license_finder 2.0.4 → 2.1.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a3b754e74ea1f89d22e72c1f145618bafbda14aa
-  data.tar.gz: f6a5e9c7f1717e5901a746fc6dcac108e565a78c
+  metadata.gz: eb78a2e040163c6df7ba630164564c8ec297c339
+  data.tar.gz: 3e4cbd76361f6e51dc2295b45fd39a167d87ef5e
 SHA512:
-  metadata.gz: 0eb69ee77b1c8734e3d4b1baef6c1dacca50bf267273926c548f5982e69f1080c50b0cb327fe3c655fa5b4cb9ca1de91fb14b06f64acf63d9e70aa1a42ee035f
-  data.tar.gz: 8a67ab3a162f55da1802a3b551a8a6398f0d2946cc977473052a991331ab3b9f727ee9411c9feec4b8955d09e101df5422eedbd855606886950b53ef1bc9a453
+  metadata.gz: cfb282d10162683776abc72912cbf5a14c782037427e89ebe41965257c4e5bd54a336391b3d1dc401db9db8b9a9050951ee1b5313c5bb329879ba321ded91add
+  data.tar.gz: c246e54f60cfe30cc2c043b5a744e2980a7329dae589a845ca63f2d20d5be4e29b184cbaf5306cf7cf076975be158b2039c84abe673b1b9356883c6dbc6a4cf7

data/.travis.yml

@@ -12,7 +12,7 @@ matrix:
     - rvm: jruby-head
 
 env:
-  - PATH=$PATH:$HOME/gradle/bin:$HOME/rebar
+  - PATH=$PATH:$HOME/gradle/bin:$HOME/rebar:$HOME/go/bin GOPATH=$HOME/go
 
 notifications:
   email:
@@ -26,7 +26,9 @@ before_install:
   - .travis/install_gradle.sh
   - .travis/install_rebar.sh
   - .travis/install_bower.sh
-  - .travis/install_virtualenv.sh
+  - .travis/install_godep.sh
 
-before_script:
-  - source ~/Virtualenvs/lf/bin/activate
+script:
+  - rake install
+  - rake spec
+  - rake features

data/.travis/install_godep.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+set -x
+
+mkdir -p ~/go
+go get github.com/tools/godep

data/.travis/install_gradle.sh

@@ -4,7 +4,7 @@ set -x
 
 pushd /tmp
 
-wget http://services.gradle.org/distributions/gradle-1.11-all.zip
+wget http://services.gradle.org/distributions/gradle-2.4-all.zip
 unzip -q gradle*
 rm gradle*.zip
 mv gradle* ~/gradle

data/.travis/install_rebar.sh

@@ -2,11 +2,13 @@
 set -e
 set -x
 
-pushd /tmp
+pushd ~
 
-wget https://raw.github.com/wiki/rebar/rebar/rebar
-mkdir ~/rebar
-mv rebar ~/rebar/
-chmod u+x ~/rebar/rebar
+git clone --depth 1 git://github.com/rebar/rebar.git
+cd rebar
+./bootstrap
+
+erl -version
+PATH=$HOME/rebar:$PATH rebar --version
 
 popd

data/CHANGELOG.rdoc

@@ -1,3 +1,16 @@
+=== 2.1.0.rc1 / 2015-11-03
+
+* Features
+  * Licenses can be blacklisted.  Dependencies which only have licenses in the
+    blacklist will not be approved, even if someone tries.
+  * Initial support for the Nuget package manager for .NET projects
+  * Experimental support for `godep` projects
+  * Experimental support for "golang workspace" projects (with .envrc)
+  * Improved support for multi-module `gradle` projects
+  * Gradle 2.x support (experimental)
+  * Experimental support for "composite" projects (multiple git submodules)
+  * Experimental support for "license diffs" between directories
+
 === 2.0.4 / 2015-04-16
 
 * Features

data/CONTRIBUTING.md

@@ -25,8 +25,22 @@ can be detected in many different ways.
 
 ## Adding Reports
 
-If you need `license_finder` to output additional data, consider adding new
-columns to `lib/license_finder/reports/csv_report.rb`.
+If you need `license_finder` to output additional package data, consider
+submitting a pull request which adds new columns to
+`lib/license_finder/reports/csv_report.rb`.
+
+It is also possible to generate a custom report from an ERB template.  Use this
+[example](https://gist.github.com/mainej/b190d2f138c2b9e2e20a) as a starting
+point.  These reports will have access to the helpers in
+[`LicenseFinder::ErbReport`](https://github.com/pivotal/LicenseFinder/blob/master/lib/license_finder/reports/erb_report.rb).
+
+If you need a report with more detailed data or in a different format, we
+recommend writing a custom ruby script.  This
+[example](https://gist.github.com/mainej/48ac616844505d50f510) will get you
+started.
+
+If you come up with something useful, consider posting it to the Google Group
+[license-finder@googlegroups.com](license-finder@googlegroups.com).
 
