license_finder 6.3.0 → 6.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +6 -0
- data/CHANGELOG.md +60 -0
- data/Dockerfile +13 -11
- data/README.md +28 -6
- data/Rakefile +1 -1
- data/VERSION +1 -1
- data/ci/pipelines/release.yml.erb +14 -4
- data/ci/tasks/rubocop.yml +1 -1
- data/lib/license_finder/cli.rb +1 -0
- data/lib/license_finder/cli/base.rb +1 -0
- data/lib/license_finder/cli/inherited_decisions.rb +50 -0
- data/lib/license_finder/cli/main.rb +3 -1
- data/lib/license_finder/configuration.rb +5 -1
- data/lib/license_finder/decision_applier.rb +8 -4
- data/lib/license_finder/decisions.rb +99 -20
- data/lib/license_finder/license.rb +37 -0
- data/lib/license_finder/license/definitions.rb +26 -3
- data/lib/license_finder/license/templates/0BSD.txt +10 -0
- data/lib/license_finder/license/templates/SimplifiedBSD.txt +0 -4
- data/lib/license_finder/license/text.rb +24 -2
- data/lib/license_finder/logger.rb +2 -0
- data/lib/license_finder/package.rb +2 -1
- data/lib/license_finder/package_manager.rb +6 -2
- data/lib/license_finder/package_managers/bundler.rb +1 -1
- data/lib/license_finder/package_managers/dotnet.rb +2 -1
- data/lib/license_finder/package_managers/go_15vendorexperiment.rb +1 -1
- data/lib/license_finder/package_managers/go_modules.rb +35 -12
- data/lib/license_finder/package_managers/mix.rb +1 -1
- data/lib/license_finder/package_managers/nuget.rb +51 -4
- data/lib/license_finder/package_managers/pipenv.rb +1 -1
- data/lib/license_finder/package_managers/rebar.rb +29 -8
- data/lib/license_finder/package_managers/yarn.rb +16 -2
- data/lib/license_finder/package_utils/license_files.rb +2 -2
- data/lib/license_finder/packages/bower_package.rb +7 -0
- data/lib/license_finder/packages/bundler_package.rb +4 -0
- data/lib/license_finder/packages/cargo_package.rb +4 -0
- data/lib/license_finder/packages/cocoa_pods_package.rb +4 -0
- data/lib/license_finder/packages/composer_package.rb +4 -0
- data/lib/license_finder/packages/conan_package.rb +4 -0
- data/lib/license_finder/packages/go_package.rb +4 -0
- data/lib/license_finder/packages/gradle_package.rb +4 -0
- data/lib/license_finder/packages/maven_package.rb +4 -0
- data/lib/license_finder/packages/merged_package.rb +1 -1
- data/lib/license_finder/packages/mix_package.rb +4 -0
- data/lib/license_finder/packages/npm_package.rb +4 -0
- data/lib/license_finder/packages/nuget_package.rb +4 -0
- data/lib/license_finder/packages/pip_package.rb +13 -2
- data/lib/license_finder/packages/rebar_package.rb +4 -0
- data/lib/license_finder/packages/yarn_package.rb +4 -0
- data/lib/license_finder/reports/csv_report.rb +7 -3
- data/lib/license_finder/reports/json_report.rb +2 -0
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 48bb96da32ab1ac5f0ee5f3a61e35a546c7666794348b6055fafbdcd2afb9067
|
|
4
|
+
