license_finder 7.0.1 → 7.2.0

data/ci/pipelines/pull-request.yml.erb

@@ -13,27 +13,34 @@ resource_types:
   source:
     repository: cfcommunity/slack-notification-resource
     tag: latest
-    username: ((LicenseFinderDocker.username))
-    password: ((LicenseFinderDocker.password))
+    username: ((license-finder-docker-username))
+    password: ((license-finder-docker-password))
 <% end %>
 
 resources:
+- name: lf-git
+  type: git
+  source:
+    uri: git@github.com:pivotal/LicenseFinder.git
+    private_key: ((github-cf-osl-bot-private-key))
+    branch: master
+
 - name: github-pull-request
   type: pull-request
   check_every: 24h
-  webhook_token: ((GithubPullRequestWebhookToken))
+  webhook_token: ((github-pull-request-webhook-token))
   source:
     repository: pivotal/LicenseFinder
-    access_token: ((GithubApiPullRequestToken))
+    access_token: ((github-api-pull-request-token))
 
 - name: dockerhub-pr
   type: docker-image
   source:
     tag: edge-pr
     repository: licensefinder/license_finder
-    email: ((LicenseFinderDockerEmail))
-    username: ((LicenseFinderDocker.username))
-    password: ((LicenseFinderDocker.password))
+    email: ((license-finder-docker-email))
+    username: ((license-finder-docker-username))
+    password: ((license-finder-docker-password))
 
 <% if setup_slack %>
 - name: slack-alert
@@ -47,23 +54,19 @@ jobs:
   public: true
   plan:
   - get: github-pull-request
-    tags: ["private-worker"]
     version: every
     trigger: true
   - put: dockerhub-pr
-    tags: ["private-worker"]
     params:
       build: github-pull-request
   on_success:
     put: github-pull-request
-    tags: ["private-worker"]
     params:
       path: github-pull-request
       status: success
       context: build-docker-image
   on_failure:
     put: github-pull-request
-    tags: ["private-worker"]
     params:
       path: github-pull-request
       status: failure
@@ -72,32 +75,29 @@ jobs:
 - name: PR-ruby-<%= ruby_version %>-linux
   public: true
   plan:
-  - get: github-pull-request
-    tags: ["private-worker"]
-    passed: [build-docker-image]
-    version: every
-  - get: dockerhub-pr
-    tags: ["private-worker"]
-    passed: [build-docker-image]
-    trigger: true
+  - in_parallel:
+    - get: github-pull-request
+      passed: [build-docker-image]
+      version: every
+    - get: dockerhub-pr
+      passed: [build-docker-image]
+      trigger: true
+    - get: lf-git
   - task: ruby-<%= ruby_version %>
-    tags: ["private-worker"]
     privileged: true
     image: dockerhub-pr
-    file: github-pull-request/ci/tasks/run-tests.yml
+    file: lf-git/ci/tasks/run-tests.yml
     params:
       RUBY_VERSION_UNDER_TEST: <%= ruby_version %>
     input_mapping: { LicenseFinder: github-pull-request }
     on_success:
       put: github-pull-request
-      tags: ["private-worker"]
       params:
         path: github-pull-request
         status: success
         context: ruby-<%= ruby_version %>
     on_failure:
       put: github-pull-request
-      tags: ["private-worker"]
       params:
         path: github-pull-request
         status: failure
@@ -105,7 +105,6 @@ jobs:
 <% if setup_slack %>
   on_failure:
     put: slack-alert
-    tags: ["private-worker"]
     params:
       channel: '<%= slack_channel %>'
       icon_emoji: ':crying_cat_face:'
@@ -116,25 +115,23 @@ jobs:
 - name: PR-rubocop
   public: true
   plan:
-  - get: github-pull-request
-    tags: ["private-worker"]
-    trigger: true
-    version: every
+  - in_parallel:
+    - get: github-pull-request
+      trigger: true
+      version: every
+    - get: lf-git
   - task: run-rubocop
-    tags: ["private-worker"]
     privileged: true
-    file: github-pull-request/ci/tasks/rubocop.yml
+    file: lf-git/ci/tasks/rubocop.yml
     input_mapping: { LicenseFinder: github-pull-request }
     on_success:
       put: github-pull-request
-      tags: ["private-worker"]
       params:
         path: github-pull-request
         status: success
         context: run-rubocop
     on_failure:
       put: github-pull-request
-      tags: ["private-worker"]
       params:
         path: github-pull-request
         status: failure

