html file in the doc/ directory (by default).
 
 The latter two files are human readable reports that you could send to your non-technical business partners, lawyers, etc.
 
@@ -59,15 +60,9 @@ The latter two files are human readable reports that you could send to your non-
 unapproved dependencies. You could use this in a CI build, for example, to alert you whenever someone adds an
 unapproved dependency to the project.
 
-It will also merge in an existing dependencies.yml file, if one exists (i.e., you've previously run this command
-and then edited the resulting file).
-
 ### Manually recording licenses
 
-When you have dependencies marked as having an 'other' license, `license_finder` will output
-the license and readme file locations for the dependency, allowing you to manually research what the actual
-license is. Once this has been established, you can record this information with the `-l` option
-as such:
+When you have dependencies marked as having an 'other' license, `license_finder` you should manually research what the actual license is. Once this has been established, you can record this information with the `-l` or `--license` option as such:
 
 ```sh
 $ license_finder -l MIT my_unknown_dependency
@@ -82,7 +77,7 @@ If your business decides that this is an acceptable risk, you can manually appro
 `--approve` option of the `license_finder` command.
 
 For example, lets assume you've only
-whitelisted the "MIT" license in your `config/license_finder.yml`. You then add the 'awesome_gpl_gem' to your Gemfile,
+whitelisted the "MIT" license in your `config/license_finder.yml`. You then add the `awesome_gpl_gem` to your Gemfile,
 which we'll assume is licensed with the `GPL` license. You then run `license_finder` and see
 the gem listed in the output:
 
@@ -93,49 +88,14 @@ awesome_gpl_gem, 1.0.0, GPL
 Your business tells you that in this case, it's acceptable to use this gem. You now run:
 
 ```sh
-$ bundle exec license_finder -a awesome_gpl_gem
+$ license_finder -a awesome_gpl_gem
 ```
 
 If you rerun `license_finder`, you should no longer see `awesome_gpl_gem` in the output.
 
+## Compatibility
 
-## Manually managing Javascript Dependencies
-
-License Finder currently has no method for automatically detecting third-party javascript libraries in your application
-and alerting you to license violations. However, you can manually add javascript dependencies to your `dependencies.yml`
-file:
-
-```yaml
-- name: "my_javascript_library"
-  version: "0.0.0"
-  license: "GPL"
-  approved: false
-```
-
-You could then update the "approved" attribute to true once you have signoff from your business. License Finder will
-remember any manually added licenses between successive runs.
-
-
-## Usage with Rake
-
-First, add license finder to your project's Gemfile:
-
-```ruby
-gem "license_finder"
-```
-
-Next, update your project's Rakefile with the license finder rake task:
-
-```ruby
-require 'bundler/setup'
-require 'license_finder'
-LicenseFinder.load_rake_tasks
-```
-
-You can now run `bundle exec rake license_finder`. This is the equivalent of running `bundle exec license_finder`.
-
-This could be handy if you have a build for CI that you want to break when you have unapproved dependencies. The
-rake task will `exit 1` immediately if there are unapproved dependencies, stopping your build dead in its tracks!
+license_finder is compatible with ruby 1.9, and ruby 2.0. There is also experimental support for jruby.