data.tar.gz: c712efcd6787e0747ea1d2975ef719f74ee5e27eb2664dc0f0d1d0f681f62fe2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 204084155100a9da1d8511db5173bfd138f1247c2fd0ed6a5c967a4da7c01b4a3db7352b8e55d98dd82cc68b4460d48daee400531e8a34605ca54046f66065a6
|
|
7
|
+
data.tar.gz: 0db4e9e0660b01393a9f142c6f320a526e366cd1e4831097170f954a2496cf2fbb9cbb1fcff9d8f188ca7e5bfccec34ae8c1ab8cfd7c4b3c5815a33b924b61d1
|
data/.rubocop.yml
CHANGED
|
@@ -48,6 +48,12 @@ Style/MissingRespondToMissing:
|
|
|
48
48
|
Enabled: false
|
|
49
49
|
Style/FormatStringToken:
|
|
50
50
|
EnforcedStyle: unannotated
|
|
51
|
+
Style/HashEachMethods:
|
|
52
|
+
Enabled: true
|
|
53
|
+
Style/HashTransformKeys:
|
|
54
|
+
Enabled: true
|
|
55
|
+
Style/HashTransformValues:
|
|
56
|
+
Enabled: true
|
|
51
57
|
Layout/MultilineMethodCallIndentation:
|
|
52
58
|
Enabled: false
|
|
53
59
|
DoubleNegation:
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,53 @@
|
|
|
1
|
+
# [6.6.2] / 2020-07-09
|
|
2
|
+
|
|
3
|
+
### Added
|
|
4
|
+
* support for rebar3 [Removed] support for rebar2 [#173637980] - [b20e7444](https://github.com/pivotal/LicenseFinder/commit/b20e7444c147d8dbfa46eb4e8e549e03be751e02) - Jeff Jun
|
|
5
|
+
|
|
6
|
+
### Fixed
|
|
7
|
+
* handle empty case for mix dependencies [#173637843] - [fc34b281](https://github.com/pivotal/LicenseFinder/commit/fc34b2813925a709addde675849e199b05fc4a23) - Jeff Jun
|
|
8
|
+
|
|
9
|
+
### Removed
|
|
10
|
+
[Added] support for rebar3 * support for rebar2 [#173637980] - [b20e7444](https://github.com/pivotal/LicenseFinder/commit/b20e7444c147d8dbfa46eb4e8e549e03be751e02) - Jeff Jun
|
|
11
|
+
|
|
12
|
+
# [6.6.1] / 2020-06-30
|
|
13
|
+
|
|
14
|
+
### Changed
|
|
15
|
+
* Handle multiple solution files for nuget [#173021333] - [040d9559](https://github.com/pivotal/LicenseFinder/commit/040d9559a4bda07490255cc34c1a7891081bc511)
|
|
16
|
+
* matches license names from pypi api call with known licenses to avoid returning misformatted licenses [#173421573] - [6b96d746](https://github.com/pivotal/LicenseFinder/commit/6b96d74600034abcacee6ed2b322aa3abfaa0992) - Jeff Jun
|
|
17
|
+
* Update Nuget Package Manager prepare command - [6ac07066](https://github.com/pivotal/LicenseFinder/commit/6ac070668955bc034da1647658440ce5bb0d9bd2) - Jason Smith
|
|
18
|
+
|
|
19
|
+
# [6.6.0] / 2020-06-22
|
|
20
|
+
|
|
21
|
+
# [6.5.0] / 2020-06-01
|
|
22
|
+
|
|
23
|
+
### Added
|
|
24
|
+
* Support legacy nuget projects [#172950097] - [0cccbcf9](https://github.com/pivotal/LicenseFinder/commit/0cccbcf9aa92f4297ef0174242bdb19da1babc65)
|
|
25
|
+
|
|
26
|
+
### Changed
|
|
27
|
+
* Upgrade to golang 1.14.3. Update dotnet-sdk to 3.1 - [0969e98f](https://github.com/pivotal/LicenseFinder/commit/0969e98fde4a82f8931601baa4dd96dc01300a14)
|
|
28
|
+
|
|
29
|
+
# [6.4.0] / 2020-05-22
|
|
30
|
+
|
|
31
|
+
Big shout out to @forelabs for introducing many new features and improvements for this release. Thanks again!!
