license_finder 6.12.2 → 6.13.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: c85ec7cd64df538fe5b99e3984a2ef369c8c09d73c7c07ac72ed39b246054dc1
-  data.tar.gz: 3c22d0d435a980d2a7853492f7043c7fabc67a2e8a6fede8fc74abdd86b8d4fe
+  metadata.gz: 81a1d40948fcecd79b16e2e4865e6f5526766555215edd838b346342546783df
+  data.tar.gz: a4f8021b36ae39ef95cab4234b7fc628de8bde6e00f348be381d334545eaec15
 SHA512:
-  metadata.gz: f2f62d260d5d8a3f6090f4ceefa4ab1145b301b35cdd2489049936739a2aea3553b30ab112996c04c27c6dd2bcf3fe0f010f6d5b8eedb1e8ea5b22960d4534c2
-  data.tar.gz: 58f912ce7df4de805fb8a6b80ff1fb39608254bb9e955618d4b8b96d9b2c5a9f1e65b03701f96057b848338c44a3d1eb444c4e09f19f7d8be19f6f1ccbc7a774
+  metadata.gz: 0ee3c694d2a2410a4d5adbd0322050856403f66a9c4a80f7c4687bb668c9b86ba0d8835046366d9c2c64747eb972828fece491f172a90ddc8ca9c5582890e8fd
+  data.tar.gz: 4cf78f8b7e9a284d60bddc97c4d2eb5fe1ac1f1010ac347c86ced7d1d24a036cdaf15ca9ec514b48b67ab389f5bc19ea55844bfa115fdb6ec2f535c4610e19ac

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+# [6.13.0] / 2021-04-27
+
+### Fixed
+* Ignore packages with nil modules - [4eca0ec1](https://github.com/pivotal/LicenseFinder/commit/4eca0ec15dc6266afa48b74b3742278351246eb8) 
+
 # [6.12.2] / 2021-04-14
 
 ### Changed
@@ -948,3 +953,4 @@ Bugfixes:
 [6.12.0]: https://github.com/pivotal/LicenseFinder/compare/v6.11.0...v6.12.0
 [6.12.1]: https://github.com/pivotal/LicenseFinder/compare/v6.12.0...v6.12.1
 [6.12.2]: https://github.com/pivotal/LicenseFinder/compare/v6.12.1...v6.12.2
+[6.13.0]: https://github.com/pivotal/LicenseFinder/compare/v6.12.2...v6.13.0

data/Dockerfile

@@ -179,6 +179,54 @@ RUN  \
   ([ "$sha" = "${ref}" ] || (echo "Verification failed: ${sha} != ${ref}"; false)) &&\
   (echo; echo "yes") | sh "${conda_installer}"
 
+# install Swift Package Manager
+# Based on https://github.com/apple/swift-docker/blob/main/5.3/ubuntu/16.04/Dockerfile
+RUN apt-get -q install -y \
+    libatomic1 \
+    libcurl3 \
+    libxml2 \
+    libedit2 \
+    libsqlite3-0 \
+    libc6-dev \
+    binutils \
+    libgcc-5-dev \
+    libstdc++-5-dev \
+    zlib1g-dev \
+    libpython2.7 \
+    tzdata \
+    pkg-config \
+    && rm -r /var/lib/apt/lists/*
+
+# pub   4096R/ED3D1561 2019-03-22 [expires: 2021-03-21]
+#       Key fingerprint = A62A E125 BBBF BB96 A6E0  42EC 925C C1CC ED3D 1561
+# uid                  Swift 5.x Release Signing Key <swift-infrastructure@swift.org
+ARG SWIFT_SIGNING_KEY=A62AE125BBBFBB96A6E042EC925CC1CCED3D1561
+ARG SWIFT_PLATFORM=ubuntu16.04
+ARG SWIFT_BRANCH=swift-5.3.3-release
+ARG SWIFT_VERSION=swift-5.3.3-RELEASE
+ARG SWIFT_WEBROOT=https://swift.org/builds/
+
+ENV SWIFT_SIGNING_KEY=$SWIFT_SIGNING_KEY \
+    SWIFT_PLATFORM=$SWIFT_PLATFORM \
+    SWIFT_BRANCH=$SWIFT_BRANCH \
+    SWIFT_VERSION=$SWIFT_VERSION \
+    SWIFT_WEBROOT=$SWIFT_WEBROOT
+
+RUN set -e; \
+    SWIFT_WEBDIR="$SWIFT_WEBROOT/$SWIFT_BRANCH/$(echo $SWIFT_PLATFORM | tr -d .)/" \
+    && SWIFT_BIN_URL="$SWIFT_WEBDIR/$SWIFT_VERSION/$SWIFT_VERSION-$SWIFT_PLATFORM.tar.gz" \
+    && SWIFT_SIG_URL="$SWIFT_BIN_URL.sig" \
+    # - Download the GPG keys, Swift toolchain, and toolchain signature, and verify.
+    && export GNUPGHOME="$(mktemp -d)" \
+    && curl -fsSL "$SWIFT_BIN_URL" -o swift.tar.gz "$SWIFT_SIG_URL" -o swift.tar.gz.sig \
+    && gpg --batch --quiet --keyserver ha.pool.sks-keyservers.net --recv-keys "$SWIFT_SIGNING_KEY" \
+    && gpg --batch --verify swift.tar.gz.sig swift.tar.gz \
+    # - Unpack the toolchain, set libs permissions, and clean up.
+    && tar -xzf swift.tar.gz --directory / --strip-components=1 \
+    && chmod -R o+r /usr/lib/swift \
+    && rm -rf "$GNUPGHOME" swift.tar.gz.sig swift.tar.gz \
+    set +e
+
 # install license_finder
 COPY . /LicenseFinder
 RUN bash -lc "cd /LicenseFinder && bundle config set no-cache 'true' && bundle install -j4 && rake install"

