license_finder 0.8.1-java → 0.8.2-java

data/lib/license_finder/configuration.rb

@@ -14,16 +14,31 @@ module LicenseFinder
     def self.make_config_file
       FileUtils.mkdir_p(File.join('.', 'config'))
       FileUtils.cp(
-        File.join(File.dirname(__FILE__), '..', '..', 'files', 'license_finder.yml'),
+        ROOT_PATH.join('..', 'files', 'license_finder.yml'),
         config_file_path
       )
     end
 
-    def initialize(config={})
+    def self.move!
+      config = config_hash('dependencies_file_dir' => './doc/')
+      File.open(config_file_path, 'w') do |f|
+        f.write YAML.dump(config)
+      end
+
+      FileUtils.mkdir_p("doc")
+      FileUtils.mv(Dir["dependencies.*"], "doc")
+    end
+
+    def self.config_hash(config)
       if File.exists?(config_file_path)
         yaml = File.read(config_file_path)
         config = YAML.load(yaml).merge config
       end
+      config
+    end
+
+    def initialize(config={})
+      config = self.class.config_hash(config)
 
       @whitelist = config['whitelist'] || []
       @ignore_groups = (config["ignore_groups"] || []).map(&:to_sym)
@@ -31,12 +46,8 @@ module LicenseFinder
       FileUtils.mkdir_p(@dependencies_dir)
     end
 
-    def config_file_path
-      self.class.config_file_path
-    end
-
-    def database_path
-      File.expand_path(File.join(dependencies_dir, "dependencies.db"))
+    def database_uri
+      URI.escape(File.expand_path(File.join(dependencies_dir, "dependencies.db")))
     end
 
     def dependencies_yaml
@@ -51,15 +62,20 @@ module LicenseFinder
       File.join(dependencies_dir, "dependencies.html")
     end
 
-    def ignore_groups
-      @ignore_groups.map &:to_sym
-    end
-
     def whitelisted?(license_name)
       license = License.find_by_name(license_name) || license_name
       whitelisted_licenses.include? license
     end
 
+    def save_to_yaml
+      File.open(Configuration.config_file_path, 'w') do |file|
+        file.write({
+          'whitelist' => @whitelist,
+          'ignore_groups' => @ignore_groups
+        }.to_yaml)
+      end
+    end
+
     private
 
     def whitelisted_licenses

data/lib/license_finder/dependency_manager.rb

@@ -0,0 +1,49 @@
+module LicenseFinder
+  module DependencyManager
+    def self.sync_with_bundler
+      current_gems = Bundle.current_gems
+      modifying {
+        current_dependencies = current_gems.map(&:save_as_dependency)
+        Dependency.bundler.obsolete(current_dependencies).each(&:destroy)
+      }
+    end
+
+    def self.create_non_bundler(license, name, version)
+      raise Error.new("#{name} dependency already exists") unless Dependency.where(name: name).empty?
+
+      modifying {
+        dependency = Dependency.new(manual: true, name: name, version: version)
+        dependency.license = LicenseAlias.create(name: license)
+        dependency.approval = Approval.create
+        dependency.save
+      }
+    end
+
+    def self.destroy_non_bundler(name)
+      modifying { find_by_name(name, Dependency.non_bundler).destroy }
+    end
+
+    def self.license!(name, license)
+      modifying { find_by_name(name).license.set_manually(license) }
+    end
+
+    def self.approve!(name)
+      modifying { find_by_name(name).approve!  }
+    end
+
+    private # not really private, but it looks like it is!
+
+    def self.find_by_name(name, scope = Dependency)
+      dep = scope.first(name: name)
+      raise Error.new("could not find dependency named #{name}") unless dep
+      dep
+    end
+
+    def self.modifying
+      result = yield
+      Reporter.write_reports
+      result
+    end
+  end
+end
+

data/lib/license_finder/license.rb

@@ -56,9 +56,9 @@ module LicenseFinder
 
         def license_text
           unless defined?(@license_text)
-            template = File.join(ROOT_PATH, "data", "licenses", "#{demodulized_name}.txt").to_s
+            template = ROOT_PATH.join("data", "licenses", "#{demodulized_name}.txt")
 
-            @license_text = Text.new(File.read(template)).to_s if File.exists?(template)
+            @license_text = Text.new(template.read).to_s if template.exist?
           end
           @license_text
         end
@@ -85,6 +85,6 @@ module LicenseFinder
   end
 end
 