|
|
32
|
+
|
|
33
|
+
### Added
|
|
34
|
+
* Introducing new inherited_decisions command - [3453feb](https://github.com/pivotal/LicenseFinder/commit/3453feb659a6c3c6e5aa444e3755ddd5d32f3664) - Sven Dunemann
|
|
35
|
+
* Decision Applier: Merge manual and system packages - [c690532](https://github.com/pivotal/LicenseFinder/commit/c690532ec8addab16bef4edd390f05ceb353435f) - Sven Dunemann
|
|
36
|
+
* Introduce package_url to packages - [18972f7](https://github.com/pivotal/LicenseFinder/commit/18972f7b3a04340e1b7bb560780130b68696b8a2) - Sven Dunemann
|
|
37
|
+
* Add --write-headers option for csv exports - [18e01f8](https://github.com/pivotal/LicenseFinder/commit/18e01f8728a9dc525d7567292cc1e2f390ec854d) - Sven Dunemann
|
|
38
|
+
* Yarn: Add authors & install_path - [08a0f67](https://github.com/pivotal/LicenseFinder/commit/08a0f67837a218231217767561f2282c1b3a890a) - Sven Dunemann
|
|
39
|
+
* install path for nuget dependencies [#172251374] - [ad73c946](https://github.com/pivotal/LicenseFinder/commit/ad73c946113846f8f548adfc73542aebb3763175) - Jeff Jun
|
|
40
|
+
* new Rubocop cops - [c4cc6b8b](https://github.com/pivotal/LicenseFinder/commit/c4cc6b8b13273db17b65cecaf24c9053e4989ea1) - Jeff Jun
|
|
41
|
+
|
|
42
|
+
### Fixed
|
|
43
|
+
* Separate lines in license text with LF when exported to JSON - [baddb976](https://github.com/pivotal/LicenseFinder/commit/baddb976e7a8683c5cc320eddc8c2712dfb16c15) - Robert Huitl
|
|
44
|
+
|
|
45
|
+
### Changed
|
|
46
|
+
* Go15VendorExperiment: Detect go only if vendor includes go files - [0f8e609](https://github.com/pivotal/LicenseFinder/commit/0f8e609f0921937c6187deccd80e4bc4b7d67ee4) - Sven Dunemann
|
|
47
|
+
* Bump PHP version to 7.4 - [cbe45c5](https://github.com/pivotal/LicenseFinder/commit/cbe45c5cdb3ec200ea215086a3b3eb879e83222a) - Yivan
|
|
48
|
+
* Significantly improve the license text matching file to be more dynamic - [acf5705](https://github.com/pivotal/LicenseFinder/commit/acf570573b4a2414d9c43212dea5d4ecb157319e)
|
|
49
|
+
* Update Ruby version to 2.7.1 [#172295831] - [475e2948](https://github.com/pivotal/LicenseFinder/commit/475e2948ec1ad859aee59e77aa9ce2a51e1a5029)
|
|
50
|
+
|
|
1
51
|
# [6.3.0] / 2020-05-06
|
|
2
52
|
|
|
3
53
|
### Added
|
|
@@ -10,6 +60,11 @@
|
|
|
10
60
|
* Bump PHP version to 7.3 - [1c3c3271](https://github.com/pivotal/LicenseFinder/commit/1c3c3271b977a6c8d24e4159a6b8098a51086522)
|
|
11
61
|
* Remove +compatible in Go package versions [#171754392] - [5cba5801](https://github.com/pivotal/LicenseFinder/commit/5cba5801f4f276482f01bfeea46fde0dbbcce7b1)
|
|
12
62
|
|
|
63
|
+
### Fixed
|
|
64
|
+
* Fixed Maven Package manager Groups check - [5058d90](https://github.com/pivotal/LicenseFinder/commit/5058d90246a25ca15c72e0eed8e19ebbf7e39998) - Ravi Soni
|
|
65
|
+
* GoModules: fix compute with vendor mod - [067eb19](https://github.com/pivotal/LicenseFinder/commit/067eb1916ce024039631bdbd4114ababa6c02c3a) - forelabs
|
|
66
|
+
* Do not set Bundle path. Bundler will figure it out. - [6319a7a](https://github.com/pivotal/LicenseFinder/commit/6319a7a281bd9cc997c08c903674ab51fcc6545e) - mvz
|
|
67
|
+
|
|
13
68
|
# [6.2.0] / 2020-04-07
|
|
14
69
|
|
|
15
70
|
### Fixed
|
|
@@ -837,3 +892,8 @@ Bugfixes:
|
|
|
837
892
|
[6.1.2]: https://github.com/pivotal/LicenseFinder/compare/v6.1.0...v6.1.2
|
|
838
893
|
[6.2.0]: https://github.com/pivotal/LicenseFinder/compare/v6.1.2...v6.2.0
|
|
839
894
|
[6.3.0]: https://github.com/pivotal/LicenseFinder/compare/v6.2.0...v6.3.0
|
|
895
|
+
[6.4.0]: https://github.com/pivotal/LicenseFinder/compare/v6.3.0...v6.4.0
|
|
896
|
+
[6.5.0]: https://github.com/pivotal/LicenseFinder/compare/v6.4.0...v6.5.0
|
|
897
|
+
[6.6.0]: https://github.com/pivotal/LicenseFinder/compare/v6.5.0...v6.6.0
|
|
898
|
+
[6.6.1]: https://github.com/pivotal/LicenseFinder/compare/v6.6.0...v6.6.1
|
|
899
|
+
[6.6.2]: https://github.com/pivotal/LicenseFinder/compare/v6.6.1...v6.6.2
|
data/Dockerfile
CHANGED
|
@@ -3,11 +3,11 @@ FROM ubuntu:xenial
|
|
|
3
3
|
# Versioning
|
|
4
4
|
ENV PIP_INSTALL_VERSION 19.0.2
|
|
5
5
|
ENV PIP3_INSTALL_VERSION 8.1.1
|
|
6
|
-
ENV GO_LANG_VERSION 1.
