license_finder 1.0.0.0-java → 1.1.1-java

data/lib/license_finder/tables/manual_approval.rb

@@ -0,0 +1,13 @@
+require 'time'
+
+module LicenseFinder
+  class ManualApproval < Sequel::Model
+    plugin :timestamps, update_on_create: true
+
+    def safe_created_at
+      created_at.is_a?(String) ?
+        Time.parse(created_at) :
+        created_at
+    end
+  end
+end

data/lib/license_finder/yml_to_sql.rb

@@ -39,8 +39,8 @@ module LicenseFinder
 
     def convert
       @dep = create_dependency
-      @dep.license = create_license
-      @dep.manual = manually_managed?
+      @dep.added_manually = manually_managed?
+      add_approval
       associate_bundler_groups
       @dep.save
     end
@@ -58,15 +58,15 @@ module LicenseFinder
     end
 
     def manually_managed?
-      @legacy_attrs['source'] != "bundle"
+      legacy_attrs['source'] != "bundle"
     end
 
-    def create_dependency
-      Sql::Dependency.convert(legacy_attrs)
+    def add_approval
+      @dep.manual_approval = Sql::ManualApproval.new if legacy_attrs['approved']
     end
 
-    def create_license
-      LicenseAlias.find_or_create(name: legacy_attrs['license'])
+    def create_dependency
+      Sql::Dependency.convert(legacy_attrs)
     end
 
     def find_children
@@ -83,7 +83,7 @@ module LicenseFinder
       class Dependency < Sequel::Model
         plugin :boolean_readers
 
-        many_to_one :license, class: LicenseAlias
+        one_to_one :manual_approval
         many_to_many :children, join_table: :ancestries, left_key: :parent_dependency_id, right_key: :child_dependency_id, class: self
         many_to_many :bundler_groups
 
@@ -93,7 +93,7 @@ module LicenseFinder
           'summary' => 'summary',
           'description' => 'description',
           'homepage' => 'homepage',
-          'approved' => 'manually_approved'
+          'license' => 'license_name'
         }
 
         def self.convert(attrs)
@@ -109,6 +109,9 @@ module LicenseFinder
 
       class BundlerGroup < Sequel::Model
       end
+
+      class ManualApproval < Sequel::Model
+      end
     end
   end
 end

data/lib/templates/html_report.erb

@@ -16,12 +16,8 @@
     body {
       margin: 50px;
     }
-
-    .unapproved h2, .unapproved h2 a {
-      color: red;
-    }
-    .unapproved h2:after {
-      content: " (unapproved)"
+    .dependencies blockquote {
+      margin-top: 15px;
     }
   </style>
 </head>
@@ -29,90 +25,88 @@
 <div class="container">
   <h1><%= LicenseFinder.config.project_name %></h1>
   <div class="summary hero-unit">
-    <h2>Dependencies</h2>
+    <div class="row">
+      <div class="span5">
+        <h2>Dependencies</h2>
 
-    <p>As of <%= Time.now.strftime("%B %e, %Y %l:%M%P") %></p>
+        <p>As of <%= Time.now.strftime("%B %e, %Y %l:%M%P") %></p>
 
-    <h4>
-      <%= dependencies.size %> total
+        <h4><%= dependencies.size %> total</h4>
 
