license_finder 0.4.1 → 0.4.5

data/.gitignore

@@ -3,4 +3,5 @@ pkg/*
 .bundle
 Gemfile.lock
 .rvmrc
-.idea/*
+.idea/*
+tmp/

data/.rspec

@@ -0,0 +1 @@
+--color

data/{MIT-LICENSE → LICENSE}

@@ -1,6 +1,6 @@
 The MIT License
 
-Copyright (c) 2010 Jacob Maine
+Copyright (c) 2012 Pivotal Labs
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.markdown

@@ -1,98 +1,148 @@
-Goal
-====
+# License Finder
+
+[![Build Status](https://secure.travis-ci.org/pivotal/LicenseFinder.png)](http://travis-ci.org/pivotal/LicenseFinder)
 
 With bundler it's easy for your project to depend on many gems.  This decomposition is nice, but managing licenses becomes difficult.  This tool gathers info about the licenses of the gems in your project.
 
-Usage
+## Installation
 =====
 
-For a Rails project add license_finder to your Gemfile:
-    gem 'license_finder', :git => "https://github.com/pivotal/LicenseFinder.git"
+Add license_finder to your Rails project's Gemfile and `bundle`:
+
+```ruby
+gem 'license_finder', :git => "https://github.com/pivotal/LicenseFinder.git"
+```
+
+Now, initialize license finder:
+
+```sh
+$ bundle exec rake license:init
+```
+
+This will create a `config/license_finder.yml` file that lets you configure license finder.
+This is where you should add licenses which are allowed on the project, so they will be automatically approved.
+
+## Usage
+
+Once you've whitelisted licenses, you can then tell license finder to analyze your Gemfile:
+
+```sh
+$ bundle exec rake license:generate_dependencies
+```
 
-Run 'rake license:init'
-This will create a config/license_finder.yml file that lets you configure license finder.  This is where you should add licenses which are allowed on the project, so they will be automatically approved.
+This will write out a dependencies.yml and dependencies.txt file in the root of your project.
 
-Run 'rake license:generate_dependencies'
-This will write out a dependencies.yml and dependencies.txt file in the root of your project. 
-It will also merge in an existing dependencies.yml file, if one exists.
+It will also merge in an existing dependencies.yml file, if one exists (i.e., you've previously run this command
+and then edited the resulting file).
 
-Run 'rake license:action_items'
-This will output a list of unapproved dependencies to the console
+### Action Items
 
-Run 'rake license:action_items:ok'
-This will return a non-zero exit status if there are unapproved dependencies. Great for CI.
+Once you've generated a `dependencies.yml` file via the `rake license:generate_dependencies` file, you can tell
+License Finder to output a list of dependencies that have non-whitelisted licenses:
+
+```sh
+$ bundle exec rake license:action_items
+```
+
+This will output a list of unapproved dependencies to the console.
+
+Similarly, `bundle exec rake license:action_items:ok` will return a non-zero exit status if there unapproved dependencies.
+You could use this in a CI build, for example, to alert you whenever someone adds an unapproved dependency to the project.
+
+
+## Usage outside Rails
 
 As a standalone script:
 
-    cd ~
-    git clone http://github.com/pivotal/LicenseFinder.git license_finder
-    cd your/project
-    ~/license_finder/bin/license_finder
+```sh
+$ git clone http://github.com/pivotal/LicenseFinder.git license_finder
+$ cd /path/to/your/project
+$ /path/to/license_finder/bin/license_finder
+```
 
 Optionally add `--with-licenses` to include the full text of the licenses in the output.
 
-Sample Output
-=============
 
-dependencies.yml:
+## Sample Output
+
+File: `config/license_finder.yml`:
+
+```yaml
+---
+whitelist:
+- MIT
+- Apache 2.0
+ignore_groups:
+- test
+- development
+```
+
+File: `dependencies.yml`:
 
-    ---
-    - name: "json_pure"
-      version: "1.5.1"
-      license: "other"
-      approved: false
+```yaml
+---
+- name: "json_pure"
+  version: "1.5.1"
+  license: "other"
+  approved: false
 
-    - name: "rake"
-      version: "0.8.7"
-      license: "MIT"
-      approved: true
+- name: "rake"
+  version: "0.8.7"
+  license: "MIT"
+  approved: true
+```
 
-dependencies.txt:
+File: `dependencies.txt`:
 
