license_finder 5.0.0 → 5.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fc4eb2dc999e63e0e940edc1adaba70c722f53b8
-  data.tar.gz: e2439059250e4ec5e0db823bd911f5ddb360a772
+  metadata.gz: 58979bd0f908773f5736e2a9bb808fb6a5f7872d
+  data.tar.gz: 001cd6b9bfe0d26a7a8b1a3b9cfce1b028b31cfc
 SHA512:
-  metadata.gz: b6b05a9967e640c0c56423d062a3a4ae279217a51758be4f88ac4feae8d271222add27f586664bf79c8ae621cfda9495e40df7a500fa50650aa749bb0f8a58b0
-  data.tar.gz: 0f6365ebe0ad2fc32ead860a0b1a55dc29bf138f4c45e3d412e281f00ff26fa7cbbf154bd9c4ce1fcf2336682b29c25a6ae538d911e0f8281c94249cc9d08c0b
+  metadata.gz: c198140b0eebf2f4f38f1748a74402a25a096b122abee79e15a01ca67a6f3cfd485cf447c87574181fbf7c53f0736442098f6dfc314355e2c66548039763899f
+  data.tar.gz: 1b2bd5f74c17ecb9e003cdf20fe90efa7f5fc1f3cb722938eb1057781692f04d27dd63fb131ba84bf17bd0e0aed42d7a1c0e5ae640491d788e3224704e604dcd

data/CHANGELOG.md

@@ -1,3 +1,29 @@
+# [5.0.1] / 2018-02-06
+
+### Fixed
+* Add conditional production flag to npm - [533f9b8](https://github.com/pivotal/LicenseFinder/commit/533f9b8fda250655f3613444da49fdce60215237) 
+* conan install & info commands - [322e64c](https://github.com/pivotal/LicenseFinder/commit/322e64c402f4e45d97c6f3bf67c3ffdaabbb359f) 
+* Duplicate approvals in decisions file - [a8e6141](https://github.com/pivotal/LicenseFinder/commit/a8e6141cd7ac7ed2aa10b35c55954a48bacf3523) 
+* log path issues - [9f1bae1](https://github.com/pivotal/LicenseFinder/commit/9f1bae12c88771229e0a919876f4de6bcad31677) 
+
+* Fix yarn not working with --project_path option - [c6ed08d](https://github.com/pivotal/LicenseFinder/commit/c6ed08dd8342dec9fcc3e6377f88d5ef01600928) 
+
+# [5.0.0] / 2018-01-15
+
+### Added
+* NPM prepare - [e7a0d30](https://github.com/pivotal/LicenseFinder/commit/e7a0d30cb77e5503b5a934b26dbd3dc272dc5605) 
+* Specify log directory for prepare - [b9a5991](https://github.com/pivotal/LicenseFinder/commit/b9a599171f3fda2affa9381d998e2158a2bf7fac) 
+
+* Added prepare step for elixir projects - [38b08ea](https://github.com/pivotal/LicenseFinder/commit/38b08eae23b6b0c2bbaa3aea7845ab6a8d9b028b) 
+
+### Fixed
+* Action_items resolves decisions file path - [c2a92ab](https://github.com/pivotal/LicenseFinder/commit/c2a92ab62203efb890dfeb1798d377c8d835feb6) 
+
+* Bower prepare step - [bb11d7f](https://github.com/pivotal/LicenseFinder/commit/bb11d7f07cc5e436381f01245a46033af6bb2d3b) 
+
+### Changed
+* Package Manager will now log if prepare step fails. Instead of erroring out - [54da71e](https://github.com/pivotal/LicenseFinder/commit/54da71e98f14cd199c39dfd7b762030fcac60ccb) 
+
 # [4.0.2] / 2017-11-16
 