+        <ul>
+          <% grouped_dependencies.each do |license_name, group| -%>
+            <li><%= group.size %> <%= license_name %></li>
+          <% end -%>
+        </ul>
+      </div>
       <% if unapproved_dependencies.any? -%>
-        <span class="badge badge-important"><%= unapproved_dependencies.size %> unapproved</span>
-      <% end -%>
-    </h4>
-
-    <ul>
-      <% grouped_dependencies.each do |license_name, group| -%>
-        <li><%= group.size %> <%= license_name %></li>
+        <div class="action-items span5">
+          <h2>Action Items</h2>
+          <h4>
+            <%= unapproved_dependencies.size %> unapproved
+            <span class="badge badge-important">&#x2717;</span>
+          </h4>
+          <ul>
+            <% unapproved_dependencies.each do |dependency| -%>
+              <li>
+              <a href='#<%= dependency.name %>'>
+                <%= dependency.name %>
+              </a>
+              (<%= dependency.license.name %>)
+              </li>
+            <% end -%>
+          </ul>
+        </div>
       <% end -%>
-    </ul>
-  </div>
-  <% if unapproved_dependencies.any? -%>
-    <div class="action-items hero-unit">
-      <h2>Action Items</h2>
-      <h4><%= unapproved_dependencies.size %> unapproved dependencies</h4>
-      <ul>
-        <% unapproved_dependencies.each do |dependency| -%>
-          <li>
-          <a href='#<%= dependency.name %>'>
-            <%= dependency.name %>
-          </a>
-          (<%= dependency.license.name %>)
-          </li>
-        <% end -%>
-      </ul>
     </div>
-  <% end -%>
+  </div>
   <div class="dependencies">
     <% sorted_dependencies.each do |dependency| -%>
-      <div id="<%= dependency.name %>" class="<%= dependency.approved? ? "approved" : "unapproved" %>">
-        <h2>
-          <% if dependency.homepage && !dependency.homepage.empty? -%>
-            <a href="<%= dependency.homepage %>"><%= dependency.name %></a>
+      <div id="<%= dependency.name %>" class="clearfix <%= dependency.approved? ? "approved" : "unapproved" %>">
+        <blockquote class="pull-right">
+          <% if dependency.approved_manually? -%>
+            <p>
+              <%= link_to_license(dependency.license) %>
+              manually approved
+              <span class="badge badge-success">&#x2713;</span>
+            </p>
+            <p><%= dependency.manual_approval.notes %></p>
+            <small>
+              <% if dependency.manual_approval.approver -%>
+                <%= dependency.manual_approval.approver %>,
+              <% end -%>
+              <time datetime="<%= dependency.manual_approval.safe_created_at.utc.iso8601 %>"><%= dependency.manual_approval.safe_created_at.to_date %></time>
+            </small>
+          <% elsif dependency.whitelisted? -%>
+            <p>
+              <%= link_to_license(dependency.license) %>
+              whitelisted
+              <span class="badge badge-success">&#x2713;</span>
+            </p>
           <% else -%>
-            <%= dependency.name %>
-          <% end -%>
-          v<%= dependency.version %>
-          <% if dependency.bundler_groups.any? -%>
-            (<%= dependency.bundler_groups.map(&:name).join(", ") %>)
+            <p>
+            <%= link_to_license(dependency.license) %>
+            unapproved
+            <span class="badge badge-important">&#x2717;</span>
+            </p>
           <% end -%>
+        </blockquote>
+        <h2>
+          <%= link_to_dependency(dependency) %>
+          <small><%= version_groups(dependency) %></small>
         </h2>
-        <table class="table table-striped table-bordered">
-          <thead>
-          <tr>
-            <th>Summary</th>
-            <th>Description</th>
-            <th>License</th>
-          </tr>
-          </thead>
-          <tbody>
-          <tr>
-            <td><%= dependency.summary %></td>
-            <td><%= dependency.description %></td>
-            <td>
-              <% if dependency.license.url && !dependency.license.url.empty? -%>
-                <a href="<%= dependency.license.url %>"><%= dependency.license.name %></a>
-              <% else -%>
-                <%= dependency.license.name %>
-              <% end -%>
-            </td>
-          </tr>
-          </tbody>
-        </table>
+        <h4><%= dependency.summary %></h4>
+        <p><%= dependency.description %></p>
         <% if dependency.parents.any? -%>
           <dl>
-            <dt>Parents</dt>
-            <% dependency.parents.each do |parent| -%>
-              <dd><%= parent.name %></dd>
-            <% end -%>
+            <dt><%=dependency.name%> is required by:</dt>
+            <dd><%= dependency.parents.map(&:name).join(", ") -%></dd>
           </dl>
         <% end -%>
         <% if dependency.children.any? -%>
           <dl>
-            <dt>Children</dt>
-            <% dependency.children.each do |child| -%>
-              <dd><%= child.name %></dd>
-            <% end -%>
+            <dt><%=dependency.name%> relies on:</dt>
+            <dd><%= dependency.children.map(&:name).join(", ") -%></dd>
           </dl>
         <% end -%>
       </div>
@@ -120,4 +114,4 @@
   </div>
 </div>
 </body>
-</html>
+</html>

data/lib/templates/markdown_report.erb

@@ -1,14 +1,15 @@
 # <%= LicenseFinder.config.project_name %>
 
-As of <%= Time.now.strftime("%B %e, %Y %l:%M%P") %>. <%= dependencies.size %> total, _<%= unapproved_dependencies.size %> unapproved_
+As of <%= Time.now.strftime("%B %e, %Y %l:%M%P") %>. <%= dependencies.size %> total
 