     json_pure 1.5.1, other
     rake 0.8.7, MIT
 
-bin/license_finder:
-
-    ---
-    json_pure 1.5.1:
-      dependency_name: json_pure
-      dependency_version: 1.5.1
-      install_path: /some/path/.rvm/gems/ruby-1.9.2-p180/gems/json_pure-1.5.1
-      license_files:
-      - file_name: COPYING
-        header_type: other
-        body_type: other
-        disclaimer_of_liability: other
-      - file_name: COPYING-json-jruby
-        header_type: other
-        body_type: other
-        disclaimer_of_liability: other
-      readme_files:
-      - file_name: README
-        mentions_license: true
-      - file_name: README-json-jruby.markdown
-        mentions_license: false
-    ---
-    rake 0.8.7:
-      dependency_name: rake
-      dependency_version: 0.8.7
-      install_path: /some/path/.rvm/gems/ruby-1.9.2-p180/gems/rake-0.8.7
-      license_files:
-      - file_name: MIT-LICENSE
-        header_type: other
-        body_type: mit
-        disclaimer_of_liability: "mit: THE AUTHORS OR COPYRIGHT HOLDERS"
-      readme_files:
-      - file_name: README
-        mentions_license: true
-
-Gem Maintainers
-===============
-
-Please add a license to your gemspec!
-
-    Gem::Specification.new do |s|
-      s.name = "my_great_gem"
-      s.license = "MIT"
-    end
+File: `bin/license_finder`:
+
+```yaml
+---
+json_pure 1.5.1:
+  dependency_name: json_pure
+  dependency_version: 1.5.1
+  install_path: /some/path/.rvm/gems/ruby-1.9.2-p180/gems/json_pure-1.5.1
+  license_files:
+  - file_name: COPYING
+    header_type: other
+    body_type: other
+    disclaimer_of_liability: other
+  - file_name: COPYING-json-jruby
+    header_type: other
+    body_type: other
+    disclaimer_of_liability: other
+  readme_files:
+  - file_name: README
+    mentions_license: true
+  - file_name: README-json-jruby.markdown
+    mentions_license: false
+---
+rake 0.8.7:
+  dependency_name: rake
+  dependency_version: 0.8.7
+  install_path: /some/path/.rvm/gems/ruby-1.9.2-p180/gems/rake-0.8.7
+  license_files:
+  - file_name: MIT-LICENSE
+    header_type: other
+    body_type: mit
+    disclaimer_of_liability: "mit: THE AUTHORS OR COPYRIGHT HOLDERS"
+  readme_files:
+  - file_name: README
+    mentions_license: true
+```
+
+## A note to gem authors / maintainers
+
+For the good of humanity, please add a license to your gemspec!
+
+```ruby
+Gem::Specification.new do |s|
+  s.name = "my_great_gem"
+  s.license = "MIT"
+end
+```
+
+And add a `LICENSE` file to your gem that contains your license text.

data/Rakefile

@@ -2,6 +2,8 @@ require 'bundler'
 Bundler::GemHelper.install_tasks
 
 require 'rspec/core/rake_task'
+require 'cucumber'
+require 'cucumber/rake/task'
 
 desc "Run all specs in spec/"
 RSpec::Core::RakeTask.new(:spec) do |t|
@@ -10,3 +12,10 @@ RSpec::Core::RakeTask.new(:spec) do |t|
   t.rspec_opts = %w[--color]
 end
 
+
+desc "Run all cukes in features/"
+Cucumber::Rake::Task.new(:features) do |t|
+  t.cucumber_opts = "features --format pretty"
+end
+
+task default: [:spec, :features]

data/features/rake_tasks/action_items.feature

@@ -0,0 +1,13 @@
+Feature: rake license:action_items
+  As a user
+  I want a rake task "license:action_items" that lists any dependencies with licenses that fall outside of my whitelist
+  So that I know the limitations of distributing my application
+
+  Scenario: Application with non-free dependency
+    Given I have a rails application with license finder
+    And my rails app depends on a gem "gpl_licensed_gem" licensed with "GPL"
+    And my rails app depends on a gem "mit_licensed_gem" licensed with "MIT"
+    And I whitelist the "MIT" license
+    When I run "bundle exec rake license:action_items"
+    Then I should see "gpl_licensed_gem" in its output
+    And I should not see "mit_licensed_gem" in its output

data/features/rake_tasks/action_items_ok.feature

@@ -0,0 +1,20 @@
+Feature: rake license:action_items:ok
+  As a user
+  I want a rake task "license:action_items:ok" that returns 0/1 exit codes based on whether or not there any action items
+  So that I can create a CI build that fails if there are any action items
+
+  Background:
+    Given I have a rails application with license finder
+
+  Scenario: Application with action items
+    Given my rails app depends on a gem "gpl_licensed_gem" licensed with "GPL"
+    And I whitelist the "MIT" license
+    When I run "bundle exec rake license:action_items:ok"
+    Then I should see "Dependencies that need approval" in its output
+    And it should exit with status code 1
+
+  Scenario: Application with no action items
+    Given I whitelist the following licenses: "MIT, other"
+    When I run "bundle exec rake license:action_items:ok"
+    Then I should see "All gems are approved for use" in its output
+    And it should exit with status code 0

data/features/rake_tasks/generate_dependencies.feature

@@ -0,0 +1,31 @@
+Feature: rake license:generate_dependencies
+  As a user
+  I want a rake task the generates a list of all my application's dependencies and their licenses
+  So that I can manually approve a dependency with a non-whitelisted license
+
+  Scenario: Manually approve non-whitelisted dependency
+    Given I have a rails application with license finder
+    And my rails app depends on a gem "gpl_gem" licensed with "GPL"
+    And I whitelist the "MIT" license
+
+    When I run "bundle exec rake license:generate_dependencies"
+
+    Then license finder should generate a file "dependencies.yml" that includes the following content:
+      """
+      - name: "gpl_gem"
+        version: "0.0.0"
+        license: "GPL"
+        approved: false
+      """
+
+    When I replace that content with the following content in "dependencies.yml":
+      """
+      - name: "gpl_gem"
+        version: "0.0.0"
+        license: "GPL"
+        approved: true
+      """
+
+    And I run "bundle exec rake license:action_items"
+
+    Then I should not see "gpl_gem" in its output