|
|
6
|
+
ENV GO_LANG_VERSION 1.14.3
|
|
7
7
|
ENV MAVEN_VERSION 3.6.0
|
|
8
8
|
ENV SBT_VERSION 1.3.3
|
|
9
9
|
ENV GRADLE_VERSION 5.6.4
|
|
10
|
-
ENV RUBY_VERSION 2.
|
|
10
|
+
ENV RUBY_VERSION 2.7.1
|
|
11
11
|
ENV MIX_VERSION 1.0
|
|
12
12
|
ENV COMPOSER_ALLOW_SUPERUSER 1
|
|
13
13
|
|
|
@@ -48,11 +48,13 @@ ENV JAVA_HOME=/opt/jdk-12.0.2
|
|
|
48
48
|
ENV PATH=$PATH:$JAVA_HOME/bin
|
|
49
49
|
RUN java -version
|
|
50
50
|
|
|
51
|
-
# install
|
|
52
|
-
RUN
|
|
51
|
+
# install rebar3
|
|
52
|
+
RUN curl -o rebar3 https://s3.amazonaws.com/rebar3/rebar3 && \
|
|
53
|
+
sudo chmod +x rebar3 && \
|
|
54
|
+
sudo mv rebar3 /usr/local/bin/rebar3
|
|
53
55
|
|
|
54
|
-
# install and update python-pip
|
|
55
|
-
RUN apt-get install -y python-pip python3-pip && \
|
|
56
|
+
# install and update python and python-pip
|
|
57
|
+
RUN apt-get install -y python python-pip python3-pip && \
|
|
56
58
|
pip2 install --no-cache-dir --upgrade pip==$PIP_INSTALL_VERSION && \
|
|
57
59
|
pip3 install --no-cache-dir --upgrade pip==$PIP3_INSTALL_VERSION
|
|
58
60
|
|
|
@@ -141,8 +143,8 @@ RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E03280
|
|
|
141
143
|
echo "deb https://download.mono-project.com/repo/ubuntu stable-xenial main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list &&\
|
|
142
144
|
apt-get update &&\
|
|
143
145
|
apt-get install -y mono-complete &&\
|
|
144
|
-
curl -o /usr/local/bin/nuget.exe https://dist.nuget.org/win-x86-commandline/latest/nuget.exe &&\
|
|
145
|
-
|
|
146
|
+
curl -o "/usr/local/bin/nuget.exe" "https://dist.nuget.org/win-x86-commandline/latest/nuget.exe" &&\
|
|
147
|
+
curl -o "/usr/local/bin/nugetv3.5.0.exe" "https://dist.nuget.org/win-x86-commandline/v3.5.0/nuget.exe"
|
|
146
148
|
|
|
147
149
|
# install dotnet core
|
|
148
150
|
WORKDIR /tmp
|
|
@@ -150,14 +152,14 @@ RUN wget -q https://packages.microsoft.com/config/ubuntu/16.04/packages-microsof
|
|
|
150
152
|
sudo dpkg -i packages-microsoft-prod.deb &&\
|
|
151
153
|
rm packages-microsoft-prod.deb &&\
|
|
152
154
|
sudo apt-get update &&\
|
|
153
|
-
sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0
|
|
155
|
+
sudo apt-get install -y dotnet-runtime-2.1 dotnet-sdk-2.1 dotnet-sdk-2.2 dotnet-sdk-3.0 dotnet-sdk-3.1
|
|
154
156
|
|
|
155
157
|
RUN apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 4F4EA0AAE5267A6C &&\
|
|
156
158
|
echo "deb http://ppa.launchpad.net/ondrej/php/ubuntu xenial main" | sudo tee /etc/apt/sources.list.d/php.list &&\
|
|
157
159
|
apt-get update &&\
|
|
158
|
-
apt-get install -y php7.