 ## Summary
 <% grouped_dependencies.each do |license_name, group| -%>
-  * <%= group.size %> <%= license_name %>
+* <%= group.size %> <%= license_name %>
 <% end %>
 
 <% if unapproved_dependencies.any? -%>
-<%= unapproved_dependencies.size %> unapproved dependencies
+## Action
+<%= unapproved_dependencies.size %> *unapproved*
 
 <% unapproved_dependencies.each do |dependency| -%>
 * <a href='#<%= dependency.name %>'><%= dependency.name %></a> (<%= dependency.license.name %>)
@@ -17,27 +18,25 @@ As of <%= Time.now.strftime("%B %e, %Y %l:%M%P") %>. <%= dependencies.size %> to
 
 ## Items
 
-<% sorted_dependencies.each do |dependency|
-version_groups = "v#{dependency.version}"
-if dependency.bundler_groups.any?
-  version_groups += "(#{dependency.bundler_groups.map(&:name).join(", ")})"
-end -%>
+<% sorted_dependencies.each do |dependency| -%>
 
-<% if dependency.homepage && !dependency.homepage.empty? -%>
 <a name="<%= dependency.name %>"></a>
-### [<%= dependency.name %>](<%= dependency.homepage %>) <%= version_groups -%>
+### <%= link_to_dependency(dependency) %> <%= version_groups(dependency) %>
+#### <%= dependency.summary %>
+
+<% if dependency.approved_manually? -%>
+<%= link_to_license(dependency.license) %> manually approved
+
+><%= dependency.manual_approval.notes %>
+
+><cite> <%= dependency.manual_approval.approver %> <%= dependency.manual_approval.safe_created_at.to_date %></cite>
+<% elsif dependency.whitelisted? -%>
+<%= link_to_license(dependency.license) %> whitelisted
 <% else -%>
-### <%= dependency.name %> <%= version_groups -%>
+<%= link_to_license(dependency.license) %> _**unapproved**_
 <% end -%>
-<%
-license_text = (dependency.license.url && !dependency.license.url.empty?) ? "<a href='#{dependency.license.url}'>#{dependency.license.name}</a>" : dependency.license.name
-%>
 
-| Summary | License | Approved? |
-|---------|-------------|---------|
-|<%= dependency.summary %>|<%= license_text %>| <%= dependency.approved? ? 'Yes' : '_*No*_' %> |
-
-<% if dependency.description %>
-<% dependency.description.lines.each{|l| %>> <%= l -%><% } %>
-<% end %>
+<% if dependency.description -%>
+<%= dependency.description %>
+<% end -%>
 <% end -%>

data/license_finder.gemspec

@@ -3,16 +3,16 @@ require './lib/license_finder/platform'
 Gem::Specification.new do |s|
   s.required_ruby_version = '>= 1.9.3'
   s.name        = "license_finder"
-  s.version     = "1.0.0.0"
-  s.authors     = ["Jacob Maine", "Matthew Kane Parker", "Ian Lesperance", "David Edwards", "Paul Meskers", "Brent Wheeldon", "Trevor John", "David Tengdin", "William Ramsey"]
-  s.email       = ["licensefinder@pivotalabs.com"]
+  s.version     = "1.1.1"
+  s.authors     = ["Jacob Maine", "Matthew Kane Parker", "Ian Lesperance", "David Edwards", "Paul Meskers", "Brent Wheeldon", "Trevor John", "David Tengdin", "William Ramsey", "David Dening", "Geoff Pleiss", "Mike Chinigo"]
+  s.email       = ["commoncode@pivotalabs.com"]
   s.homepage    = "https://github.com/pivotal/LicenseFinder"
   s.summary     = "Audit the OSS licenses of your application's dependencies."
 
   s.description = <<-DESCRIPTION
   Do you know the licenses of all your application's dependencies? What open source software licenses will your business accept?
 