 ### Fixed
@@ -519,3 +545,5 @@ Bugfixes:
 [3.0.2]: https://github.com/pivotal/LicenseFinder/compare/v3.0.1...v3.0.2
 [3.0.1]: https://github.com/pivotal/LicenseFinder/compare/v3.0.0...v3.0.1
 [3.0.0]: https://github.com/pivotal/LicenseFinder/compare/v2.1.2...v3.0.0
+[5.0.0]: https://github.com/pivotal/LicenseFinder/compare/v4.0.2...v5.0.0
+[5.0.1]: https://github.com/pivotal/LicenseFinder/compare/v5.0.0...v5.0.1

data/Dockerfile

@@ -77,8 +77,8 @@ ENV LANGUAGE=en_US:en
 ENV LC_ALL=en_US.UTF-8
 
 #install rvm
-RUN gpg --keyserver hkp://pgp.mit.edu --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 && \
-    curl -sSL https://raw.githubusercontent.com/wayneeseguin/rvm/stable/binscripts/rvm-installer | sudo bash -s stable --ruby=2.4.1
+RUN curl -sSL https://rvm.io/mpapis.asc | gpg --import && \
+    curl -sSL https://get.rvm.io | sudo bash -s stable --ruby=2.4.1
 ENV PATH=/usr/local/rvm/bin:$PATH
 
 #install mix
@@ -93,6 +93,7 @@ RUN bash -lc "gem update --system && gem install bundler"
 
 # install conan
 RUN apt-get install -y python-dev && \
+	pip install --upgrade setuptools && \
 	pip install conan
 
 # install license_finder

data/README.md

@@ -3,11 +3,11 @@
 [![Code Climate](https://codeclimate.com/github/pivotal/LicenseFinder.png)](https://codeclimate.com/github/pivotal/LicenseFinder)
 
 Build status
-* Ruby 2.1.5 [![Ruby 2.1.5 build status](https://osl.ci.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.1.5/badge)](https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder)
-* Ruby 2.2.0 [![Ruby 2.2.0 build status](https://osl.ci.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.2.0/badge)](https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder)
-* Ruby 2.3.0 [![Ruby 2.3.0 build status](https://osl.ci.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.3.0/badge)](https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder)
-* Ruby 2.4.1 [![Ruby 2.4.1 build status](https://osl.ci.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.4.1/badge)](https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder)
-* JRuby 9.0.4.0 [![JRuby 9.0.4.0 build status](https://osl.ci.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-jruby-9.0.4.0/badge)](https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder)
+* Ruby 2.1.5 [![Ruby 2.1.5 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.1.5/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
+* Ruby 2.2.0 [![Ruby 2.2.0 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.2.0/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
+* Ruby 2.3.0 [![Ruby 2.3.0 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.3.0/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
+* Ruby 2.4.1 [![Ruby 2.4.1 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.4.1/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
+* JRuby 9.0.4.0 [![JRuby 9.0.4.0 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-jruby-9.0.4.0/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
 
 
 LicenseFinder works with your package managers to find dependencies,
@@ -16,7 +16,7 @@ against a user-defined whitelist, and give you an actionable exception
 report.
 
 * code: https://github.com/pivotal/LicenseFinder
-* ci: https://osl.ci.cf-app.com/teams/main/pipelines/LicenseFinder
+* ci: https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder
 * docker: [licensefinder/license_finder](https://hub.docker.com/r/licensefinder/license_finder/)
   * the docker image contains all the package managers needed to run `license_finder`
 * support:
@@ -439,6 +439,15 @@ end
 
 And save a `LICENSE` file which contains your license text in your repo.
 
+## Known issues with specific package managers
+
+* Bundler
+   * When using `--project-path`, Bundler cannot find the Gemfile.
+   
+* Yarn
+   * A module that is incompatible with the platform on which 
+     license_finder is run will always be reported to have a license type
+     of "unknown". (#456)
 
 ## Support
 

data/Rakefile

@@ -62,6 +62,13 @@ task :update_pipeline, [:slack_url, :slack_channel] do |_, args|
   system(cmd)
 end
 
+desc 'Configure release pipeline'
+task :update_release_pipeline do
+  cmd = 'bash -c "fly -t osl set-pipeline -n -p LicenseFinder-release --config ci/pipelines/release.yml"'
+
+  system(cmd)
+end
+
 task spec: :check_dependencies
 task features: :check_dependencies
 

data/ci/pipelines/pipeline.yml.erb

@@ -52,7 +52,7 @@ jobs:
     params:
       channel: '<%= slack_channel %>'
       icon_emoji: ':crying_cat_face:'
-      text: '<%= "License Finder build failed. Build: https://osl.ci.cf-app.com/teams/main/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME" %>'
+      text: '<%= "License Finder build failed. Build: https://norsk.cf-app.com/teams/main/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME" %>'
 <% end %>
 <% end %>
 
