license_finder 6.3.0 → 6.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +6 -0
  3. data/CHANGELOG.md +60 -0
  4. data/Dockerfile +13 -11
  5. data/README.md +28 -6
  6. data/Rakefile +1 -1
  7. data/VERSION +1 -1
  8. data/ci/pipelines/release.yml.erb +14 -4
  9. data/ci/tasks/rubocop.yml +1 -1
  10. data/lib/license_finder/cli.rb +1 -0
  11. data/lib/license_finder/cli/base.rb +1 -0
  12. data/lib/license_finder/cli/inherited_decisions.rb +50 -0
  13. data/lib/license_finder/cli/main.rb +3 -1
  14. data/lib/license_finder/configuration.rb +5 -1
  15. data/lib/license_finder/decision_applier.rb +8 -4
  16. data/lib/license_finder/decisions.rb +99 -20
  17. data/lib/license_finder/license.rb +37 -0
  18. data/lib/license_finder/license/definitions.rb +26 -3
  19. data/lib/license_finder/license/templates/0BSD.txt +10 -0
  20. data/lib/license_finder/license/templates/SimplifiedBSD.txt +0 -4
  21. data/lib/license_finder/license/text.rb +24 -2
  22. data/lib/license_finder/logger.rb +2 -0
  23. data/lib/license_finder/package.rb +2 -1
  24. data/lib/license_finder/package_manager.rb +6 -2
  25. data/lib/license_finder/package_managers/bundler.rb +1 -1
  26. data/lib/license_finder/package_managers/dotnet.rb +2 -1
  27. data/lib/license_finder/package_managers/go_15vendorexperiment.rb +1 -1
  28. data/lib/license_finder/package_managers/go_modules.rb +35 -12
  29. data/lib/license_finder/package_managers/mix.rb +1 -1
  30. data/lib/license_finder/package_managers/nuget.rb +51 -4
  31. data/lib/license_finder/package_managers/pipenv.rb +1 -1
  32. data/lib/license_finder/package_managers/rebar.rb +29 -8
  33. data/lib/license_finder/package_managers/yarn.rb +16 -2
  34. data/lib/license_finder/package_utils/license_files.rb +2 -2
  35. data/lib/license_finder/packages/bower_package.rb +7 -0
  36. data/lib/license_finder/packages/bundler_package.rb +4 -0
  37. data/lib/license_finder/packages/cargo_package.rb +4 -0
  38. data/lib/license_finder/packages/cocoa_pods_package.rb +4 -0
  39. data/lib/license_finder/packages/composer_package.rb +4 -0
  40. data/lib/license_finder/packages/conan_package.rb +4 -0
  41. data/lib/license_finder/packages/go_package.rb +4 -0
  42. data/lib/license_finder/packages/gradle_package.rb +4 -0
  43. data/lib/license_finder/packages/maven_package.rb +4 -0
  44. data/lib/license_finder/packages/merged_package.rb +1 -1
  45. data/lib/license_finder/packages/mix_package.rb +4 -0
  46. data/lib/license_finder/packages/npm_package.rb +4 -0
  47. data/lib/license_finder/packages/nuget_package.rb +4 -0
  48. data/lib/license_finder/packages/pip_package.rb +13 -2
  49. data/lib/license_finder/packages/rebar_package.rb +4 -0