-Dir[File.join(File.dirname(__FILE__), 'license', '*.rb')].each do |license|
+Pathname.glob(LicenseFinder::ROOT_PATH.join('license_finder', 'license', "*.rb")) do |license|
   require license
 end

data/lib/license_finder/{license_files.rb → possible_license_files.rb}

@@ -1,5 +1,5 @@
 module LicenseFinder
-  class LicenseFiles
+  class PossibleLicenseFiles
     LICENSE_FILE_NAMES = %w(LICENSE License Licence COPYING README Readme ReadMe)
 
     def initialize(install_path)
@@ -8,7 +8,7 @@ module LicenseFinder
 
     attr_reader :install_path
 
-    def files
+    def find
       paths_for_license_files.map do |path|
         get_file_for_path(path)
       end

data/lib/license_finder/{dependency_report.rb → reports/dependency_report.rb}

@@ -15,7 +15,7 @@ module LicenseFinder
     end
 
     def to_s
-      filename = File.join(File.dirname(__FILE__), '..', 'templates', "#{self.class.underscored_name}.erb")
+      filename = ROOT_PATH.join('templates', "#{self.class.underscored_name}.erb")
       template = ERB.new(File.read(filename), 0, '-')
       template.result(binding)
     end

data/lib/license_finder/tables.rb

@@ -2,6 +2,6 @@ require 'rubygems'
 require 'sequel'
 require LicenseFinder::Platform.sqlite_load_path
 
-DB = Sequel.connect("#{LicenseFinder::Platform.sqlite_adapter}://#{LicenseFinder.config.database_path}")
+DB = Sequel.connect("#{LicenseFinder::Platform.sqlite_adapter}://#{LicenseFinder.config.database_uri}")
 Sequel.extension :migration, :core_extensions
 Sequel::Migrator.run(DB, LicenseFinder::ROOT_PATH.join('../db/migrate'))

data/lib/license_finder/tables/dependency.rb

@@ -1,30 +1,49 @@
 module LicenseFinder
   class Dependency < Sequel::Model
+    plugin :boolean_readers
     many_to_one :license, class: LicenseAlias
     many_to_one :approval
     many_to_many :children, join_table: :ancestries, left_key: :parent_dependency_id, right_key: :child_dependency_id, class: self
     many_to_many :parents, join_table: :ancestries, left_key: :child_dependency_id, right_key: :parent_dependency_id, class: self
     many_to_many :bundler_groups
 
-    def self.destroy_obsolete(current_dependencies)
-      exclude(id: current_dependencies.map(&:id)).each(&:destroy)
+    dataset_module do
+      def bundler
+        exclude(manual: true)
+      end
+
+      def non_bundler
+        bundler.invert
+      end
+
+      def obsolete(current)
+        exclude(id: current.map(&:id))
+      end
     end
 
     def self.unapproved
       all.reject(&:approved?)
     end
 
+    def self.named(name)
+      d = find_or_create(name: name.to_s)
+      d.ensure_approval_exists!
+      d
+    end
+
     def approve!
       approval.state = true
       approval.save
     end
 
     def approved?
-      (license && license.whitelisted?) || (approval && approval.state)
+      (license && license.whitelisted?) || approval.state
     end
 
-    def set_license_manually(name)
-      license.set_manually(name)
+    def ensure_approval_exists!
+      return if approval
+      self.approval = Approval.create
+      save
     end
   end
 end

data/lib/license_finder/yml_to_sql.rb

@@ -41,6 +41,7 @@ module LicenseFinder
       @dep = create_dependency
       @dep.license = create_license
       @dep.approval = create_approval
+      @dep.manual = non_bundler_source?
       associate_bundler_groups
       @dep.save
     end
@@ -57,6 +58,10 @@ module LicenseFinder
       end
     end
 
+    def non_bundler_source?
+      @legacy_attrs['source'] == "bundle" ? false : true
+    end
+
     def create_dependency
       Sql::Dependency.convert(legacy_attrs)
     end

data/lib/tasks/license_finder.rake

@@ -3,5 +3,5 @@ task :license_finder do
   puts "DEPRECATION WARNING: 'rake license_finder' is going to be removed 
   for the 1.0.0 release. Please instead use the command line utility 'license_finder'
   or refer to the README for avalible command line utilities"
-  LicenseFinder::CLI.check_for_action_items
+  LicenseFinder::CLI::Main.new.rescan
 end

data/license_finder.gemspec

@@ -2,8 +2,8 @@ require './lib/license_finder/platform'
 