|
|
160
|
+
apt-get install -y php7.4-cli &&\
|
|
159
161
|
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" &&\
|
|
160
|
-
php -r "if (hash_file('sha384', 'composer-setup.php') === '
|
|
162
|
+
php -r "if (hash_file('sha384', 'composer-setup.php') === 'e5325b19b381bfd88ce90a5ddb7823406b2a38cff6bb704b0acc289a09c8128d4a8ce2bbafcd1fcbdc38666422fe2806') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" &&\
|
|
161
163
|
php composer-setup.php &&\
|
|
162
164
|
php -r "unlink('composer-setup.php');" &&\
|
|
163
165
|
mv composer.phar /usr/bin/composer
|
data/README.md
CHANGED
|
@@ -7,7 +7,7 @@ Build status
|
|
|
7
7
|
* Ruby 2.4.9 [](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
|
|
8
8
|
* Ruby 2.5.7 [](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
|
|
9
9
|
* Ruby 2.6.5 [](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
|
|
10
|
-
* Ruby 2.7.
|
|
10
|
+
* Ruby 2.7.1 [](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
|
|
11
11
|
* JRuby 9.2.9.0 [](https://norsk.cf-app.com/teams/main/pipelines/LicenseFinder)
|
|
12
12
|
|
|
13
13
|
|
|
@@ -43,7 +43,7 @@ and give you an actionable exception report.
|
|
|
43
43
|
|
|
44
44
|
### Experimental project types
|
|
45
45
|
|
|
46
|
-
* Erlang (via `
|
|
46
|
+
* Erlang (via `rebar3`)
|
|
47
47
|
* Objective-C, Swift (via Carthage or CocoaPods \[0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/)\])
|
|
48
48
|
* Objective-C (+ CocoaPods 0.39 and below. See [CocoaPods Specs Repo Sharding](http://blog.cocoapods.org/Sharding/))
|
|
49
49
|
* Elixir (via `mix`)
|
|
@@ -175,7 +175,7 @@ languages, as long as that language has a package definition in the project dire
|
|
|
175
175
|
* `bower.json` (for `bower`)
|
|
176
176
|
* `Podfile` (for `pod`)
|
|
177
177
|
* `Cartfile` (for `carthage`)
|
|
178
|
-
* `rebar.config` (for `
|
|
178
|
+
* `rebar.config` (for `rebar3`)
|
|
179
179
|
* `mix.exs` (for `mix`)
|
|
180
180
|
* `packages/` directory (for `nuget`)
|
|
181
181
|
* `*.csproj` (for `dotnet`)
|
|
@@ -183,7 +183,7 @@ languages, as long as that language has a package definition in the project dire
|
|
|
183
183
|
* `glide.lock` file (for `glide`)
|
|
184
184
|
* `vendor/vendor.json` file (for `govendor`)
|
|
185
185
|
* `Gopkg.lock` file (for `dep`)
|
|
186
|
-
* `go.
|
|
186
|
+
* `go.mod` file (for `go mod`)
|
|
187
187
|
* `vendor.conf` file (for `trash`)
|
|
188
188
|
* `yarn.lock` file (for `yarn`)
|
|
189
189
|
* `conanfile.txt` file (for `conan`)
|
|
@@ -359,7 +359,7 @@ $ license_finder dependencies remove my_js_dep
|
|
|
359
359
|
Sometimes a project will have development or test dependencies which
|
|
360
360
|
you don't want to track. You can exclude theses dependencies by running
|
|
361
361
|
`license_finder ignored_groups`. (Currently this only works for packages
|
|
362
|
-
managed by Bundler, NPM, and Nuget.)
|
|
362
|
+
managed by Bundler, NPM, Yarn, Maven, Pip2, Pip3, and Nuget.)
|
|
363
363
|
|
|
364
364
|
On rare occasions a package manager will report an individual dependency
|
|
365
365
|
that you want to exclude from all reports, even though it is approved.