  50. data/lib/license_finder/packages/yarn_package.rb +4 -0
  51. data/lib/license_finder/reports/csv_report.rb +7 -3
  52. data/lib/license_finder/reports/json_report.rb +2 -0
  53. metadata +5 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 72f85b1c33a4f69a87b10788685debd163e13cc60b428ce9854849ff55567531
4
- data.tar.gz: 14b067eae3f53784d3d4a5c4b341c73f604f63b9c4eaf7b68a98e90bdf7728fb
3
+ metadata.gz: 48bb96da32ab1ac5f0ee5f3a61e35a546c7666794348b6055fafbdcd2afb9067
4
+ data.tar.gz: c712efcd6787e0747ea1d2975ef719f74ee5e27eb2664dc0f0d1d0f681f62fe2
5
5
  SHA512:
6
- metadata.gz: '087049b7a0d7b1ada765f6904f66add3048b0a8e0aaef4c75333d139ddde2337f56ac37dc4852a6e23ccd7855d501cacac59c6c97213bbea375282c8300c2355'
7
- data.tar.gz: 3d52fc85d19980ff405e25f8f18c1cea20649ed90fa8aad2f236a62e78ec691e60dfa4f9651fa3f77898f7ad5924df75a0ca49c3c692bc9e16dd30a4d9d332e8
6
+ metadata.gz: 204084155100a9da1d8511db5173bfd138f1247c2fd0ed6a5c967a4da7c01b4a3db7352b8e55d98dd82cc68b4460d48daee400531e8a34605ca54046f66065a6
7
+ data.tar.gz: 0db4e9e0660b01393a9f142c6f320a526e366cd1e4831097170f954a2496cf2fbb9cbb1fcff9d8f188ca7e5bfccec34ae8c1ab8cfd7c4b3c5815a33b924b61d1
@@ -48,6 +48,12 @@ Style/MissingRespondToMissing:
48
48
  Enabled: false
49
49
  Style/FormatStringToken:
50
50
  EnforcedStyle: unannotated
51
+ Style/HashEachMethods:
52
+ Enabled: true
53
+ Style/HashTransformKeys:
54
+ Enabled: true
55
+ Style/HashTransformValues:
56
+ Enabled: true
51
57
  Layout/MultilineMethodCallIndentation:
52
58
  Enabled: false
53
59
  DoubleNegation:
@@ -1,3 +1,53 @@
1
+ # [6.6.2] / 2020-07-09
2
+
3
+ ### Added
4
+ * support for rebar3 [Removed] support for rebar2 [#173637980] - [b20e7444](https://github.com/pivotal/LicenseFinder/commit/b20e7444c147d8dbfa46eb4e8e549e03be751e02) - Jeff Jun
5
+
6
+ ### Fixed
7
+ * handle empty case for mix dependencies [#173637843] - [fc34b281](https://github.com/pivotal/LicenseFinder/commit/fc34b2813925a709addde675849e199b05fc4a23) - Jeff Jun
8
+
9
+ ### Removed
10
+ [Added] support for rebar3 * support for rebar2 [#173637980] - [b20e7444](https://github.com/pivotal/LicenseFinder/commit/b20e7444c147d8dbfa46eb4e8e549e03be751e02) - Jeff Jun
11
+
12
+ # [6.6.1] / 2020-06-30
13
+
14
+ ### Changed
15
+ * Handle multiple solution files for nuget [#173021333] - [040d9559](https://github.com/pivotal/LicenseFinder/commit/040d9559a4bda07490255cc34c1a7891081bc511)
16
+ * matches license names from pypi api call with known licenses to avoid returning misformatted licenses [#173421573] - [6b96d746](https://github.com/pivotal/LicenseFinder/commit/6b96d74600034abcacee6ed2b322aa3abfaa0992) - Jeff Jun
17
+ * Update Nuget Package Manager prepare command - [6ac07066](https://github.com/pivotal/LicenseFinder/commit/6ac070668955bc034da1647658440ce5bb0d9bd2) - Jason Smith