data/ci/pipelines/release.yml.erb

@@ -8,8 +8,8 @@ resource_types:
   source:
     repository: cfcommunity/slack-notification-resource
     tag: latest
-    username: ((LicenseFinderDocker.username))
-    password: ((LicenseFinderDocker.password))
+    username: ((license-finder-docker-username))
+    password: ((license-finder-docker-password))
 <% end %>
 
 resources:
@@ -17,7 +17,7 @@ resources:
   type: git
   source:
     uri: git@github.com:pivotal/LicenseFinder.git
-    private_key: ((CfOslBot.private_key))
+    private_key: ((github-cf-osl-bot-private-key))
     branch: master
     ignore_paths: [VERSION, CHANGELOG.md]
 
@@ -27,24 +27,24 @@ resources:
     driver: gcs
     bucket: lf-semver-version
     key: version
-    json_key: ((GCPQueuedReportsBucketCredentials))
+    json_key: ((lf-bucket-credentials))
 
 - name: dockerhub-edge
   type: docker-image
   source:
     tag: edge
     repository: licensefinder/license_finder
-    email: ((LicenseFinderDockerEmail))
-    username: ((LicenseFinderDocker.username))
-    password: ((LicenseFinderDocker.password))
+    email: ((license-finder-docker-email))
+    username: ((license-finder-docker-username))
+    password: ((license-finder-docker-password))
 
 - name: dockerhub
   type: docker-image
   source:
     repository: licensefinder/license_finder
-    email: ((LicenseFinderDockerEmail))
-    username: ((LicenseFinderDocker.username))
-    password: ((LicenseFinderDocker.password))
+    email: ((license-finder-docker-email))
+    username: ((license-finder-docker-username))
+    password: ((license-finder-docker-password))
 
 - name: lf-release
   type: github-release
@@ -52,7 +52,7 @@ resources:
   source:
     owner: pivotal
     repository: LicenseFinder
-    access_token: ((GithubApiRootToken))
+    access_token: ((github-api-root-token))
 
 <% if setup_slack %>
 - name: slack-alert
@@ -66,10 +66,8 @@ jobs:
   public: true
   plan:
     - get: lf-git
-      tags: ["private-worker"]
       trigger: true
     - put: dockerhub-edge
-      tags: ["private-worker"]
       params:
         build: lf-git
 
@@ -78,16 +76,13 @@ jobs:
   public: true
   plan:
   - get: dockerhub-edge
-    tags: ["private-worker"]
     passed: [build-docker-image]
     trigger: true
   - get: LicenseFinder
-    tags: ["private-worker"]
     resource: lf-git
     passed: [build-docker-image]
     version: every
   - task: ruby-<%= ruby_version %>
-    tags: ["private-worker"]
     privileged: true
     image: dockerhub-edge
     file: LicenseFinder/ci/tasks/run-tests.yml
@@ -97,7 +92,6 @@ jobs:
 <% if setup_slack %>
   on_failure:
     put: slack-alert
-    tags: ["private-worker"]
     params:
       channel: '<%= slack_channel %>'
       icon_emoji: ':crying_cat_face:'
@@ -109,16 +103,13 @@ jobs:
   public: true
   plan:
   - get: dockerhub-edge
-    tags: ["private-worker"]
     passed: [build-docker-image]
     trigger: true
   - get: LicenseFinder
-    tags: ["private-worker"]
     resource: lf-git
     version: every
     passed: [build-docker-image]
   - task: run-rubocop
-    tags: ["private-worker"]
     privileged: true
     file: LicenseFinder/ci/tasks/rubocop.yml
     input_mapping: { LicenseFinder: LicenseFinder }
@@ -126,74 +117,59 @@ jobs:
 - name: bump-major
   plan:
     - get: semver-version
-      tags: ["private-worker"]
       params: {bump: major}
     - put: semver-version
-      tags: ["private-worker"]
       params: {file: semver-version/version}
 