 
 ## A note to gem authors / maintainers
 

data/spec/lib/license_finder/bundle_spec.rb

@@ -2,6 +2,17 @@ require "spec_helper"
 
 module LicenseFinder
   describe Bundle do
+    let(:definition) do
+      double('definition', {
+        :dependencies => [],
+        :groups => [],
+        :specs_for => [
+          build_gemspec('gem1', '1.2.3'),
+          build_gemspec('gem2', '0.4.2')
+        ]
+      })
+    end
+
     def build_gemspec(name, version, dependency=nil)
       Gem::Specification.new do |s|
         s.name = name
@@ -15,28 +26,20 @@ module LicenseFinder
       end
     end
 
-    describe '.from_bundler(bundle)' do
-      let(:definition) do
-        double('definition', {
-          :dependencies => [],
-          :groups => [],
-          :specs_for => [
-            build_gemspec('gem1', '1.2.3'),
-            build_gemspec('gem2', '0.4.2')
-          ]
-        })
-      end
-
+    describe '.current_gem_dependencies' do
       subject do
-        Bundle.new(definition).gems.map(&:to_dependency)
+        Bundle.current_gem_dependencies(definition)
       end
 
-      its(:count) { should == 2 }
-
       it "should have 2 dependencies" do
         subject.size.should == 2
       end
 
+      it "returns persisted dependencies" do
+        subject.first.id.should be
+        subject.last.id.should be
+      end
+
       context "when initialized with a parent and child gem" do
         before do
           definition.stub(:specs_for).and_return([
@@ -46,11 +49,11 @@ module LicenseFinder
         end
 
         it "should update the child dependency with its parent data" do
-          gem1 = subject.first
-          gem2 = subject.last
+          gem1 = subject.first.reload
+          gem2 = subject.last.reload
 
-          gem2.parents.should == [gem1.name]
-          gem1.children.should == [gem2.name]
+          gem2.parents.should == [gem1]
+          gem1.children.should == [gem2]
         end
       end
     end

data/spec/lib/license_finder/bundle_syncer_spec.rb

@@ -3,16 +3,10 @@ require "spec_helper"
 module LicenseFinder
   describe BundleSyncer do
     describe "#sync!" do
-      it "should delegate the bundled dependencies and the persisted bundled dependencies to the source syncer" do
-        gem = double :gem, :to_dependency => double(:gem_dependency)
-        bundled_dep = double :bundled_dep, source: "bundle"
-        manual_dep  = double :manual_dep, source: nil
-        syncer = double :source_syncer
-
-        Bundle.stub_chain(:new, :gems).and_return [gem]
-        Dependency.stub(:all).and_return [bundled_dep, manual_dep]
-        SourceSyncer.should_receive(:new).with([gem.to_dependency], [bundled_dep]).and_return syncer
-        syncer.should_receive(:sync!)
+      it "saves new, updates old, and destroys obsolete gems" do
+        current_dependencies = stub
+        Bundle.stub(:current_gem_dependencies).and_return { current_dependencies }
+        Dependency.should_receive(:destroy_obsolete).with(current_dependencies)
 
         BundleSyncer.sync!
       end

data/spec/lib/license_finder/bundled_gem_spec.rb

@@ -1,129 +1,61 @@
 require 'spec_helper'
 
-describe LicenseFinder::BundledGem do
-  subject { LicenseFinder::BundledGem.new(gemspec) }
-
-  let(:gemspec) do
-    Gem::Specification.new do |s|
-      s.name = 'spec_name'
-      s.version = '2.1.3'
-      s.summary = 'summary'
-      s.description = 'description'
-      s.homepage = 'homepage'
-
-      s.add_dependency 'foo'
-    end
-  end
-
-  def fixture_path(fixture)
-    Pathname.new(File.join(File.dirname(__FILE__), '..', '..', '..', 'spec', 'fixtures', fixture)).realpath.to_s
-  end
-
-  its(:name) { should == 'spec_name 2.1.3' }
-  its(:dependency_name) { should == 'spec_name' }
-  its(:dependency_version) { should == '2.1.3' }
-  its(:install_path) { should == gemspec.full_gem_path }
-
-  describe "#determine_license" do
-    subject do
-      details = LicenseFinder::BundledGem.new(gemspec)
-      details.stub(:license_files).and_return([license_file])
-      details
-    end
-
-    let(:license_file) { LicenseFinder::PossibleLicenseFile.new('gem', 'gem/license/path') }
-
-    it "returns the license from the gemspec if provided" do
-      gemspec.stub(:license).and_return('Some License')
-
-      subject.determine_license.should == "Some License"
-    end
-
-    it "returns the matched license if detected" do
-      license_file.stub(:license).and_return('Detected License')
-
-      subject.determine_license.should == "Detected License"
-    end
-
-    it "returns 'other' otherwise" do
-      license_file.stub(:license).and_return(nil)