@@ -62,7 +62,7 @@ jobs:
     params:
       channel: '<%= slack_channel %>'
       icon_emoji: ':crying_cat_face:'
-      text: '<%= "License Finder build failed. Build: https://osl.ci.cf-app.com/teams/main/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME" %>'
+      text: '<%= "License Finder build failed. Build: https://norsk.cf-app.com/teams/main/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME" %>'
 <% end %>
 
 <% ruby_versions.each do |ruby_version| %>
@@ -96,7 +96,7 @@ jobs:
     params:
       channel: '<%= slack_channel %>'
       icon_emoji: ':crying_cat_face:'
-      text: '<%= "License Finder build failed. Build: https://osl.ci.cf-app.com/teams/main/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME" %>'
+      text: '<%= "License Finder build failed. Build: https://norsk.cf-app.com/teams/main/pipelines/$BUILD_PIPELINE_NAME/jobs/$BUILD_JOB_NAME/builds/$BUILD_NAME" %>'
 <% end %>
 <% end %>
 

data/ci/pipelines/release.yml

@@ -23,9 +23,27 @@ resources:
 
 jobs:
 
+- name: patch-version
+  plan:
+  - get: lf-git
+  - get: lf-image
+    params:
+      save: true
+  - task: bump-version
+    params:
+      image: lf-image
+      GIT_USERNAME: ((GithubApiUser))
+      GIT_EMAIL: ((GithubApiEmail))
+    file: lf-git/ci/tasks/bump-patch-version.yml
+  - put: lf-git
+    params:
+      repository: lf-git-changed
+
 - name: release
   plan:
   - get: lf-git
+    trigger: true
+    passed: [ patch-version ]
   - get: lf-image
     params:
       save: true
@@ -44,6 +62,9 @@ jobs:
   - task: build-and-push-gem
     image: lf-image
     params:
+      GIT_USERNAME: ((GithubApiUser))
+      GIT_EMAIL: ((GithubApiEmail))
+      GIT_PRIVATE_KEY: ((CfOslBotPrivateKey))
       GEM_API_KEY: ((LicenseFinderGemApiKey))
     file: lf-git/ci/tasks/build-and-push-gem.yml
   - put: lf-git

data/ci/scripts/bump-patch-version.sh

@@ -0,0 +1,26 @@
+#!/bin/bash --login
+
+set -e
+
+git clone lf-git lf-git-changed
+
+VERSION_FILE="./lf-git-changed/lib/license_finder/version.rb"
+
+VERSION="$(ruby -r "$VERSION_FILE" -e "puts LicenseFinder::VERSION")"
+
+OLD_PATCH=$(cut -d'.' -f3 <<<"$VERSION")
+
+NEW_PATCH=$(echo $((++OLD_PATCH)))
+
+NEW_VERSION="$(cut -d'.' -f1,2 <<<"$VERSION").$NEW_PATCH"
+
+sed -i.bak "s/$VERSION/$NEW_VERSION/g" "$VERSION_FILE"
+
+cd lf-git-changed
+git config --global user.email $GIT_EMAIL
+git config --global user.name $GIT_USERNAME
+
+git add "lib/license_finder/version.rb"
+git commit -m "Update patch version to: $NEW_VERSION"
+
+exit 0

data/ci/scripts/containerize-tests.sh

@@ -4,7 +4,7 @@ set -e
 
 apk update && apk add git
 source /opt/resource/common.sh
-start_docker
+start_docker 3 3
 
 pushd LicenseFinder
   if [ ! -z "$(git diff master Dockerfile)" ]; then

data/ci/scripts/pushscript.sh

@@ -7,8 +7,22 @@ cd lf-git
 build_version=$(ruby -r ./lib/license_finder/version.rb -e "puts LicenseFinder::VERSION")
 built_gem="pkg/license_finder-$build_version.gem"
 
+git config --global user.email $GIT_EMAIL
+git config --global user.name $GIT_USERNAME
+
+mkdir ~/.ssh
+ssh-keyscan github.com >> ~/.ssh/known_hosts
+eval "$(ssh-agent -s)"
+echo "$GIT_PRIVATE_KEY" > ~/.ssh/id_rsa
+chmod 600 ~/.ssh/id_rsa
+ssh-add -k ~/.ssh/id_rsa
+
 if [ -z "$(gem fetch license_finder -v $build_version 2>&1 | grep ERROR)" ]; then
-  exit 0
+  echo "LicenseFinder-$build_version already exists on Rubygems"
+else
+  rake release
 fi
 