 
 - name: bump-minor
   plan:
     - get: semver-version
-      tags: ["private-worker"]
       params: {bump: minor}
     - put: semver-version
-      tags: ["private-worker"]
       params: {file: semver-version/version}
 
 - name: bump-patch
   plan:
     - get: semver-version
-      tags: ["private-worker"]
       params: {bump: patch}
     - put: semver-version
-      tags: ["private-worker"]
       params: {file: semver-version/version}
 
 - name: release
   disable_manual_trigger: true
   plan:
   - get: lf-git
-    tags: ["private-worker"]
     passed: [<%= "#{ruby_versions.map{ |version| "ruby-#{version}" unless version == "jruby-9.3.1.0" }.compact.join(', ') }, rubocop" %>]
   - get: semver-version
-    tags: ["private-worker"]
     trigger: true
   - get: dockerhub
-    tags: ["private-worker"]
     params:
       save: true
   - get: lf-release
-    tags: ["private-worker"]
   - task: update-changelog
-    tags: ["private-worker"]
     image: dockerhub
     params:
-      GIT_USERNAME: ((GithubApiUser))
-      GIT_EMAIL: ((GithubApiEmail))
+      GIT_USERNAME: ((github-api-user))
+      GIT_EMAIL: ((github-api-email))
     file: lf-git/ci/tasks/update-changelog.yml
   - put: dockerhub
-    tags: ["private-worker"]
     params:
       build: lf-git-changed
       tag: version/version.txt
       tag_as_latest: true
   - put: lf-git
-    tags: ["private-worker"]
     params:
       repository: lf-git-changed
   - task: build-and-push-gem
-    tags: ["private-worker"]
     image: dockerhub
     params:
-      GIT_USERNAME: ((GithubApiUser))
-      GIT_EMAIL: ((GithubApiEmail))
-      GIT_PRIVATE_KEY: ((CfOslBot.private_key))
-      GEM_API_KEY: ((LicenseFinderGemApiKey))
+      GIT_USERNAME: ((github-api-user))
+      GIT_EMAIL: ((github-api-email))
+      GIT_PRIVATE_KEY: ((github-cf-osl-bot-private-key))
+      GEM_API_KEY: ((license-finder-gem-api-key))
     file: lf-git/ci/tasks/build-and-push-gem.yml
   - put: lf-release
-    tags: ["private-worker"]
     params:
       name: version/tag.txt
       tag: version/tag.txt

data/ci/scripts/run-tests.sh

@@ -6,14 +6,30 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 PROJECT_ROOT="$( dirname "$( dirname $DIR )" )"
 
 pushd "$PROJECT_ROOT"
-
-  rvm install --default $RUBY_VERSION_UNDER_TEST
+  DISABLE_BINARY=""
+  if [[ $RUBY_VERSION_UNDER_TEST == "2.6.10" ]]; then
+    DISABLE_BINARY="--disable-binary"
+  fi
+
+  # This is needed for 2.7 but also works for 2.6. For 2.6, you can also downgrade the openssl version to 1.1.1l-1ubuntu1.4 in the dockerfile with allowing downgrades for apt install -y libssl-dev=1.1.1l-1ubuntu1.4
+  if [[ $RUBY_VERSION_UNDER_TEST == "2.6.10" || $RUBY_VERSION_UNDER_TEST == "2.7.8" ]]; then
+    OPEN_SSL_FLAG="--with-openssl-dir=/usr/share/rvm/usr/"
+    rvm pkg install openssl
+  fi
+
+  rvm install --default $RUBY_VERSION_UNDER_TEST $DISABLE_BINARY $OPEN_SSL_FLAG
   ruby --version
 
   export GOPATH=$HOME/go
-  export RUBYOPT='-E utf-8'
+  if [[ $RUBY_VERSION_UNDER_TEST == "2.6.10" || $RUBY_VERSION_UNDER_TEST == "2.7.8" ]]; then
+    export RUBYOPT='-E utf-8 -W0'
+    gem install "rubygems-update:<3.5.0" --no-document
+    gem update --system --conservative
+  else
+    export RUBYOPT='-E utf-8'
+    gem update --system
+  fi
 