-
-      subject.determine_license.should == "other"
-    end
-  end
-
-  describe "#license_files" do
-    it "is empty if there aren't any license files" do
-      subject.license_files.should == []
-    end
-
-    it "includes files with names like LICENSE, License or COPYING" do
-      gemspec.stub(:full_gem_path).and_return(fixture_path('license_names'))
-
-      subject.license_files.map(&:file_name).should =~
-        %w[COPYING.txt LICENSE Mit-License README.rdoc Licence.rdoc]
+module LicenseFinder
+  describe BundledGem do
+    subject { described_class.new(gemspec) }
+
+    let(:gemspec) do
+      Gem::Specification.new do |s|
+        s.name = 'spec_name'
+        s.version = '2.1.3'
+        s.summary = 'summary'
+        s.description = 'description'
+        s.homepage = 'homepage'
+
+        s.add_dependency 'foo'
+      end
     end
 
-    it "includes files deep in the hierarchy" do
-      gemspec.stub(:full_gem_path).and_return(fixture_path('nested_gem'))
-
-      subject.license_files.map { |f| [f.file_name, f.file_path] }.should =~ [
-        %w[LICENSE vendor/LICENSE]
-      ]
+    def fixture_path(fixture)
+      Pathname.new(File.join(File.dirname(__FILE__), '..', '..', '..', 'spec', 'fixtures', fixture)).realpath.to_s
     end
 
-    it "includes both files nested inside LICENSE directory and top level files" do
-      gemspec.stub(:full_gem_path).and_return(fixture_path('license_directory'))
-      found_license_files = subject.license_files
+    its(:name) { should == 'spec_name 2.1.3' }
+    its(:dependency_name) { should == 'spec_name' }
+    its(:dependency_version) { should == '2.1.3' }
 
-      found_license_files.map { |f| [f.file_name, f.file_path] }.should =~ [
-        %w[BSD-2-Clause.txt LICENSE/BSD-2-Clause.txt],
-        %w[GPL-2.0.txt LICENSE/GPL-2.0.txt],
-        %w[MIT.txt LICENSE/MIT.txt],
-        %w[RUBY.txt LICENSE/RUBY.txt],
-        %w[COPYING COPYING],
-        %w[LICENSE LICENSE/LICENSE]
-      ]
-    end
-  end
+    describe "#determine_license" do
+      subject do
+        details = BundledGem.new(gemspec)
+        details.stub(:license_files).and_return([license_file])
+        details
+      end
 
-  describe '#to_dependency' do
-    subject { LicenseFinder::BundledGem.new(gemspec).to_dependency }
+      let(:license_file) { PossibleLicenseFile.new('gem', 'gem/license/path') }
 
-    its(:name) { should == 'spec_name' }
-    its(:version) { should == '2.1.3' }
-    its(:summary) { should == 'summary' }
-    its(:source) { should == 'bundle' }
-    its(:description) { should == 'description' }
-    its(:homepage) { should == 'homepage' }
-    its(:children) { should == ['foo']}
+      it "returns the license from the gemspec if provided" do
+        gemspec.stub(:license).and_return('Some License')
 
-    describe 'with a known license' do
-      before do
-        gemspec.stub(:full_gem_path).and_return(fixture_path('mit_licensed_gem'))
-        LicenseFinder::PossibleLicenseFile.any_instance.stub(:license).and_return('Detected License')
+        subject.determine_license.should == "Some License"
       end
 
-      its(:license) { should == 'Detected License' }
-      its(:license_files) { should == ["LICENSE"] }
-    end
+      it "returns the matched license if detected" do
+        license_file.stub(:license).and_return('Detected License')
 
-    describe 'with an unknown license' do
-      before do
-        gemspec.stub(:full_gem_path).and_return(fixture_path('other_licensed_gem'))
-        LicenseFinder::PossibleLicenseFile.any_instance.stub(:license).and_return(nil)
+        subject.determine_license.should == "Detected License"
       end
 
-      its(:license) { should == 'other' }
-    end
+      it "returns 'other' otherwise" do
+        license_file.stub(:license).and_return(nil)
 
-    describe 'with UTF8 file License' do
-      before do
-        gemspec.stub(:full_gem_path).and_return(fixture_path('utf8_gem'))
+        subject.determine_license.should == "other"
       end
+    end
 
-      it "handles non UTF8 encodings" do
-        expect { subject }.not_to raise_error ArgumentError, "invalid byte sequence in UTF-8"
+    describe "#license_files" do
+      it "delegates to the license files helper" do
+        LicenseFiles.should_receive(:new).with(gemspec.full_gem_path) { stub(files: [] )}
+        subject.license_files
       end
     end
   end

data/spec/lib/license_finder/cli_spec.rb

@@ -10,7 +10,7 @@ module LicenseFinder
           dependency = double('dependency', :name => nil)
           dependency.should_receive(:approve!)