|
|
@@ -379,6 +379,26 @@ items, even if someone attempts to manually approve or permit it. However,
|
|
|
379
379
|
if a dependency has even one license that is not restricted, it can still be
|
|
380
380
|
manually approved or permitted.
|
|
381
381
|
|
|
382
|
+
## Decision inheritance
|
|
383
|
+
|
|
384
|
+
Add or remove decision files you want to inherit from - see `license_finder inherited_decisions help` for more information.
|
|
385
|
+
|
|
386
|
+
This allows you to have a centralized decision file for approved/restricted licenses. If you have multiple projects it's way easier to have one single place where you approved or restricted licenses defined.
|
|
387
|
+
|
|
388
|
+
Add one or more decision files to the inherited decisions
|
|
389
|
+
```bash
|
|
390
|
+
license_finder inherited_decisions add DECISION_FILE
|
|
391
|
+
```
|
|
392
|
+
|
|
393
|
+
Remove one or more decision files from the inherited decisions
|
|
394
|
+
```bash
|
|
395
|
+
license_finder inherited_decisions remove DECISION_FILE
|
|
396
|
+
```
|
|
397
|
+
|
|
398
|
+
List all the inherited decision files
|
|
399
|
+
```bash
|
|
400
|
+
license_finder inherited_decisions list
|
|
401
|
+
```
|
|
382
402
|
|
|
383
403
|
## Configuration
|
|
384
404
|
|
|
@@ -392,7 +412,7 @@ If you have a gradle project, you can invoke gradle with a custom script by
|
|
|
392
412
|
passing (for example) `--gradle_command gradlew` to `license_finder` or
|
|
393
413
|
`license_finder report`.
|
|
394
414
|
|
|
395
|
-
Similarly you can invoke a custom rebar script with `--rebar_command
|
|
415
|
+
Similarly you can invoke a custom rebar script with `--rebar_command rebar`.
|
|
396
416
|
If you store rebar dependencies in a custom directory (by setting `deps_dir` in
|
|
397
417
|
`rebar.config`), set `--rebar_deps_dir`.
|
|
398
418
|
|
|
@@ -467,6 +487,8 @@ licenseConfigurations := Set("compile", "provided")
|
|
|
467
487
|
|
|
468
488
|
## Upgrading
|
|
469
489
|
|
|
490
|
+
To upgrade to `license_finder` version >= 6.0, you have to replace the terminology `whitelist` with `permit` and `blacklist` with `restrict` in your `dependency_decisions.yml`. See [Changelog](https://github.com/pivotal/LicenseFinder/blob/master/CHANGELOG.md#600--2020-01-22) for more details.
|
|
491
|
+
|
|
470
492
|
To upgrade from `license_finder` version 1.2 to 2.0, see
|
|
471
493
|
[`license_finder_upgrade`](https://github.com/mainej/license_finder_upgrade).
|
|
472
494
|
To upgrade to 2.0 from a version lower than 1.2, first upgrade to 1.2, and run
|
data/Rakefile
CHANGED
|
@@ -63,7 +63,7 @@ task :update_pipeline, [:slack_url, :slack_channel] do |_, args|
|
|
|
63
63
|
puts 'Warning: You should provide slack channel and url to receive slack notifications on build failures'
|
|
64
64
|
end
|
|
65
65
|
|
|
66
|
-
ruby_versions = %w[2.7.
|
|
66
|
+
ruby_versions = %w[2.7.1 2.6.5 2.5.7 2.4.9 2.3.8 jruby-9.2.9.0]
|
|
67
67
|
|
|
68
68
|
params = []
|
|
69
69
|
params << "ruby_versions=#{ruby_versions.join(',')}"
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
6.