-  gem update --system
   gem install bundler
   bundle install
   bundle pristine

data/ci/tasks/rubocop.yml

@@ -4,9 +4,9 @@ image_resource:
   type: registry-image
   source:
     repository: ruby
-    tag: 3.1.1
-    username: ((LicenseFinderDocker.username))
-    password: ((LicenseFinderDocker.password))
+    tag: 3.2.3
+    username: ((license-finder-docker-username))
+    password: ((license-finder-docker-password))
 
 inputs:
 - name: LicenseFinder

data/ci/tasks/update-changelog.yml

@@ -4,8 +4,8 @@ image_resource:
   source:
     repository: brenix/alpine-bash-git-ssh
     tag: latest
-    username: ((LicenseFinderDocker.username))
-    password: ((LicenseFinderDocker.password))
+    username: ((license-finder-docker-username))
+    password: ((license-finder-docker-password))
 platform: linux
 inputs:
 - name: lf-git

data/dlf

@@ -7,7 +7,12 @@ if `which docker > /dev/null`; then
     for p in "$@"; do
       escaped_params="$escaped_params \"$p\""
     done
-    docker run -v $PWD:/scan -it licensefinder/license_finder /bin/bash -lc "cd /scan && $escaped_params"
+    if [[ $escaped_params =~ "&&" ]]; then
+      command=${escaped_params:2:${#escaped_params}-3}
+    else
+      command=$escaped_params
+    fi
+    docker run -v $PWD:/scan -it licensefinder/license_finder /bin/bash -lc "cd /scan && $command"
   fi
 else
   echo "You do not have docker installed. Please install it:"

data/lib/license_finder/cli/base.rb

@@ -46,6 +46,8 @@ module LicenseFinder
           :maven_include_groups,
           :maven_options,
           :npm_options,
+          :yarn_options,
+          :pnpm_options,
           :pip_requirements_path,
           :python_version,
           :rebar_command,

data/lib/license_finder/cli/licenses.rb

@@ -7,19 +7,24 @@ module LicenseFinder
       include MakesDecisions
 
       auditable
+      method_option :version, desc: 'The version associated with the license'
       desc 'add DEPENDENCY LICENSE', "Set a dependency's licenses, overwriting any license_finder has found"
       def add(name, license)
         modifying { decisions.license(name, license, txn) }
 
-        printer.say "The #{name} dependency has been marked as using #{license} license!", :green
+        version_info = options[:version] ? " with version #{options[:version]}" : ''
+        printer.say "The #{name} dependency#{version_info} has been marked as using #{license} license!", :green
       end
 
       auditable
+      method_option :version, desc: 'The version associated with the license'
       desc 'remove DEPENDENCY LICENSE', 'Remove a manually set license'
-      def remove(dep, lic)
+      def remove(dep, lic = nil)
         modifying { decisions.unlicense(dep, lic, txn) }
 
-        printer.say "The dependency #{dep} no longer has a manual license"
+        version_info = options[:version] ? " with version #{options[:version]}" : ''
+        suffix = lic ? " of #{lic}" : ''
+        printer.say "The dependency #{dep}#{version_info} no longer has a manual license#{suffix}"
       end
     end
   end

data/lib/license_finder/cli/main.rb

@@ -32,6 +32,8 @@ module LicenseFinder
       class_option :maven_include_groups, desc: 'Whether dependency name should include group id. Only meaningful if used with a Java/maven project. Defaults to false.'
       class_option :maven_options, desc: 'Maven options to append to command. Defaults to empty.'
       class_option :npm_options, desc: 'npm options to append to command. Defaults to empty.'
+      class_option :yarn_options, desc: 'yarn options to append to command. Defaults to empty.'
+      class_option :pnpm_options, desc: 'pnpm options to append to command. Defaults to empty.'
       class_option :pip_requirements_path, desc: 'Path to python requirements file. Defaults to requirements.txt.'
       class_option :python_version, desc: 'Python version to invoke pip with. Valid versions: 2 or 3. Default: 2'
       class_option :rebar_command, desc: "Command to use when fetching rebar packages. Only meaningful if used with a Erlang/rebar project. Defaults to 'rebar'."
@@ -152,7 +154,7 @@ module LicenseFinder
       shared_options
       format_option
       method_option :write_headers, type: :boolean, desc: 'Write exported columns as header row (csv).', default: false, required: false
-      method_option :save, desc: "Save report to a file. Default: 'license_report.csv' in project root.", lazy_default: 'license_report'
+      method_option :save, desc: "Save report to a file. Default: 'license_report' in project root.", lazy_default: 'license_report'
 