-rake release
+export EXIT_STATUS=$?
+kill $(ps aux | grep ssh-agent | head -n 1 | awk '{print $2}')
+exit $EXIT_STATUS

data/ci/tasks/build.yml

@@ -4,7 +4,7 @@ image_resource:
   type: docker-image
   source:
     repository: concourse/docker-image-resource
-    tag: pr-141
+    tag: latest
 
 inputs:
 - name: LicenseFinder

data/ci/tasks/bump-patch-version.yml

@@ -0,0 +1,13 @@
+---
+image_resource:
+  type: docker-image
+  source:
+    repository: licensefinder/license_finder
+    tag: latest
+platform: linux
+inputs:
+- name: lf-git
+outputs:
+- name: lf-git-changed
+run:
+  path: lf-git/ci/scripts/bump-patch-version.sh

data/dlf

@@ -1,6 +1,10 @@
 #!/bin/bash
 if `which docker > /dev/null`; then
-  docker run -v $PWD:/scan -it licensefinder/license_finder /bin/bash -lc "cd /scan && `echo $@`"
+	if [ $# -eq 0 ]; then
+  		docker run -v $PWD:/scan -it licensefinder/license_finder /bin/bash -lc "cd /scan && /bin/bash -l"
+	else
+  		docker run -v $PWD:/scan -it licensefinder/license_finder /bin/bash -lc "cd /scan && bundle install && `echo $@`"
+	fi
 else
   echo "You do not have docker installed. Please install it:"
   echo "    https://docs.docker.com/engine/installation/"

data/lib/license_finder/cli/base.rb

@@ -8,7 +8,7 @@ module LicenseFinder
       class_option :decisions_file,
                    desc: 'Where decisions are saved. Defaults to doc/dependency_decisions.yml.'
       class_option :log_directory,
-                   desc: 'Where logs are saved. Defaults to ./lf_logs/$PROJECT/$PACKAGE_MANAGER.log'
+                   desc: 'Where logs are saved. Defaults to ./lf_logs/$PROJECT/prepare_$PACKAGE_MANAGER.log'
 
       no_commands do
         def decisions

data/lib/license_finder/configuration.rb

@@ -46,7 +46,12 @@ module LicenseFinder
 
     def log_directory
       path = get(:log_directory) || 'lf_logs'
-      project_path.join(path).expand_path
+
+      if (aggregate_paths || recursive) && project_path == ''
+        Pathname(path).expand_path
+      else
+        project_path.join(path).expand_path
+      end
     end
 
     def project_path

data/lib/license_finder/decisions.rb

@@ -51,8 +51,8 @@ module LicenseFinder
     #######
 
     TXN = Struct.new(:who, :why, :safe_when, :safe_versions) do
-      def self.from_hash(txn)
-        new(txn[:who], txn[:why], txn[:when], txn[:versions].nil? ? [] : txn[:versions])
+      def self.from_hash(txn, versions)
+        new(txn[:who], txn[:why], txn[:when], versions || [])
       end
     end
 
@@ -96,10 +96,8 @@ module LicenseFinder
 
       versions = []
       versions = @approvals[name][:safe_versions] if @approvals.key?(name)
-
-      @approvals[name] = TXN.from_hash(txn)
-
-      @approvals[name][:safe_versions].concat(versions)
+      @approvals[name] = TXN.from_hash(txn, versions)
+      @approvals[name][:safe_versions].concat(txn[:versions]) unless txn[:versions].nil?
       self
     end
 

data/lib/license_finder/license_aggregator.rb

@@ -34,6 +34,7 @@ module LicenseFinder
                    @aggregate_paths.map do |path|
                      # Passing file paths as values instead of allowing them to evaluate in config
                      LicenseFinder::Core.new(@config.merge(project_path: path,
+                                                           log_directory: @config.log_directory || @config.project_path,
                                                            decisions_file: @config.decisions_file_path))
                    end
                  end