|
|
1
|
+
6.6.2
|
|
@@ -24,7 +24,7 @@ resources:
|
|
|
24
24
|
source:
|
|
25
25
|
driver: gcs
|
|
26
26
|
bucket: lf-semver-version
|
|
27
|
-
key:
|
|
27
|
+
key: version
|
|
28
28
|
json_key: ((GCPQueuedReportsBucketCredentials))
|
|
29
29
|
|
|
30
30
|
- name: dockerhub-edge
|
|
@@ -123,21 +123,31 @@ jobs:
|
|
|
123
123
|
|
|
124
124
|
- name: bump-major
|
|
125
125
|
plan:
|
|
126
|
-
-
|
|
126
|
+
- get: semver-version
|
|
127
127
|
tags: ["private-worker"]
|
|
128
128
|
params: {bump: major}
|
|
129
|
+
- put: semver-version
|
|
130
|
+
tags: ["private-worker"]
|
|
131
|
+
params: {file: semver-version/version}
|
|
132
|
+
|
|
129
133
|
|
|
130
134
|
- name: bump-minor
|
|
131
135
|
plan:
|
|
132
|
-
-
|
|
136
|
+
- get: semver-version
|
|
133
137
|
tags: ["private-worker"]
|
|
134
138
|
params: {bump: minor}
|
|
139
|
+
- put: semver-version
|
|
140
|
+
tags: ["private-worker"]
|
|
141
|
+
params: {file: semver-version/version}
|
|
135
142
|
|
|
136
143
|
- name: bump-patch
|
|
137
144
|
plan:
|
|
138
|
-
-
|
|
145
|
+
- get: semver-version
|
|
139
146
|
tags: ["private-worker"]
|
|
140
147
|
params: {bump: patch}
|
|
148
|
+
- put: semver-version
|
|
149
|
+
tags: ["private-worker"]
|
|
150
|
+
params: {file: semver-version/version}
|
|
141
151
|
|
|
142
152
|
- name: release
|
|
143
153
|
disable_manual_trigger: true
|
data/ci/tasks/rubocop.yml
CHANGED
data/lib/license_finder/cli.rb
CHANGED
|
@@ -8,6 +8,7 @@ end
|
|
|
8
8
|
require 'license_finder/cli/patched_thor'
|
|
9
9
|
require 'license_finder/cli/base'
|
|
10
10
|
require 'license_finder/cli/makes_decisions'
|
|
11
|
+
require 'license_finder/cli/inherited_decisions'
|
|
11
12
|
require 'license_finder/cli/permitted_licenses'
|
|
12
13
|
require 'license_finder/cli/restricted_licenses'
|
|
13
14
|
require 'license_finder/cli/dependencies'
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module LicenseFinder
|
|
4
|
+
module CLI
|
|
5
|
+
class InheritedDecisions < Base
|
|
6
|
+
extend Subcommand
|
|
7
|
+
include MakesDecisions
|
|
8
|
+
|
|
9
|
+
desc 'list', 'List all the inherited decision files'
|
|
10
|
+
def list
|
|
11
|
+
say 'Inherited Decision Files:', :blue
|
|
12
|
+
say_each(decisions.inherited_decisions)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
auditable
|
|
16
|
+
desc 'add DECISION_FILE...', 'Add one or more decision files to the inherited decisions'
|
|
17
|
+
def add(*decision_files)
|
|
18
|
+
assert_some decision_files
|
|
19
|
+
modifying { decision_files.each { |filepath| decisions.inherit_from(filepath) } }
|
|
20
|
+
say "Added #{decision_files.join(', ')} to the inherited decisions"
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
auditable
|
|
24
|
+
desc 'add_with_auth URL AUTH_TYPE TOKEN_OR_ENV', 'Add a remote decision file that needs authentication'
|
|
25
|
+
def add_with_auth(*params)
|
|
26
|
+
url, auth_type, token_or_env = params
|
|
27
|
+
auth_info = { 'url' => url, 'authorization' => "#{auth_type} #{token_or_env}" }
|
|
28
|
+
modifying { decisions.add_decision [:inherit_from, auth_info] }
|
|
29
|
+
say "Added #{url} to the inherited decisions"
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
auditable
|
|
33
|
+
desc 'remove DECISION_FILE...', 'Remove one or more decision files from the inherited decisions'
|
|
34
|
+
def remove(*decision_files)
|
|
35
|
+
assert_some decision_files
|
|
36
|
+
modifying { decision_files.each { |filepath| decisions.remove_inheritance(filepath) } }
|
|
37
|
+
say "Removed #{decision_files.join(', ')} from the inherited decisions"
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
auditable
|
|
41
|
+