18
+
19
+ # [6.6.0] / 2020-06-22
20
+
21
+ # [6.5.0] / 2020-06-01
22
+
23
+ ### Added
24
+ * Support legacy nuget projects [#172950097] - [0cccbcf9](https://github.com/pivotal/LicenseFinder/commit/0cccbcf9aa92f4297ef0174242bdb19da1babc65)
25
+
26
+ ### Changed
27
+ * Upgrade to golang 1.14.3. Update dotnet-sdk to 3.1 - [0969e98f](https://github.com/pivotal/LicenseFinder/commit/0969e98fde4a82f8931601baa4dd96dc01300a14)
28
+
29
+ # [6.4.0] / 2020-05-22
30
+
31
+ Big shout out to @forelabs for introducing many new features and improvements for this release. Thanks again!!
32
+
33
+ ### Added
34
+ * Introducing new inherited_decisions command - [3453feb](https://github.com/pivotal/LicenseFinder/commit/3453feb659a6c3c6e5aa444e3755ddd5d32f3664) - Sven Dunemann
35
+ * Decision Applier: Merge manual and system packages - [c690532](https://github.com/pivotal/LicenseFinder/commit/c690532ec8addab16bef4edd390f05ceb353435f) - Sven Dunemann
36
+ * Introduce package_url to packages - [18972f7](https://github.com/pivotal/LicenseFinder/commit/18972f7b3a04340e1b7bb560780130b68696b8a2) - Sven Dunemann
37
+ * Add --write-headers option for csv exports - [18e01f8](https://github.com/pivotal/LicenseFinder/commit/18e01f8728a9dc525d7567292cc1e2f390ec854d) - Sven Dunemann
38
+ * Yarn: Add authors & install_path - [08a0f67](https://github.com/pivotal/LicenseFinder/commit/08a0f67837a218231217767561f2282c1b3a890a) - Sven Dunemann
39
+ * install path for nuget dependencies [#172251374] - [ad73c946](https://github.com/pivotal/LicenseFinder/commit/ad73c946113846f8f548adfc73542aebb3763175) - Jeff Jun
40
+ * new Rubocop cops - [c4cc6b8b](https://github.com/pivotal/LicenseFinder/commit/c4cc6b8b13273db17b65cecaf24c9053e4989ea1) - Jeff Jun
41
+
42
+ ### Fixed
43
+ * Separate lines in license text with LF when exported to JSON - [baddb976](https://github.com/pivotal/LicenseFinder/commit/baddb976e7a8683c5cc320eddc8c2712dfb16c15) - Robert Huitl
44
+
45
+ ### Changed
46
+ * Go15VendorExperiment: Detect go only if vendor includes go files - [0f8e609](https://github.com/pivotal/LicenseFinder/commit/0f8e609f0921937c6187deccd80e4bc4b7d67ee4) - Sven Dunemann
47
+ * Bump PHP version to 7.4 - [cbe45c5](https://github.com/pivotal/LicenseFinder/commit/cbe45c5cdb3ec200ea215086a3b3eb879e83222a) - Yivan
48
+ * Significantly improve the license text matching file to be more dynamic - [acf5705](https://github.com/pivotal/LicenseFinder/commit/acf570573b4a2414d9c43212dea5d4ecb157319e)
49
+ * Update Ruby version to 2.7.1 [#172295831] - [475e2948](https://github.com/pivotal/LicenseFinder/commit/475e2948ec1ad859aee59e77aa9ce2a51e1a5029)
50
+
1
51
  # [6.3.0] / 2020-05-06
2
52
 