 Gem::Specification.new do |s|
   s.name        = "license_finder"
-  s.version     = "0.8.1"
-  s.authors     = ["Jacob Maine", "Matthew Kane Parker", "Ian Lesperance", "David Edwards", "Paul Meskers", "Brent Wheeldon", "David Tengdin"]
+  s.version     = "0.8.2"
+  s.authors     = ["Jacob Maine", "Matthew Kane Parker", "Ian Lesperance", "David Edwards", "Paul Meskers", "Brent Wheeldon", "David Tengdin", "William Ramsey"]
   s.email       = ["licensefinder@pivotalabs.com"]
   s.homepage    = "https://github.com/pivotal/LicenseFinder"
   s.summary     = "Audit the OSS licenses of your application's dependencies."
@@ -20,12 +20,14 @@ Gem::Specification.new do |s|
 
   s.add_dependency "bundler"
   s.add_dependency "sequel"
+  s.add_dependency "thor"
   s.add_dependency LicenseFinder::Platform.sqlite_gem
 
-  %w(rspec rake xpath cucumber database_cleaner).each do |gem|
+  %w(rspec rake xpath cucumber).each do |gem|
     s.add_development_dependency gem
   end
 
+  s.add_development_dependency "database_cleaner", "0.9.1"
   s.add_development_dependency "capybara", "~> 2.0.0"
   s.add_development_dependency "rails", "~> 3.2.0"
 

data/readme.md

@@ -1,10 +1,11 @@
 # License Finder
 
 [![Build Status](https://secure.travis-ci.org/pivotal/LicenseFinder.png)](http://travis-ci.org/pivotal/LicenseFinder)
-[![Code Climate](https://codeclimate.com/badge.png)](https://codeclimate.com/github/pivotal/LicenseFinder)
+[![Code Climate](https://codeclimate.com/github/pivotal/LicenseFinder.png)](https://codeclimate.com/github/pivotal/LicenseFinder)
 
 With bundler it's easy for your project to depend on many gems.  This decomposition is nice, but managing licenses becomes difficult.  This tool gathers info about the licenses of the gems in your project.
 
+
 ## Installation
 
 Add license_finder to your project's Gemfile and `bundle`:
@@ -13,6 +14,7 @@ Add license_finder to your project's Gemfile and `bundle`:
 gem 'license_finder'
 ```
 
+
 ## Usage
 
 License finder will generate reports of action items - i.e., dependencies that do not fall within your license "whitelist".
@@ -21,26 +23,12 @@ License finder will generate reports of action items - i.e., dependencies that d
 $ license_finder
 ```
 
-The first time you run this, `license_finder` will create a default configuration file `./config/license_finder.yml`:
-
-
-```yaml
----
-whitelist:
-#- MIT
-#- Apache 2.0
-ignore_groups:
-#- test
-#- development
-dependencies_file_dir: './doc/'
-```
-
-This allows you to configure bundler groups and add licenses to the whitelist.
+(Note) If you wish to run license_finder without the progress spinner use the -q or --quiet option.
 
 On a brand new Rails project, you could expect `license_finder` to output something like the following
-(assuming you whitelisted the MIT license in your `config/license_finder.yml`):
+(assuming you whitelisted the MIT license -- see [Configuration](#configuration)):
 
-```
+```yaml
 Dependencies that need approval:
 
 highline, 1.6.14, ruby
@@ -52,7 +40,8 @@ rubyzip, 0.9.9, ruby
 xml-simple, 1.1.1, other
 ```
 
-The executable task will also write out a dependencies.db, dependencies.txt, and dependencies.html file in the doc/ directory (by default).
+The executable task will also write out a dependencies.db, dependencies.txt, and dependencies.html file in the doc/
+directory (by default -- see [Configuration](#configuration)).
 
 The latter two files are human readable reports that you could send to your non-technical business partners, lawyers, etc.
 
@@ -60,12 +49,15 @@ The latter two files are human readable reports that you could send to your non-
 unapproved dependencies. You could use this in a CI build, for example, to alert you whenever someone adds an
 unapproved dependency to the project.
 
-### Manually recording licenses
+Run `license_finder help` to see other available commands.
+
+### Manually setting licenses
 
-When you have dependencies marked as having an 'other' license, `license_finder` you should manually research what the actual license is. Once this has been established, you can record this information with the `-l` or `--license` option as such:
+When `license_finder` reports that a dependency's license is 'other', you should manually research what the actual
+license is.  When you have established the real license, you can record it with:
 