-  LicenseFinder culls your Gemfile, detects the licenses of the gems in it, and gives you a report that you can act on. If you already know
+  LicenseFinder culls your package managers, detects the licenses of the packages in them, and gives you a report that you can act on. If you already know
   what licenses your business is comfortable with, you can whitelist them, leaving you with an action report of only those dependencies that have
   licenses that fall outside of the whitelist.
   DESCRIPTION
@@ -26,14 +26,14 @@ Gem::Specification.new do |s|
   s.add_dependency "xml-simple"
   s.add_dependency LicenseFinder::Platform.sqlite_gem
 
-  %w(rspec xpath cucumber pry).each do |gem|
+  %w(rake rspec-its xpath cucumber pry).each do |gem|
     s.add_development_dependency gem
   end
 
+  s.add_development_dependency "rspec", "~> 3"
   s.add_development_dependency "capybara", "~> 2.0.0"
-  s.add_development_dependency "rails", "~> 3.2.0"
   s.add_development_dependency "webmock", "~> 1.13"
-  s.add_development_dependency "rake"
+  s.add_development_dependency "cocoapods" if RUBY_PLATFORM =~ /darwin/
 
   s.files         = `git ls-files`.split("\n")
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")

data/readme.md

@@ -3,10 +3,18 @@
 [![Build Status](https://secure.travis-ci.org/pivotal/LicenseFinder.png)](http://travis-ci.org/pivotal/LicenseFinder)
 [![Code Climate](https://codeclimate.com/github/pivotal/LicenseFinder.png)](https://codeclimate.com/github/pivotal/LicenseFinder)
 
-With bundler and other dependency management tools, it's easy for your project to depend on many packages.  This decomposition is nice, but managing licenses becomes difficult.  License Finder gathers info about the licenses of the packages in your project.
+With bundler and other dependency management tools, it's easy for your project to depend on many packages.  This decomposition is nice, but managing licenses becomes difficult.  license_finder gathers info about the licenses of the packages in your project.
 
-License Finder currently supports ruby gems, python eggs, and node modules. If you are looking to manage licenses on a java/maven project, we recommend using the [license maven plugin](http://mojo.codehaus.org/license-maven-plugin/).
+### Supported project types
+- Ruby (+ Bundler)
+- Python (+ Eggs)
+- Node.js (+ Modules)
+- Bower
 
+### Experimental project types 
+- Java (+ Maven)
+- Java (+ Gradle)
+- Objective-C (+ CocoaPods)
 
 ## Installation
 
@@ -16,15 +24,10 @@ Add license_finder to your project's Gemfile and `bundle`:
 gem 'license_finder'
 ```
 
-#### For gradle projects
-
-You need to install the license gradle plugin: [https://github.com/hierynomus/license-gradle-plugin](https://github.com/hierynomus/license-gradle-plugin)
-
-
 ## Usage
 
 
-License finder will generate reports of action items - i.e., dependencies that do not fall within your license "whitelist".
+license_finder will generate reports of action items - i.e., dependencies that do not fall within your license "whitelist".
 
 ```sh
 $ license_finder
@@ -32,9 +35,9 @@ $ license_finder
 
 (Note) If you wish to run license_finder without the progress spinner use the --quiet option.
 
-License finder will include packages for all supported languages, as long as that language has a Gemfile/requirements.txt/package.json in the project directory.
+license_finder will include packages for all supported languages, as long as that language has a Gemfile/requirements.txt/package.json in the project directory.
 
-On a brand new Rails project, you could expect `license_finder` to output something like the following
+On a brand new Rails project, you could expect license_finder to output something like the following
 (assuming you whitelisted the MIT license -- see [Configuration](#configuration)):
 
 ```
@@ -49,12 +52,12 @@ rubyzip, 0.9.9, ruby
 xml-simple, 1.1.1, other
 ```
 
-The executable task will also write out a dependencies.db, dependencies.csv, and dependencies.html file in the doc/
-directory (by default -- see [Configuration](#configuration)).
+The executable task will also write out a dependencies.db, dependencies.csv, and dependencies.html file (in the doc/
+directory by default -- see [Configuration](#configuration)).
 