 
 ## Development Dependencies

data/README.md

@@ -27,10 +27,26 @@ report.
 * Java (via `gradle`)
 * Erlang (via `rebar`)
 * Objective-C (+ CocoaPods)
+* Nuget (without license discovery)
+* Godep
+* Go workspace (via a `.envrc` file)
 
 
 ## Installation
 
+License Finder requires Ruby 1.9.3 or greater to run. If you have an older
+version of Ruby installed, you can update via Homebrew:
+
+```sh
+$ ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
+```
+
+then:
+
+```sh
+$ brew install ruby
+```
+
 The easiest way to use `license_finder` is to install it as a command
 line tool, like brew, awk, gem or bundler:
 
@@ -52,7 +68,9 @@ problem, see [Excluding Dependencies](#excluding-dependencies).
 
 ## Usage
 
-The first time you run `license_finder` it will output a report of all your project's packages.
+Make sure your dependencies are installed (with your package manager's install command: `bundle install`, `npm install`, etc.)
+
+The first time you run `license_finder` it will list all your project's packages.
 
 ```sh
 $ license_finder
@@ -97,6 +115,7 @@ languages, as long as that language has a package definition in the project dire
 * `bower.json` (for `bower`)
 * `Podfile` (for CocoaPods)
 * `rebar.config` (for `rebar`)
+* `packages/` directory (for `Nuget`)
 
 
 ### Continuous Integration
@@ -202,6 +221,9 @@ all of your project's dependencies and includes information about which need to
 be approved. The project name at the top of the report can be set with
 `license_finder project_name add`.
 
+See [CONTRIBUTING.md](https://github.com/pivotal/LicenseFinder/blob/master/CONTRIBUTING.md#adding-reports)
+for advice about adding and customizing reports.
+
 
 ## Manual Intervention
 
@@ -244,7 +266,7 @@ $ license_finder dependencies remove my_js_dep
 Sometimes a project will have development or test dependencies which
 you don't want to track.  You can exclude theses dependencies by running
 `license_finder ignored_groups`.  (Currently this only works for packages
-managed by Bundler.)
+managed by Bundler, NPM, and Nuget.)
 
 On rare occasions a package manager will report an individual dependency
 that you want to exclude from all reports, even though it is approved.
@@ -255,6 +277,15 @@ since it is a common dependency whose version changes from machine to
 machine.  Adding it to the `ignored_dependencies` would prevent it
 (and its oscillating versions) from appearing in reports.
 
+### Blacklisting Licenses
+
+Some projects will have a list of licenses that cannot be used.  You can add
+these licenses to the blacklist `license_finder blacklist add`.  Any dependency
+that has exclusively blacklisted licenses will always appear in the action
+items, even if someone attempts to manually approve or whitelist it.  However,
+if a dependency has even one license outside of the blacklist, it can still be
+manually approved or whitelisted.
+
 
 ## Configuration
 
@@ -291,10 +322,11 @@ rebar_deps_dir: './rebar_deps'
 
 ### Gradle Projects
 
-You need to install the license gradle plugin:
+`license_finder` supports both Gradle 1.x and Gradle 2.x. You need to have installed
+the license-gradle-plugin in your project:
 [https://github.com/hierynomus/license-gradle-plugin](https://github.com/hierynomus/license-gradle-plugin)
 
-By default, `license_finder` will report on gradle's "runtime" dependencies. If
+By default, `license_finder` will report on Gradle's "runtime" dependencies. If
 you want to generate a report for some other dependency configuration (e.g.
 Android projects will sometimes specify their meaningful dependencies in the
 "compile" group), you can specify it in your project's `build.gradle`:
@@ -308,6 +340,11 @@ downloadLicenses {
 ```
 
 
+### Maven Projects
+
+`license_finder` supports Maven.
+
+
 ## Requirements
 
 `license_finder` requires ruby >= 1.9, or jruby.