data/features/rake_tasks/init.feature

@@ -0,0 +1,19 @@
+Feature: rake license:init
+  As a user
+  I want a rake task the generates a sample license finder configuration for me
+  So that I can easily get started using License Finder
+
+  Scenario: No license finder configuration
+    Given I have a rails application with license finder
+    When I run "bundle exec rake license:init"
+    Then license finder should generate a file "config/license_finder.yml" with the following content:
+      """
+        ---
+        whitelist:
+        #- MIT
+        #- Apache 2.0
+        ignore_groups:
+        #- test
+        #- development
+        dependencies_file_dir: './'
+      """

data/features/step_definitions/steps.rb

@@ -0,0 +1,131 @@
+Given /^I have a rails application with license finder$/ do
+  @user = DSL::User.new
+  @user.create_rails_app
+end
+
+Given /^my rails app depends on a gem "(.*?)" licensed with "(.*?)"$/ do |gem_name, license|
+  @user.add_dependency_to_app gem_name, license
+end
+
+Given /^I whitelist the "(.*?)" license$/ do |license|
+  @user.configure_license_finder_whitelist [license]
+end
+
+Given /^I whitelist the following licenses: "([^"]*)"$/ do |licenses|
+  @user.configure_license_finder_whitelist licenses.split(", ")
+end
+
+When /^I run "(.*?)"$/ do |command|
+  @output = @user.execute_command command
+end
+
+When /^I replace that content with the following content in "([^"]*)":$/ do |filename, text|
+  @user.edit_file(filename, replace_this: @content, with: text)
+end
+
+Then /^I should see "(.*?)" in its output$/ do |gem_name|
+  @output.should include gem_name
+end
+
+Then /^I should not see "(.*?)" in its output$/ do |gem_name|
+  @output.should_not include gem_name
+end
+
+Then /^license finder should generate a file "([^"]*)" with the following content:$/ do |filename, text|
+  File.read(File.join(@user.app_location, filename)).should == text.gsub(/^\s+/, "")
+end
+
+Then /^license finder should generate a file "([^"]*)" that includes the following content:$/ do |filename, text|
+  @content = text
+  file = File.read(File.join(@user.app_location, filename))
+  file.should include @content
+end
+
+Then /^it should exit with status code (\d)$/ do |status|
+  $?.exitstatus.should == status.to_i
+end
+
+
+
+module DSL
+  class User
+    def create_rails_app
+      reset_sandbox!
+
+      `bundle exec rails new #{app_location} --skip-bundle`
+
+      Bundler.with_clean_env do
+        `cd #{app_location} && echo \"gem 'license_finder', path: '../../'\" >> Gemfile`
+      end
+    end
+
+    def edit_file(filename, options={})
+      replace_this = options.fetch :replace_this
+      with = options.fetch :with
+
+      file_contents = File.read(File.join(app_location, filename))
+
+      file_contents[replace_this] = with
+
+      File.open(File.join(app_location, filename), "w") do |f|
+        f.puts file_contents
+      end
+    end
+
+    def add_dependency_to_app(gem_name, license)
+      `mkdir #{sandbox_location}/#{gem_name}`
+
+      File.open("#{sandbox_location}/#{gem_name}/#{gem_name}.gemspec", 'w') do |file|
+        file.write <<-GEMSPEC
+          Gem::Specification.new do |s|
+            s.name = "#{gem_name}"
+            s.version = "0.0.0"
+            s.author = "Cucumber"
+            s.summary = "Gem for testing License Finder"
+            s.license = "#{license}"
+          end
+        GEMSPEC
+      end
+
+      Bundler.with_clean_env do
+        `cd #{app_location} && echo \"gem '#{gem_name}', path: '../#{gem_name}'\" >> Gemfile && bundle`
+      end
+    end
+
+    def configure_license_finder_whitelist(whitelisted_licenses=[])
+      File.open("tmp/my_app/config/license_finder.yml", "w") do |f|
+        f.write <<-YML
+---
+whitelist:
+#{whitelisted_licenses.map {|l| "- #{l}"}.join("\n")}
+YML
+      end
+    end
+
+    def execute_command(command)
+      Bundler.with_clean_env do
+        @output = `cd #{app_location} && bundle exec #{command}`
+      end
+
+      @output
+    end
+
+    def app_location
+      File.join(sandbox_location, app_name)
+    end
+
+    private
+    def app_name
+      "my_app"
+    end
+
+    def sandbox_location
+      "tmp"
+    end
+
+    def reset_sandbox!
+      `rm -rf #{sandbox_location}`
+      `mkdir #{sandbox_location}`
+    end
+  end
+end