data/lib/license_finder/package_manager.rb

@@ -61,6 +61,7 @@ module LicenseFinder
       @logger       = options[:logger] || Core.default_logger
       @project_path = options[:project_path]
       @log_directory = options[:log_directory]
+      @ignored_groups = options[:ignored_groups]
     end
 
     def active?
@@ -74,7 +75,7 @@ module LicenseFinder
 
     def prepare
       if self.class.prepare_command
-        _stdout, stderr, status = Cmd.run(self.class.prepare_command)
+        _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(self.class.prepare_command) }
         unless status.success?
           log_errors stderr
           raise "Prepare command '#{self.class.prepare_command}' failed" unless @prepare_no_fail

data/lib/license_finder/package_managers/conan.rb

@@ -7,8 +7,8 @@ module LicenseFinder
     end
 
     def current_packages
-      install_command = 'conan install'
-      info_command = 'conan info'
+      install_command = 'conan install .'
+      info_command = 'conan info .'
       Dir.chdir(project_path) { Cmd.run(install_command) }
       info_output, _stderr, _status = Dir.chdir(project_path) { Cmd.run(info_command) }
 

data/lib/license_finder/package_managers/npm.rb

@@ -19,14 +19,27 @@ module LicenseFinder
       [project_path.join('package.json')]
     end
 
+    def prepare
+      prep_cmd = "#{NPM.prepare_command}#{production_flag}"
+      _stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(prep_cmd) }
+      return if status.success?
+      log_errors stderr
+      raise "Prepare command '#{prep_cmd}' failed" unless @prepare_no_fail
+    end
+
     private
 
     def npm_json
-      command = "#{NPM.package_management_command} list --json --long"
+      command = "#{NPM.package_management_command} list --json --long#{production_flag}"
       stdout, stderr, status = Dir.chdir(project_path) { Cmd.run(command) }
       raise "Command '#{command}' failed to execute: #{stderr}" unless status.success?
 
       JSON.parse(stdout)
     end
+
+    def production_flag
+      return '' if @ignored_groups.nil?
+      @ignored_groups.include?('devDependencies') ? ' --production' : ''
+    end
   end
 end

data/lib/license_finder/package_managers/nuget.rb

@@ -53,7 +53,7 @@ module LicenseFinder
       Zip::File.open file do |zipfile|
         content = zipfile.read(dep.name + '.nuspec')
         xml = REXML::Document.new(content)
-        REXML::XPath.match(xml, '//metadata//licenseUrl').map(&:get_text)
+        REXML::XPath.match(xml, '//metadata//licenseUrl').map(&:get_text).map(&:to_s)
       end
     end
 

data/lib/license_finder/package_managers/yarn.rb

@@ -7,7 +7,11 @@ module LicenseFinder
     end
 
     def current_packages
-      stdout, _stderr, status = Cmd.run(Yarn::SHELL_COMMAND)
+      cmd = Yarn::SHELL_COMMAND
+      suffix = " --cwd #{project_path}" unless project_path.nil?
+      cmd += suffix unless suffix.nil?
+
+      stdout, _stderr, status = Cmd.run(cmd)
       return [] unless status.success?
 
       packages = []

data/lib/license_finder/version.rb

@@ -1,3 +1,3 @@
 module LicenseFinder
-  VERSION = '5.0.0'.freeze
+  VERSION = '5.0.2'.freeze
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: license_finder
 version: !ruby/object:Gem::Version
-  version: 5.0.0
+  version: 5.0.2
 platform: ruby
 authors:
 - Ryan Collins
@@ -27,7 +27,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-01-15 00:00:00.000000000 Z
+date: 2018-02-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -311,6 +311,7 @@ files:
 - bin/license_finder_pip.py
 - ci/pipelines/pipeline.yml.erb
 - ci/pipelines/release.yml
+- ci/scripts/bump-patch-version.sh
 - ci/scripts/containerize-tests.sh
 - ci/scripts/pushscript.sh
 - ci/scripts/run-rubocop.sh
@@ -320,6 +321,7 @@ files:
 - ci/tasks/build-and-push-gem.yml
 - ci/tasks/build-windows.yml
 - ci/tasks/build.yml
+- ci/tasks/bump-patch-version.yml
 - ci/tasks/rubocop.yml
 - ci/tasks/update-changelog.yml
 - dlf