data/README.md

@@ -44,7 +44,7 @@ and give you an actionable exception report.
 ### Experimental project types
 
 * Erlang (via `rebar` and `Erlang.mk`)
-* Objective-C, Swift (via Carthage or CocoaPods \[0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/)\])
+* Objective-C, Swift (via Carthage, CocoaPods \[0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/)\]) and Swift Package Manager)
 * Objective-C (+ CocoaPods 0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/))
 * Elixir (via `mix`)
 * Golang (via `gvt`, `glide`,`dep`, `trash` and `govendor`)
@@ -176,6 +176,7 @@ languages, as long as that language has a package definition in the project dire
 * `bower.json` (for `bower`)
 * `Podfile` (for `pod`)
 * `Cartfile` (for `carthage`)
+* `workspace-state.json` under build directory (provided as enviroment variable `SPM_DERIVED_DATA` for Xcode, or default `.build` for non-Xcode projects), (for `spm`)
 * `rebar.config` (for `rebar`)
 * `Erlang.mk` or `erlang.mk` file (for `Erlang.mk`)
 * `mix.exs` (for `mix`)

data/VERSION

@@ -1 +1 @@
-6.12.2
+6.13.0

data/lib/license_finder/package.rb

@@ -188,6 +188,7 @@ require 'license_finder/packages/maven_package'
 require 'license_finder/packages/gradle_package'
 require 'license_finder/packages/cocoa_pods_package'
 require 'license_finder/packages/carthage_package'
+require 'license_finder/packages/spm_package'
 require 'license_finder/packages/rebar_package'
 require 'license_finder/packages/erlangmk_package'
 require 'license_finder/packages/mix_package'

data/lib/license_finder/package_manager.rb

@@ -165,6 +165,7 @@ require 'license_finder/package_managers/maven'
 require 'license_finder/package_managers/mix'
 require 'license_finder/package_managers/cocoa_pods'
 require 'license_finder/package_managers/carthage'
+require 'license_finder/package_managers/spm'
 require 'license_finder/package_managers/gradle'
 require 'license_finder/package_managers/rebar'
 require 'license_finder/package_managers/erlangmk'

data/lib/license_finder/package_managers/go_modules.rb

@@ -33,6 +33,8 @@ module LicenseFinder
         # Explanations:
         # * Only list dependencies (packages not listed in the project directory)
         #   (.DepOnly)
+        # * Ignore packages that have nil modules
+        #   (.Module)
         # * Ignore standard library packages
         #   (not .Standard)
         # * Replacement modules are respected
@@ -40,7 +42,7 @@ module LicenseFinder
         # * Module cache directory or (vendored) package directory
         #   (or $mod.Dir .Dir)
         format_str = \
-          '{{ if and (.DepOnly) (not .Standard) }}'\
+          '{{ if and (.DepOnly) (.Module) (not .Standard) }}'\
             '{{ $mod := (or .Module.Replace .Module) }}'\
             '{{ $mod.Path }},{{ $mod.Version }},{{ or $mod.Dir .Dir }}'\
           '{{ end }}'