 The latter two files are human readable reports that you could send to your non-technical business partners, lawyers, etc.
 
-`license_finder` will also return a non-zero exit status if there are
+license_finder will also return a non-zero exit status if there are
 unapproved dependencies. You could use this in a CI build, for example, to alert you whenever someone adds an
 unapproved dependency to the project.
 
@@ -62,7 +65,7 @@ Run `license_finder help` to see other available commands.
 
 ### Manually setting licenses
 
-When `license_finder` reports that a dependency's license is 'other', you should manually research what the actual
+When license_finder reports that a dependency's license is 'other', you should manually research what the actual
 license is.  When you have established the real license, you can record it with:
 
 ```sh
@@ -73,7 +76,7 @@ This command would assign the MIT license to the dependency `my_unknown_dependen
 
 ### Manually approving dependencies
 
-Whenever you have a dependency that falls outside of your whitelist, `license_finder` will tell you.
+Whenever you have a dependency that falls outside of your whitelist, license_finder will tell you.
 If your business decides that this is an acceptable risk, you can manually approve the dependency by using the
 `license_finder approve` command.
 
@@ -92,52 +95,12 @@ Your business tells you that in this case, it's acceptable to use this gem. You
 $ license_finder approve awesome_gpl_gem
 ```
 
-If you rerun `license_finder`, you should no longer see `awesome_gpl_gem` in the output.
-
-### Managing license whitelist
-
-Licenses can be added to a whitelist that tells LicenseFinder to automatically approve dependencies using the specified licenses.
-These licenses can be managed with the `whitelist` command.
-
-To list licenses currently on the whitelist:
-
-```sh
-$ license_finder whitelist list
-```
-
-To add a licenses to the whitelist:
-
-```sh
-$ license_finder whitelist add MIT [BSD [...]]
-```
+If you rerun license_finder, you should no longer see `awesome_gpl_gem` in the output.
 
-To remove a licenses from the whitelist:
+To record who approved the dependency and why:
 
 ```sh
-$ license_finder whitelist remove MIT [BSD [...]]
-```
-
-### Managing ignored Bundler groups
-
-Bundler groups can be added to an ignore list which will prevent LicenseFinder from evaluating their licenses.
-These groups can be managed with the `ignored_bundler_groups` command.
-
-To list currently ignored Bundler groups:
-
-```sh
-$ license_finder ignored_bundler_groups list
-```
-
-To add a group to the ignored Bundler groups:
-
-```sh
-$ license_finder ignored_bundler_groups add development
-```
-
-To remove a group from the ignored Bundler groups:
-
-```sh
-$ license_finder ignored_bundler_groups remove development
+$ license_finder approve awesome_gpl_gem --approver CTO --message "Go ahead"
 ```
 
 ### Manually managing dependencies
@@ -155,6 +118,12 @@ To automatically approve an unmanaged dependency when you add it, use:
 $ license_finder dependencies add MIT my_js_dep 0.1.2 --approve
 ```
 
+To record who approved the dependency when you add it, use:
+
+```sh
+$ license_finder dependencies add MIT my_js_dep 0.1.2 --approve --approver CTO --message "Go ahead"
+```
+
 The version is optional.  Run `license_finder dependencies help` for additional documentation about
 managing these dependencies.
 
@@ -165,20 +134,10 @@ project, so you can use:
 $ license_finder dependencies remove my_js_dep
 ```
 
-### Managing project name
-
-The HTML report generated by license_finder will have the name of your project at the top. By default, this is set to the name of your working directory. However, this can be changed using the command line:
-
-```sh
-$ license_finder project_name set 'My Project Name'
-```
-
-The changes will be reflected in the report the next time you run license_finder.
-
 