data/Rakefile

@@ -32,13 +32,19 @@ task :check_dependencies do
     "pip" => "Pip",
     "gradle" => "Gradle",
     "bower" => "Bower",
-    "rebar" => "Rebar"
+    "rebar" => "Rebar",
+    "godep" => "Go"
   }
   dependencies["pod"] = "Cocoapods" if LicenseFinder::Platform.darwin?
   satisfied = true
   dependencies.each do |dependency, description|
     printf "checking dev dependency for #{description} ... "
-    `which #{dependency}` ; status = $?
+    if LicenseFinder::Platform.windows?
+      `where #{dependency} 2>NUL`
+    else
+      `which #{dependency} 2>/dev/null`
+    end
+    status = $?
     if status.success?
       puts "OK"
     else

data/features/features/{cli_spec.rb → cli/cli_spec.rb}

@@ -1,4 +1,4 @@
-require 'feature_helper'
+require_relative '../../support/feature_helper'
 
 describe "License Finder command line executable" do
   # As a developer
@@ -7,23 +7,6 @@ describe "License Finder command line executable" do
 
   let(:developer) { LicenseFinder::TestingDSL::User.new }
 
-  specify "reports unapproved dependencies" do
-    developer.create_empty_project
-    developer.execute_command("license_finder dependencies add unapproved_gem Whatever")
-
-    developer.run_license_finder
-    expect(developer).to be_receiving_exit_code(1)
-    expect(developer).to be_seeing 'unapproved_gem'
-  end
-
-  specify "reports that all dependencies are approved" do
-    developer.create_empty_project
-
-    developer.run_license_finder
-    expect(developer).to be_receiving_exit_code(0)
-    expect(developer).to be_seeing 'All dependencies are approved for use'
-  end
-
   specify "shows usage and subcommand help" do
     developer.create_empty_project
 
@@ -40,4 +23,27 @@ describe "License Finder command line executable" do
     developer.run_license_finder
     expect(developer).to be_seeing_something_like /license_finder.*MIT/
   end
+
+  it "reports dependencies' licenses" do
+    developer.create_ruby_app # has license_finder as a dependency, which has thor as a dependency
+
+    developer.run_license_finder
+    expect(developer).to be_seeing_something_like /thor.*MIT/
+  end
+
+  specify "runs default command" do
+    developer.create_empty_project
+
+    developer.run_license_finder
+    expect(developer).to be_receiving_exit_code(0)
+    expect(developer).to be_seeing 'All dependencies are approved for use'
+  end
+
+  specify "displays an error if project_path does not exist" do
+    developer.create_empty_project
+
+    developer.execute_command('license_finder report --project-path=/path/that/does/not/exist')
+    expect(developer).to be_seeing("Project path '/path/that/does/not/exist' does not exist!")
+    expect(developer).to be_receiving_exit_code(1)
+  end
 end

data/features/features/configure/add_dependencies_spec.rb

@@ -1,4 +1,4 @@
-require 'feature_helper'
+require_relative '../../support/feature_helper'
 
 describe "Manually Added Dependencies" do
   # As a developer
@@ -34,4 +34,21 @@ describe "Manually Added Dependencies" do
     developer.execute_command 'license_finder dependencies list'
     expect(developer).to_not be_seeing 'manual_dep'
   end
+
+  specify "does not report dependencies that are manually removed" do
+    developer.create_empty_project
+    developer.execute_command("license_finder dependencies add test_gem Random_License 0.0.1")
+
+    developer.run_license_finder
+
+    expect(developer).to be_receiving_exit_code(1)
+    expect(developer).to be_seeing 'test_gem'
+
+    developer.execute_command("license_finder dependencies remove test_gem")
+
+    developer.run_license_finder
+
+    expect(developer).to be_receiving_exit_code(0)
+    expect(developer).not_to be_seeing 'test_gem'
+  end
 end

data/features/features/configure/approve_dependencies_spec.rb

@@ -1,4 +1,4 @@
-require 'feature_helper'
+require_relative '../../support/feature_helper'
 
 describe "Manually Approved Dependencies" do
   # As a developer
@@ -28,4 +28,34 @@ describe "Manually Approved Dependencies" do
       expect(section).to have_content "We really need this"
     end
   end
+
+  specify "reports unapproved dependencies" do
+    developer.create_empty_project
+    developer.execute_command("license_finder dependencies add test_gem Random_License 0.0.1")
+    developer.execute_command("license_finder approvals add test_gem")
+
+    developer.run_license_finder
+
+    expect(developer).to be_receiving_exit_code(0)
+    expect(developer).not_to be_seeing 'test_gem'
+
+    developer.execute_command("license_finder approvals remove test_gem")
+
+    developer.run_license_finder
+
+    expect(developer).to be_receiving_exit_code(1)
+    expect(developer).to be_seeing 'test_gem'
+  end
+
+  specify "reports only unapproved dependencies, no approved dependencies" do
+    developer.create_empty_project
+    developer.execute_command("license_finder dependencies add unapproved_gem Random_License 0.0.1")
+    developer.execute_command("license_finder dependencies add approved_gem Random_License 0.0.1")
+    developer.execute_command("license_finder approvals add approved_gem")
+
+    developer.run_license_finder
+    expect(developer).to be_receiving_exit_code(1)
+    expect(developer).to be_seeing 'unapproved_gem'
+    expect(developer).not_to be_seeing 'approved_gem '
+  end
 end