data/lib/license_finder/package_managers/spm.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module LicenseFinder
+  class Spm < PackageManager
+    class SpmError < RuntimeError; end
+
+    def current_packages
+      unless File.exist?(workspace_state_path)
+        raise SpmError, 'No checked-out SPM packages found.
+          Please install your dependencies first.'
+      end
+
+      workspace_state = JSON.parse(IO.read(workspace_state_path))
+      workspace_state['object']['dependencies'].map do |dependency|
+        package_ref = dependency['packageRef']
+        checkout_state = dependency['state']['checkoutState']
+
+        subpath = dependency['subpath']
+        package_name = package_ref['name']
+        package_version = checkout_state['version'] || checkout_state['revision']
+        homepage = package_ref['path']
+
+        SpmPackage.new(
+          package_name,
+          package_version,
+          license_text(subpath),
+          logger: logger,
+          install_path: project_checkout(subpath),
+          homepage: homepage
+        )
+      end
+    end
+
+    def package_management_command
+      LicenseFinder::Platform.darwin? ? 'xcodebuild' : 'swift'
+    end
+
+    def prepare_command
+      LicenseFinder::Platform.darwin? ? 'xcodebuild -resolvePackageDependencies' : 'swift package resolve'
+    end
+
+    def possible_package_paths
+      [workspace_state_path]
+    end
+
+    private
+
+    def resolved_package
+      if File.exist?(resolved_path)
+        @resolved_file ||= IO.read(resolved_path)
+      else
+        raise SpmError, 'No Package.resolved found.
+          Please install your dependencies first and provide it via environment variable
+          SPM_PACKAGE_RESOLVED'
+      end
+    end
+
+    def resolved_path
+      # Xcode projects have SPM packages info under project's derived data location
+      derived_data_folder = ENV['SPM_DERIVED_DATA']
+      if derived_data_folder
+        pathname = Pathname.new(derived_data_folder)
+        pathname.absolute? ? pathname : project_path.join(derived_data_folder)
+      else
+        project_path.join('.build')
+      end
+    end
+
+    def workspace_state_path
+      resolved_path.join('workspace-state.json')
+    end
+
+    def license_text(subpath)
+      license_path = license_pattern(subpath).find { |f| File.exist?(f) }
+      license_path.nil? ? nil : IO.read(license_path)
+    end
+
+    def project_checkout(subpath)
+      resolved_path.join('checkouts', subpath)
+    end
+
+    def license_pattern(subpath)
+      checkout_path = project_checkout(subpath)
+      Dir.glob(checkout_path.join('LICENSE*'), File::FNM_CASEFOLD)
+    end
+
+    def name_version_from_line(cartfile_line)
+      cartfile_line.split(' ')[1, 2].map { |f| f.split('/').last.delete('"').gsub('.git', '') }
+    end
+  end
+end

data/lib/license_finder/packages/spm_package.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class SpmPackage < Package
+    def initialize(name, version, license_text, options = {})
+      super(name, version, options)
+      @license = License.find_by_text(license_text.to_s)
+    end
+
+    def licenses_from_spec
+      [@license].compact
+    end
+
+    def package_manager
+      'Spm'
+    end
+  end
+end

data/lib/license_finder/scanner.rb

@@ -5,7 +5,7 @@ module LicenseFinder
     PACKAGE_MANAGERS = [
       GoModules, GoDep, GoWorkspace, Go15VendorExperiment, Glide, Gvt, Govendor, Trash, Dep, Bundler, NPM, Pip,
       Yarn, Bower, Maven, Gradle, CocoaPods, Rebar, Erlangmk, Nuget, Carthage, Mix, Conan, Sbt, Cargo, Dotnet, Composer, Pipenv,
-      Conda
+      Conda, Spm
     ].freeze
 
     class << self

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: license_finder
 version: !ruby/object:Gem::Version
-  version: 6.12.2
+  version: 6.13.0
 platform: ruby
 authors:
 - Ryan Collins
@@ -27,7 +27,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-14 00:00:00.000000000 Z
+date: 2021-04-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -457,6 +457,7 @@ files:
 - lib/license_finder/package_managers/pipenv.rb
 - lib/license_finder/package_managers/rebar.rb
 - lib/license_finder/package_managers/sbt.rb
+- lib/license_finder/package_managers/spm.rb
 - lib/license_finder/package_managers/trash.rb
 - lib/license_finder/package_managers/yarn.rb
 - lib/license_finder/package_utils/activation.rb
@@ -489,6 +490,7 @@ files:
 - lib/license_finder/packages/pip_package.rb
 - lib/license_finder/packages/rebar_package.rb
 - lib/license_finder/packages/sbt_package.rb
+- lib/license_finder/packages/spm_package.rb
 - lib/license_finder/packages/yarn_package.rb
 - lib/license_finder/platform.rb
 - lib/license_finder/project_finder.rb