 ```sh
-$ license_finder -l MIT my_unknown_dependency
+$ license_finder license MIT my_unknown_dependency
 ```
 
 This command would assign the MIT license to the dependency `my_unknown_dependency`.
@@ -73,8 +65,8 @@ This command would assign the MIT license to the dependency `my_unknown_dependen
 ### Manually approving dependencies
 
 Whenever you have a dependency that falls outside of your whitelist, `license_finder` will tell you.
-If your business decides that this is an acceptable risk, you can manually approve the dependency by using the `-a` or
-`--approve` option of the `license_finder` command.
+If your business decides that this is an acceptable risk, you can manually approve the dependency by using the
+`license_finder approve` command.
 
 For example, lets assume you've only
 whitelisted the "MIT" license in your `config/license_finder.yml`. You then add the `awesome_gpl_gem` to your Gemfile,
@@ -88,25 +80,95 @@ awesome_gpl_gem, 1.0.0, GPL
 Your business tells you that in this case, it's acceptable to use this gem. You now run:
 
 ```sh
-$ license_finder -a awesome_gpl_gem
+$ license_finder approve awesome_gpl_gem
 ```
 
 If you rerun `license_finder`, you should no longer see `awesome_gpl_gem` in the output.
 
+### Managing ignored Bundler groups
+
+Bundler groups can be added to an ignore list which will prevent LicenseFinder from evaluating their licenses.
+These groups can be managed with the `ignored_bundler_groups` command.
+
+To list currently ignored Bundler groups:
+
+```sh
+$ license_finder ignored_bundler_groups list
+```
+
+To add a group to the ignored Bundler groups:
+
+```sh
+$ license_finder ignored_bundler_groups add development
+```
+
+To remove a group from the ignored Bundler groups:
+
+```sh
+$ license_finder ignored_bundler_groups remove development
+```
+
+### Managing non-Bundler dependencies
+
+license_finder can track dependencies that Bundler doesn't know about (JS libraries that don't
+appear in your Gemfile, etc.)
+
+```sh
+$ license_finder dependencies add MIT my_js_dep 0.1.2
+```
+
+To automatically approve a non-bundler dependency when you add it, use:
+
+```sh
+$ license_finder dependencies add MIT my_js_dep 0.1.2 --approve
+```
+
+The version is optional.  Run `license_finder dependencies help` for additional documentation about
+managing non-Bundler dependencies.
+
+license_finder cannot automatically detect when a non-Bundler dependency has been removed from your
+project, so you can use:
+
+```sh
+$ license_finder dependencies remove my_js_dep
+```
+
+## Configuration
+
+The first time you run `license_finder` it will create a default configuration file `./config/license_finder.yml`:
+
+```yaml
+---
+whitelist:
+#- MIT
+#- Apache 2.0
+ignore_groups:
+#- test
+#- development
+dependencies_file_dir: './doc/'
+```
+
+By modifying this file, you can configure license_finder's behavior. `Whitelisted` licenses will be automatically approved
+and `ignore_groups` will limit which dependencies are included in your license report.  You can store the license database
+and text files in another directory by changing `dependencies_file_dir`.
+
+
 ## Upgrade for pre 0.8.0 users
 
 If you wish to cleanup your root directory you can run:
 
 ```sh
-$ license_finder -m
+$ license_finder move
 ```
 
 This will move your dependencies.* files to the /doc directory and update the config.
 
+
 ## Compatibility
 
 license_finder is compatible with ruby 1.9, and ruby 2.0. There is also experimental support for jruby.
 
+
 ## A note to gem authors / maintainers
 
 For the good of humanity, please add a license to your gemspec!
@@ -120,6 +182,21 @@ end
 
 And add a `LICENSE` file to your gem that contains your license text.
 
+
+## Support
+
+* Send an email to the list: [license-finder@googlegroups.com](license-finder@googlegroups.com)
+* View the project backlog at Pivotal Tracker: [https://www.pivotaltracker.com/s/projects/234851](https://www.pivotaltracker.com/s/projects/234851)
+
+
+## Contributing
+
+* Fork the project
+* Create a feature branch
+* Make your feature addition or bug fix (with tests)
+* Rebase on top of master
+* Send a pull request
+
 ## License
 
 LicenseFinder is released under the MIT License. http://www.opensource.org/licenses/mit-license