       def report
         finder = LicenseAggregator.new(config, aggregate_paths)

data/lib/license_finder/configuration.rb

@@ -97,6 +97,14 @@ module LicenseFinder
       get(:npm_options)
     end
 
+    def yarn_options
+      get(:yarn_options)
+    end
+
+    def pnpm_options
+      get(:pnpm_options)
+    end
+
     def pip_requirements_path
       get(:pip_requirements_path)
     end

data/lib/license_finder/core.rb

@@ -61,9 +61,9 @@ module LicenseFinder
       clear_logs
       package_managers = @scanner.active_package_managers
       package_managers.each do |manager|
-        logger.debug manager.class, 'Running prepare on project'
+        logger.debug manager.class, "Running prepare on project '#{config.project_path}'"
         manager.prepare
-        logger.debug manager.class, 'Finished prepare on project', color: :green
+        logger.debug manager.class, "Finished prepare on project '#{config.project_path}'", color: :green
       end
     end
 
@@ -101,6 +101,8 @@ module LicenseFinder
         maven_include_groups: config.maven_include_groups,
         maven_options: config.maven_options,
         npm_options: config.npm_options,
+        yarn_options: config.yarn_options,
+        pnpm_options: config.pnpm_options,
         pip_requirements_path: config.pip_requirements_path,
         python_version: config.python_version,
         rebar_command: config.rebar_command,

data/lib/license_finder/decision_applier.rb

@@ -44,7 +44,7 @@ module LicenseFinder
     end
 
     def with_decided_licenses(package)
-      decisions.licenses_of(package.name).each do |license|
+      decisions.licenses_of(package.name, package.version).each do |license|
         package.decide_on_license license
       end
       package

data/lib/license_finder/decisions.rb

@@ -2,6 +2,7 @@
 
 require 'open-uri'
 require 'license_finder/license'
+require 'license_finder/manual_licenses'
 
 module LicenseFinder
   class Decisions
@@ -11,8 +12,8 @@ module LicenseFinder
 
     attr_reader :packages, :permitted, :restricted, :ignored, :ignored_groups, :project_name, :inherited_decisions
 
-    def licenses_of(name)
-      @licenses[name]
+    def licenses_of(name, version = nil)
+      @manual_licenses.licenses_of(name, version)
     end
 
     def homepage_of(name)
@@ -76,7 +77,7 @@ module LicenseFinder
     def initialize
       @decisions = []
       @packages = Set.new
-      @licenses = Hash.new { |h, k| h[k] = Set.new }
+      @manual_licenses = ManualLicenses.new
       @homepages = {}
       @approvals = {}
       @permitted = Set.new
@@ -100,13 +101,29 @@ module LicenseFinder
 
     def license(name, lic, txn = {})
       add_decision [:license, name, lic, txn]
-      @licenses[name] << License.find_by_name(lic)
+
+      versions = txn[:versions]
+
+      if versions.nil? || versions.empty?
+        @manual_licenses.assign_to_all_versions(name, lic)
+      else
+        @manual_licenses.assign_to_specific_versions(name, lic, versions)
+      end
+
       self
     end
 
     def unlicense(name, lic, txn = {})
       add_decision [:unlicense, name, lic, txn]
-      @licenses[name].delete(License.find_by_name(lic))
+
+      versions = txn[:versions]
+
+      if versions.nil? || versions.empty?
+        @manual_licenses.unassign_from_all_versions(name, lic)
+      else
+        @manual_licenses.unassign_from_specific_versions(name, lic, versions)
+      end
+
       self
     end
 
@@ -235,9 +252,10 @@ module LicenseFinder
     end
 
     def restore_inheritance(decisions)
+      previous_value = @inherited
       @inherited = true
       self.class.restore(decisions, self)
-      @inherited = false
+      @inherited = previous_value
       self
     end