3
53
  ### Added
@@ -10,6 +60,11 @@
10
60
  * Bump PHP version to 7.3 - [1c3c3271](https://github.com/pivotal/LicenseFinder/commit/1c3c3271b977a6c8d24e4159a6b8098a51086522)
11
61
  * Remove +compatible in Go package versions [#171754392] - [5cba5801](https://github.com/pivotal/LicenseFinder/commit/5cba5801f4f276482f01bfeea46fde0dbbcce7b1)
12
62
 
63
+ ### Fixed
64
+ * Fixed Maven Package manager Groups check - [5058d90](https://github.com/pivotal/LicenseFinder/commit/5058d90246a25ca15c72e0eed8e19ebbf7e39998) - Ravi Soni
65
+ * GoModules: fix compute with vendor mod - [067eb19](https://github.com/pivotal/LicenseFinder/commit/067eb1916ce024039631bdbd4114ababa6c02c3a) - forelabs
66
+ * Do not set Bundle path. Bundler will figure it out. - [6319a7a](https://github.com/pivotal/LicenseFinder/commit/6319a7a281bd9cc997c08c903674ab51fcc6545e) - mvz
67
+
13
68
  # [6.2.0] / 2020-04-07
14
69
 
15
70
  ### Fixed
@@ -837,3 +892,8 @@ Bugfixes:
837
892
  [6.1.2]: https://github.com/pivotal/LicenseFinder/compare/v6.1.0...v6.1.2
838
893
  [6.2.0]: https://github.com/pivotal/LicenseFinder/compare/v6.1.2...v6.2.0
839
894
  [6.3.0]: https://github.com/pivotal/LicenseFinder/compare/v6.2.0...v6.3.0
895
+ [6.4.0]: https://github.com/pivotal/LicenseFinder/compare/v6.3.0...v6.4.0
896
+ [6.5.0]: https://github.com/pivotal/LicenseFinder/compare/v6.4.0...v6.5.0
897
+ [6.6.0]: https://github.com/pivotal/LicenseFinder/compare/v6.5.0...v6.6.0
898
+ [6.6.1]: https://github.com/pivotal/LicenseFinder/compare/v6.6.0...v6.6.1
899
+ [6.6.2]: https://github.com/pivotal/LicenseFinder/compare/v6.6.1...v6.6.2
data/Dockerfile CHANGED
@@ -3,11 +3,11 @@ FROM ubuntu:xenial
3
3
  # Versioning
4
4
  ENV PIP_INSTALL_VERSION 19.0.2
5
5
  ENV PIP3_INSTALL_VERSION 8.1.1
6
- ENV GO_LANG_VERSION 1.13.3
6
+ ENV GO_LANG_VERSION 1.14.3
7
7
  ENV MAVEN_VERSION 3.6.0
8
8
  ENV SBT_VERSION 1.3.3
9
9
  ENV GRADLE_VERSION 5.6.4
10
- ENV RUBY_VERSION 2.6.5
10
+ ENV RUBY_VERSION 2.7.1
11
11
  ENV MIX_VERSION 1.0
12
12
  ENV COMPOSER_ALLOW_SUPERUSER 1
13
13
 
@@ -48,11 +48,13 @@ ENV JAVA_HOME=/opt/jdk-12.0.2
48
48
  ENV PATH=$PATH:$JAVA_HOME/bin
49
49
  RUN java -version
50
50
 
51
- # install python and rebar
52
- RUN apt-get install -y python rebar
51
+ # install rebar3
52
+ RUN curl -o rebar3 https://s3.amazonaws.com/rebar3/rebar3 && \
53
+ sudo chmod +x rebar3 && \
54
+ sudo mv rebar3 /usr/local/bin/rebar3
53
55
 
54
- # install and update python-pip
55
- RUN apt-get install -y python-pip python3-pip && \
56
+ # install and update python and python-pip
57
+ RUN apt-get install -y python python-pip python3-pip && \
56
58
  pip2 install --no-cache-dir --upgrade pip==$PIP_INSTALL_VERSION && \
57
59
  pip3 install --no-cache-dir --upgrade pip==$PIP3_INSTALL_VERSION
58
60
 
@@ -141,8 +143,8 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E03280
141
143
  echo "deb https://download.mono-project.com/repo/ubuntu stable-xenial main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list &&\
142
144
  apt-get update &&\
143
145
  apt-get install -y mono-complete &&\
144
- curl -o /usr/local/bin/nuget.exe https://dist.nuget.org/win-x86-commandline/latest/nuget.exe &&\
145
- echo "alias nuget=\"mono /usr/local/bin/nuget.exe\"" >> ~/.bash_aliases
146
+ curl -o "/usr/local/bin/nuget.exe" "https://dist.nuget.org/win-x86-commandline/latest/nuget.exe" &&\
147
+ curl -o "/usr/local/bin/nugetv3.5.0.exe" "https://dist.nuget.org/win-x86-commandline/v3.5.0/nuget.exe"
146
148
 