 
-          Dependency.stub(:find_by_name).with('foo').and_return(dependency)
+          Dependency.stub(:first).with(name: 'foo').and_return(dependency)
 
           CLI.execute! approve: true, dependency: 'foo'
         end
@@ -19,9 +19,9 @@ module LicenseFinder
       context "when the -l (--license) switch is provided" do
         it "should update the license on the requested gem" do
           dependency = double :dependency, :name => nil
-          dependency.should_receive(:update_attributes).with(:license => "foo")
+          dependency.should_receive(:set_license_manually).with("foo")
 
-          Dependency.stub(:find_by_name).with("foo_gem").and_return dependency
+          Dependency.stub(:first).with(name: "foo_gem").and_return dependency
 
           CLI.execute! license: "foo", dependency: 'foo_gem'
         end

data/spec/lib/license_finder/configuration_spec.rb

@@ -1,38 +1,70 @@
 require "spec_helper"
 
-describe LicenseFinder::Configuration do
-  it_behaves_like "a persistable configuration"
+module LicenseFinder
+  describe Configuration do
+    let(:config) { described_class.new }
 
-  let(:config) { LicenseFinder::Configuration.new }
+    let(:klass) { described_class }
 
-  describe "whitelisted?" do
-    context "canonical name whitelisted" do
-      before { config.whitelist = [LicenseFinder::License::Apache2.names[rand(LicenseFinder::License::Apache2.names.count)]]}
+    describe '.new' do
+      let(:attributes) do
+        {
+          "whitelist" => ["FooLicense", "BarLicense"],
+          "ignore_groups" => [:test, :development],
+          "dependencies_file_dir" => "."
+        }
+      end
 
-      let(:possible_license_names) { LicenseFinder::License::Apache2.names }
+      subject { klass.new(attributes) }
 
-      it "should return true if if the license is the canonical name, pretty name, or alternative name of the license" do
-        possible_license_names.each do |name|
-          config.whitelisted?(name).should be_true, "expected #{name} to be whitelisted, but wasn't."
+      context "with known attributes" do
+        it "should set the all of the attributes on the instance" do
+          subject.whitelist.should == attributes['whitelist']
+          subject.ignore_groups.should == attributes['ignore_groups']
+          subject.dependencies_dir.should == attributes['dependencies_file_dir']
         end
       end
 
-      it "should be case-insensitive" do
-        possible_license_names.map(&:downcase).each do |name|
-          config.whitelisted?(name).should be_true, "expected #{name} to be whitelisted, but wasn't"
-        end
+      it "uses absolute path in database_path" do
+        subject.database_path.should_not start_with(".")
       end
     end
-  end
 
-  describe "#ignore_groups" do
-    it "should default to an empty array" do
-      config.ignore_groups.should == []
+    describe "#whitelist" do
+      it "should default to an empty array" do
+        klass.new.whitelist.should == []
+      end
     end
 
-    it "should always return symbolized versions of the ignore groups" do
-      config.ignore_groups = %w[test development]
-      config.ignore_groups.should == [:test, :development]
+    describe "whitelisted?" do
+      context "canonical name whitelisted" do
+        before { config.whitelist = [License::Apache2.names[rand(License::Apache2.names.count)]]}
+
+        let(:possible_license_names) { License::Apache2.names }
+
+        it "should return true if if the license is the canonical name, pretty name, or alternative name of the license" do
+          possible_license_names.each do |name|
+            config.whitelisted?(name).should be_true, "expected #{name} to be whitelisted, but wasn't."
+          end
+        end
+
+        it "should be case-insensitive" do
+          possible_license_names.map(&:downcase).each do |name|
+            config.whitelisted?(name).should be_true, "expected #{name} to be whitelisted, but wasn't"
+          end
+        end
+      end
+    end
+
+    describe "#ignore_groups" do
+      it "should default to an empty array" do
+        config.ignore_groups.should == []
+      end
+
+      it "should always return symbolized versions of the ignore groups" do
+        config.ignore_groups = %w[test development]
+        config.ignore_groups.should == [:test, :development]
+      end
     end
   end
 end