desc 'remove_with_auth URL AUTH_TYPE TOKEN_OR_ENV', 'Add a remote decision file that needs authentication'
|
|
42
|
+
def remove_with_auth(*params)
|
|
43
|
+
url, auth_type, token_or_env = params
|
|
44
|
+
auth_info = { 'url' => url, 'authorization' => "#{auth_type} #{token_or_env}" }
|
|
45
|
+
modifying { decisions.remove_inheritance(auth_info) }
|
|
46
|
+
say "Removed #{url} from the inherited decisions"
|
|
47
|
+
end
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
@@ -140,6 +140,7 @@ module LicenseFinder
|
|
|
140
140
|
desc 'report', "Print a report of the project's dependencies to stdout"
|
|
141
141
|
shared_options
|
|
142
142
|
format_option
|
|
143
|
+
method_option :write_headers, type: :boolean, desc: 'Write exported columns as header row (csv).', default: false, required: false
|
|
143
144
|
method_option :save, desc: "Save report to a file. Default: 'license_report.csv' in project root.", lazy_default: 'license_report'
|
|
144
145
|
|
|
145
146
|
def report
|
|
@@ -171,6 +172,7 @@ module LicenseFinder
|
|
|
171
172
|
subcommand 'permitted_licenses', PermittedLicenses, 'Automatically approve any dependency that has a permitted license'
|
|
172
173
|
subcommand 'restricted_licenses', RestrictedLicenses, 'Forbid approval of any dependency whose licenses are all restricted'
|
|
173
174
|
subcommand 'project_name', ProjectName, 'Set the project name, for display in reports'
|
|
175
|
+
subcommand 'inherited_decisions', InheritedDecisions, 'Add or remove decision files you want to inherit from'
|
|
174
176
|
|
|
175
177
|
private
|
|
176
178
|
|
|
@@ -203,7 +205,7 @@ module LicenseFinder
|
|
|
203
205
|
def report_of(content)
|
|
204
206
|
report = FORMATS[config.format] || FORMATS['text']
|
|
205
207
|
report = MergedReport if report == CsvReport && config.aggregate_paths
|
|
206
|
-
report.of(content, columns: config.columns, project_name: decisions.project_name || config.project_path.basename.to_s)
|
|
208
|
+
report.of(content, columns: config.columns, project_name: decisions.project_name || config.project_path.basename.to_s, write_headers: config.write_headers)
|
|
207
209
|
end
|
|
208
210
|
|
|
209
211
|
def save?
|
|
@@ -35,7 +35,7 @@ module LicenseFinder
|
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
def rebar_deps_dir
|
|
38
|
-
path = get(:rebar_deps_dir) || '
|
|
38
|
+
path = get(:rebar_deps_dir) || '_build/default/lib'
|
|
39
39
|
project_path.join(path).expand_path
|
|
40
40
|
end
|
|
41
41
|
|
|
@@ -109,6 +109,10 @@ module LicenseFinder
|
|
|
109
109
|
get(:prepare_no_fail)
|
|
110
110
|
end
|
|
111
111
|
|
|
112
|
+
def write_headers
|
|
113
|
+
get(:write_headers)
|
|
114
|
+
end
|
|
115
|
+
|
|
112
116
|
def save_file
|
|
113
117
|
get(:save)
|
|
114
118
|
end
|
|
@@ -4,7 +4,7 @@ module LicenseFinder
|
|
|
4
4
|
class DecisionApplier
|
|
5
5
|
def initialize(options)
|
|
6
6
|
@decisions = options.fetch(:decisions)
|
|
7
|
-
@all_packages =
|
|
7
|
+
@all_packages = options.fetch(:packages).to_set + @decisions.packages.to_set
|
|
8
8
|
@acknowledged = apply_decisions
|
|
9
9
|
end
|
|
10
10
|
|
|
@@ -28,10 +28,14 @@ module LicenseFinder
|
|
|
28
28
|
|
|
29
29
|
def apply_decisions
|
|
30
30
|
all_packages
|
|
31
|
-
.map { |package| with_decided_licenses(package) }
|
|
32
|
-
.map { |package| with_approval(package) }
|
|
33
|
-
.map { |package| with_homepage(package) }
|
|
34
31
|
.reject { |package| ignored?(package) }
|
|
32
|
+
.map do |package|
|
|
33
|
+
with_homepage(
|
|
34
|
+
with_approval(
|
|
35
|
+
with_decided_licenses(package)
|
|
36
|
+
)
|
|
37
|
+
)
|
|
38
|
+
end
|
|
35
39
|
end
|
|
36
40
|
|
|
37
41
|
def ignored?(package)
|