147
149
  # install dotnet core
148
150
  WORKDIR /tmp
@@ -150,14 +152,14 @@ RUN wget -q https://packages.microsoft.com/config/ubuntu/16.04/packages-microsof
150
152
  sudo dpkg -i packages-microsoft-prod.deb &&\
151
153
  rm packages-microsoft-prod.deb &&\
152
154
  sudo apt-get update &&\
153
- sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0
155
+ sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0 dotnet-sdk-3.1
154
156
 
155
157
  RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5267A6C &&\
156
158
  echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu xenial main" | sudo tee /etc/apt/sources.list.d/php.list &&\
157
159
  apt-get update &&\
158
- apt-get install -y php7.3-cli &&\
160
+ apt-get install -y php7.4-cli &&\
159
161
  php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" &&\
160
- php -r "if (hash_file('sha384', 'composer-setup.php') === 'e0012edf3e80b6978849f5eff0d4b4e4c79ff1609dd1e613307e16318854d24ae64f26d17af3ef0bf7cfb710ca74755a') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" &&\
162
+ php -r "if (hash_file('sha384', 'composer-setup.php') === 'e5325b19b381bfd88ce90a5ddb7823406b2a38cff6bb704b0acc289a09c8128d4a8ce2bbafcd1fcbdc38666422fe2806') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" &&\
161
163
  php composer-setup.php &&\
162
164
  php -r "unlink('composer-setup.php');" &&\
163
165
  mv composer.phar /usr/bin/composer
data/README.md CHANGED
@@ -7,7 +7,7 @@ Build status
7
7
  * Ruby 2.4.9 [![Ruby 2.4.9 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.4.9/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
8
8
  * Ruby 2.5.7 [![Ruby 2.5.7 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.5.7/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
9
9
  * Ruby 2.6.5 [![Ruby 2.6.5 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.6.5/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
10
- * Ruby 2.7.0 [![Ruby 2.7.0 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.7.0/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
10
+ * Ruby 2.7.1 [![Ruby 2.7.1 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-2.7.1/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
11
11
  * JRuby 9.2.9.0 [![JRuby 9.2.9.0 build status](https://norsk.cf-app.com/api/v1/teams/main/pipelines/LicenseFinder/jobs/ruby-jruby-9.2.9.0/badge)](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
12
12
 
13
13
 
@@ -43,7 +43,7 @@ and give you an actionable exception report.
43
43
 
44
44
  ### Experimental project types
45
45
 
46
- * Erlang (via `rebar`)
46
+ * Erlang (via `rebar3`)
47
47
  * Objective-C, Swift (via Carthage or CocoaPods \[0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/)\])
48
48
  * Objective-C (+ CocoaPods 0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/))
49
49
  * Elixir (via `mix`)
@@ -175,7 +175,7 @@ languages, as long as that language has a package definition in the project dire
175
175
  * `bower.json` (for `bower`)
176
176
  * `Podfile` (for `pod`)
177
177
  * `Cartfile` (for `carthage`)
178
- * `rebar.config` (for `rebar`)
178
+ * `rebar.config` (for `rebar3`)
179
179
  * `mix.exs` (for `mix`)
180
180
  * `packages/` directory (for `nuget`)
181
181
  * `*.csproj` (for `dotnet`)
@@ -183,7 +183,7 @@ languages, as long as that language has a package definition in the project dire
183
183
  * `glide.lock` file (for `glide`)
184
184
  * `vendor/vendor.json` file (for `govendor`)
185
185
  * `Gopkg.lock` file (for `dep`)
186
- * `go.sum` file (for `go mod`)
186
+ * `go.mod` file (for `go mod`)
187
187
  * `vendor.conf` file (for `trash`)
188
188
  * `yarn.lock` file (for `yarn`)
189
189
  * `conanfile.txt` file (for `conan`)
@@ -359,7 +359,7 @@ $ license_finder dependencies remove my_js_dep
359
359
  Sometimes a project will have development or test dependencies which
360
360
  you don't want to track. You can exclude theses dependencies by running
361
361
  `license_finder ignored_groups`. (Currently this only works for packages
362
- managed by Bundler, NPM, and Nuget.)
362
+ managed by Bundler, NPM, Yarn, Maven, Pip2, Pip3, and Nuget.)
363
363
 