 ## Configuration
 
-The first time you run `license_finder` it will create a default configuration file `./config/license_finder.yml`:
+The first time you run license_finder it will create a default configuration file `./config/license_finder.yml`:
 
 ```yaml
 ---
@@ -188,24 +147,58 @@ whitelist:
 ignore_groups:
 #- test
 #- development
+ignore_dependencies:
+#- bundler
 dependencies_file_dir: './doc/'
 project_name: My Project Name
+gradle_command: # only meaningful if used with a Java/gradle project. Defaults to "gradle".
 ```
 
-By modifying this file, you can configure license_finder's behavior. `Whitelisted` licenses will be automatically approved
-and `ignore_groups` will limit which dependencies are included in your license report.  You can store the license database
-and text files in another directory by changing `dependencies_file_dir`.
+By modifying this file, you can configure license_finder's behavior.
 
+- Licenses in the `whitelist` will be automatically approved.
+- You can exclude test or development dependencies by setting `ignore_groups`.  (Currently this only
+works for Bundler.)
+- You can exclude specific dependencies by setting `ignore_dependencies`.
+(Think carefully before adding dependencies to this list. A likely item to exclude is
+bundler itself, to avoid noisy changes to the doc files when different people run
+license_finder with different versions of bundler.)
+- You can store the license database and text files in another directory by changing 
+`dependencies_file_dir`. And the `project_name`, which defaults to your working
+directory, appears in the [HTML report](#html-report).
+- See below for explanation of "gradle_command".
 
-## HTML Report
+You can also configure license_finder through the command line.  See
+`license_finder whitelist help`, `license_finder ignored_bundler_groups help`
+and `license_finder project_name help` for more details.
+
+### For gradle projects
 
-The HTML report generated by license_finder has two sections, an overview at the top, and then a series of dependency summaries afterwards.
+You need to install the license gradle plugin: [https://github.com/hierynomus/license-gradle-plugin](https://github.com/hierynomus/license-gradle-plugin)
+
+LicenseFinder assumes that gradle is on your shell's include path and is invoked by just calling `gradle`. If you invoke gradle some other way (say, with a custom `gradlew` script), set the `gradle_command` option in your project's `license_finder.yml`:
 
-![HTML Report](files/report_breakdown.png)
+```yaml
+# … other configuration …
 
-The individual dependency summary follows a pattern like this:
+gradle_command: ./gradlew
+```
 
-![HTML Report](files/dependency_breakdown.png)
+By default, license_finder will report on gradle's "runtime" dependencies. If you want to generate a report for some other dependency configuration (e.g. Android projects will sometimes specify their meaningful dependencies in the "compile" group), you can specify it in your project's `build.gradle` like so:
+
+```
+// Must come *after* the 'apply plugin: license' line
+
+downloadLicenses {
+  dependencyConfiguration "compile"
+}
+```
+
+## HTML Report
+
+The HTML report generated by license_finder shows a summary of the project's dependencies
+and dependencies which need to be approved. The project name at the top of the report can
+be set in `config/license_finder.yml`.
 
 ## Upgrade for pre 0.8.0 users
 
@@ -215,7 +208,7 @@ If you wish to cleanup your root directory you can run:
 $ license_finder move
 ```
 
-This will move your dependencies.* files to the /doc directory and update the config.
+This will move your `dependencies.*` files to the doc/ directory and update the config.
 
 
 ## Compatibility
@@ -251,7 +244,11 @@ And add a `LICENSE` file to your gem that contains your license text.
 * Rebase on top of master
 * Send a pull request
 
-To successfully run the test suite, you will need node.js, python and pip installed (pip should not require sudo to work, virtualenv will work for this). If you're running the test suite with jruby, you're probably going to want to set up these environment variables:
+To successfully run the test suite, you will need node.js, python, pip and gradle installed.
+
+For the python dependency tests you will want to have virtualenv installed. See: http://hackercodex.com/guide/python-development-environment-on-mac-osx/#virtualenv (This will allow pip to work without sudo)
+
+If you're running the test suite with jruby, you're probably going to want to set up these environment variables:
 
 ```
 JAVA_OPTS='-client -XX:+TieredCompilation -XX:TieredStopAtLevel=1' JRUBY_OPTS='-J-Djruby.launch.inproc=true'