data/features/features/configure/assign_licenses_spec.rb

@@ -1,4 +1,4 @@
-require 'feature_helper'
+require_relative '../../support/feature_helper'
 
 describe "Manually Assigned Licenses" do
   # As a developer
@@ -7,7 +7,7 @@ describe "Manually Assigned Licenses" do
 
   let(:developer) { LicenseFinder::TestingDSL::User.new }
 
-  specify "are shown in reports" do
+  specify "are shown in cli after being added, and default license is not shown" do
     project = developer.create_ruby_app
     gem = developer.create_gem 'mislicensed_dep', license: 'Unknown'
     project.depend_on gem
@@ -17,4 +17,19 @@ describe "Manually Assigned Licenses" do
     expect(developer).not_to be_seeing_something_like /mislicensed_dep.*Unknown/
     expect(developer).to be_seeing_something_like /mislicensed_dep.*Known/
   end
-end
+
+  specify "can be removed, revealing the default license for a dependency" do
+    project = developer.create_ruby_app
+    gem = developer.create_gem 'mislicensed_dep', license: 'Default'
+    project.depend_on gem
+    developer.execute_command 'license_finder licenses add mislicensed_dep Manual_license'
+
+    developer.run_license_finder
+    expect(developer).to be_seeing_something_like /mislicensed_dep.*Manual_license/
+
+    developer.execute_command 'license_finder licenses remove mislicensed_dep Manual_license'
+
+    developer.run_license_finder
+    expect(developer).to be_seeing_something_like /mislicensed_dep.*Default/
+  end
+end

data/features/features/configure/blacklist_licenses_spec.rb

@@ -0,0 +1,30 @@
+require_relative '../../support/feature_helper'
+
+describe "Blacklisted licenses" do
+  # As a lawyer
+  # I want to blacklist certain licenses
+  # So that any dependencies with only these licenses cannot be approved
+
+  let(:developer) { LicenseFinder::TestingDSL::User.new }
+  let(:lawyer) { LicenseFinder::TestingDSL::User.new }
+
+  before do
+    developer.create_empty_project
+    lawyer.execute_command 'license_finder blacklist add BSD'
+    developer.execute_command 'license_finder dependencies add blacklisted_dep BSD'
+  end
+
+  specify "prevent packages from being approved" do
+    developer.execute_command 'license_finder approval add blacklisted_dep'
+
+    lawyer.run_license_finder
+    expect(lawyer).to be_seeing 'blacklisted_dep'
+  end
+
+  specify "override the whitelist" do
+    developer.execute_command 'license_finder whitelist add BSD'
+
+    lawyer.run_license_finder
+    expect(lawyer).to be_seeing 'blacklisted_dep'
+  end
+end

data/features/features/configure/ignore_dependencies_spec.rb

@@ -1,4 +1,4 @@
-require 'feature_helper'
+require_relative '../../support/feature_helper'
 
 describe "Ignored Dependencies" do
   # As a developer

data/features/features/configure/ignore_groups_spec.rb

@@ -1,4 +1,5 @@
-require 'feature_helper'
+require_relative '../../support/feature_helper'
+require 'bundler'
 
 describe "Ignored Groups" do
   # As a developer
@@ -17,6 +18,20 @@ describe "Ignored Groups" do
     expect(developer).to_not be_seeing 'dev_gem'
   end
 
+  specify "and their dependencies are excluded from reports" do
+    project = developer.create_ruby_app
+    gem = developer.create_gem 'dev_gem', license: 'GPL', dependencies: 'jwt'
+
+    # with_clean_env allows jwt to be installed, despite the fact
+    # that it isn't one of license_finder's own dependencies
+    ::Bundler.with_clean_env do
+      project.depend_on gem, groups: ['dev']
+      developer.execute_command 'license_finder ignored_group add dev'
+      developer.run_license_finder
+      expect(developer).to_not be_seeing 'jwt'
+    end
+  end
+
   specify "appear in the CLI" do
     developer.create_empty_project
     developer.execute_command 'license_finder ignored_group add dev'