364
364
  On rare occasions a package manager will report an individual dependency
365
365
  that you want to exclude from all reports, even though it is approved.
@@ -379,6 +379,26 @@ items, even if someone attempts to manually approve or permit it. However,
379
379
  if a dependency has even one license that is not restricted, it can still be
380
380
  manually approved or permitted.
381
381
 
382
+ ## Decision inheritance
383
+
384
+ Add or remove decision files you want to inherit from - see `license_finder inherited_decisions help` for more information.
385
+
386
+ This allows you to have a centralized decision file for approved/restricted licenses. If you have multiple projects it's way easier to have one single place where you approved or restricted licenses defined.
387
+
388
+ Add one or more decision files to the inherited decisions
389
+ ```bash
390
+ license_finder inherited_decisions add DECISION_FILE
391
+ ```
392
+
393
+ Remove one or more decision files from the inherited decisions
394
+ ```bash
395
+ license_finder inherited_decisions remove DECISION_FILE
396
+ ```
397
+
398
+ List all the inherited decision files
399
+ ```bash
400
+ license_finder inherited_decisions list
401
+ ```
382
402
 
383
403
  ## Configuration
384
404
 
@@ -392,7 +412,7 @@ If you have a gradle project, you can invoke gradle with a custom script by
392
412
  passing (for example) `--gradle_command gradlew` to `license_finder` or
393
413
  `license_finder report`.
394
414
 
395
- Similarly you can invoke a custom rebar script with `--rebar_command rebar2`.
415
+ Similarly you can invoke a custom rebar script with `--rebar_command rebar`.
396
416
  If you store rebar dependencies in a custom directory (by setting `deps_dir` in
397
417
  `rebar.config`), set `--rebar_deps_dir`.
398
418
 
@@ -467,6 +487,8 @@ licenseConfigurations := Set("compile", "provided")
467
487
 
468
488
  ## Upgrading
469
489
 
490
+ To upgrade to `license_finder` version >= 6.0, you have to replace the terminology `whitelist` with `permit` and `blacklist` with `restrict` in your `dependency_decisions.yml`. See [Changelog](https://github.com/pivotal/LicenseFinder/blob/master/CHANGELOG.md#600--2020-01-22) for more details.
491
+
470
492
  To upgrade from `license_finder` version 1.2 to 2.0, see
471
493
  [`license_finder_upgrade`](https://github.com/mainej/license_finder_upgrade).
472
494
  To upgrade to 2.0 from a version lower than 1.2, first upgrade to 1.2, and run
data/Rakefile CHANGED
@@ -63,7 +63,7 @@ task :update_pipeline, [:slack_url, :slack_channel] do |_, args|
63
63
  puts 'Warning: You should provide slack channel and url to receive slack notifications on build failures'
64
64
  end
65
65
 
66
- ruby_versions = %w[2.7.0 2.6.5 2.5.7 2.4.9 2.3.8 jruby-9.2.9.0]
66
+ ruby_versions = %w[2.7.1 2.6.5 2.5.7 2.4.9 2.3.8 jruby-9.2.9.0]
67
67
 
68
68
  params = []
69
69
  params << "ruby_versions=#{ruby_versions.join(',')}"
data/VERSION CHANGED
@@ -1 +1 @@
1
- 6.3.0
1
+ 6.6.2
@@ -24,7 +24,7 @@ resources:
24
24
  source:
25
25
  driver: gcs
26
26
  bucket: lf-semver-version
27
- key: VERSION
27
+ key: version
28
28
  json_key: ((GCPQueuedReportsBucketCredentials))
29
29
 
30
30
  - name: dockerhub-edge
@@ -123,21 +123,31 @@ jobs:
123
123
 
124
124
  - name: bump-major
125
125
  plan:
126
- - put: semver-version
126
+ - get: semver-version
127
127
  tags: ["private-worker"]
128
128
  params: {bump: major}
129
+ - put: semver-version
130
+ tags: ["private-worker"]
131
+ params: {file: semver-version/version}
132
+
129
133
 
130
134
  - name: bump-minor
131
135
  plan:
132
- - put: semver-version
136
+ - get: semver-version
133
137
  tags: ["private-worker"]
134
138
  params: {bump: minor}
139
+ - put: semver-version
140
+ tags: ["private-worker"]
141
+ params: {file: semver-version/version}
135
142
 
136
143
  - name: bump-patch
137
144
  plan:
138
- - put: semver-version
145
+ - get: semver-version
139
146
  tags: ["private-worker"]
140
147
  params: {bump: patch}
148
+ - put: semver-version
149
+ tags: ["private-worker"]
150
+ params: {file: semver-version/version}
141
151
 
142
152
  - name: release
143
153
  disable_manual_trigger: true
@@ -4,7 +4,7 @@ image_resource:
4
4
  type: registry-image
5
5
  source:
6
6
  repository: ruby
7
- tag: 2.6.5
7
+ tag: 2.7.1
8
8
 
9
9
  inputs:
10
10
  - name: LicenseFinder
@@ -8,6 +8,7 @@ end
8
8
  require 'license_finder/cli/patched_thor'
9
9
  require 'license_finder/cli/base'
10
10
  require 'license_finder/cli/makes_decisions'
11
+ require 'license_finder/cli/inherited_decisions'
11
12
  require 'license_finder/cli/permitted_licenses'
12
13
  require 'license_finder/cli/restricted_licenses'
13
14
  require 'license_finder/cli/dependencies'
@@ -44,6 +44,7 @@ module LicenseFinder
44
44
  :elixir_command,
45
45
  :mix_command,
46
46
  :mix_deps_dir,
47
+ :write_headers,
47
48
  :save,
48
49
  :prepare,
49
50
  :prepare_no_fail,
@@ -0,0 +1,50 @@
1
+ # frozen_string_literal: true
2
+
3
+ module LicenseFinder
4
+ module CLI
5
+ class InheritedDecisions < Base
6
+ extend Subcommand
7
+ include MakesDecisions
8
+
9
+ desc 'list', 'List all the inherited decision files'
10
+ def list
11
+ say 'Inherited Decision Files:', :blue
12
+ say_each(decisions.inherited_decisions)
13
+ end
14
+
15
+ auditable
16
+ desc 'add DECISION_FILE...', 'Add one or more decision files to the inherited decisions'
17
+ def add(*decision_files)
18
+ assert_some decision_files
19
+ modifying { decision_files.each { |filepath| decisions.inherit_from(filepath) } }
20
+ say "Added #{decision_files.join(', ')} to the inherited decisions"
21
+ end
22
+
23
+ auditable
24
+ desc 'add_with_auth URL AUTH_TYPE TOKEN_OR_ENV', 'Add a remote decision file that needs authentication'
25
+ def add_with_auth(*params)
26
+ url, auth_type, token_or_env = params
27
+ auth_info = { 'url' => url, 'authorization' => "#{auth_type} #{token_or_env}" }
28
+ modifying { decisions.add_decision [:inherit_from, auth_info] }
29
+ say "Added #{url} to the inherited decisions"
30
+ end
31
+
32
+ auditable
33
+ desc 'remove DECISION_FILE...', 'Remove one or more decision files from the inherited decisions'
34
+ def remove(*decision_files)
35
+ assert_some decision_files
36
+ modifying { decision_files.each { |filepath| decisions.remove_inheritance(filepath) } }
37
+ say "Removed #{decision_files.join(', ')} from the inherited decisions"
38
+ end
39
+
40
+ auditable
41
+ desc 'remove_with_auth URL AUTH_TYPE TOKEN_OR_ENV', 'Add a remote decision file that needs authentication'
42
+ def remove_with_auth(*params)
43
+ url, auth_type, token_or_env = params
44
+ auth_info = { 'url' => url, 'authorization' => "#{auth_type} #{token_or_env}" }
45
+ modifying { decisions.remove_inheritance(auth_info) }
46
+ say "Removed #{url} from the inherited decisions"
47
+ end
48
+ end
49
+ end
50
+ end
@@ -140,6 +140,7 @@ module LicenseFinder
140
140
  desc 'report', "Print a report of the project's dependencies to stdout"
141
141
  shared_options
142
142
  format_option
143
+ method_option :write_headers, type: :boolean, desc: 'Write exported columns as header row (csv).', default: false, required: false
143
144
  method_option :save, desc: "Save report to a file. Default: 'license_report.csv' in project root.", lazy_default: 'license_report'
144
145
 
145
146
  def report
@@ -171,6 +172,7 @@ module LicenseFinder
171
172
  subcommand 'permitted_licenses', PermittedLicenses, 'Automatically approve any dependency that has a permitted license'
172
173
  subcommand 'restricted_licenses', RestrictedLicenses, 'Forbid approval of any dependency whose licenses are all restricted'
173
174
  subcommand 'project_name', ProjectName, 'Set the project name, for display in reports'
175
+ subcommand 'inherited_decisions', InheritedDecisions, 'Add or remove decision files you want to inherit from'
174
176
 
175
177
  private
176
178
 
@@ -203,7 +205,7 @@ module LicenseFinder
203
205
  def report_of(content)
204
206
  report = FORMATS[config.format] || FORMATS['text']
205
207
  report = MergedReport if report == CsvReport && config.aggregate_paths
206
- report.of(content, columns: config.columns, project_name: decisions.project_name || config.project_path.basename.to_s)
208
+ report.of(content, columns: config.columns, project_name: decisions.project_name || config.project_path.basename.to_s, write_headers: config.write_headers)
207
209
  end
208
210
 
209
211
  def save?
@@ -35,7 +35,7 @@ module LicenseFinder
35
35
  end
36
36
 
37
37
  def rebar_deps_dir
38
- path = get(:rebar_deps_dir) || 'deps'
38
+ path = get(:rebar_deps_dir) || '_build/default/lib'
39
39
  project_path.join(path).expand_path
40
40
  end
41
41
 
@@ -109,6 +109,10 @@ module LicenseFinder
109
109
  get(:prepare_no_fail)
110
110
  end
111
111
 
112
+ def write_headers
113
+ get(:write_headers)
114
+ end
115
+
112
116
  def save_file
113
117
  get(:save)
114
118
  end
@@ -4,7 +4,7 @@ module LicenseFinder
4
4
  class DecisionApplier
5
5
  def initialize(options)
6
6
  @decisions = options.fetch(:decisions)
7
- @all_packages = decisions.packages + options.fetch(:packages)
7
+ @all_packages = options.fetch(:packages).to_set + @decisions.packages.to_set
8
8
  @acknowledged = apply_decisions
9
9
  end
10
10
 
@@ -28,10 +28,14 @@ module LicenseFinder
28
28
 
29
29
  def apply_decisions
30
30
  all_packages
31
- .map { |package| with_decided_licenses(package) }
32
- .map { |package| with_approval(package) }
33
- .map { |package| with_homepage(package) }
34
31
  .reject { |package| ignored?(package) }
32
+ .map do |package|
33
+ with_homepage(
34
+ with_approval(
35
+ with_decided_licenses(package)
36
+ )
37
+ )
38
+ end
35
39
  end
36
40
 
37
41
  def ignored?(package)