license_finder 0.4.5 → 0.5.0

data/README.markdown

@@ -24,30 +24,62 @@ This is where you should add licenses which are allowed on the project, so they
 
 ## Usage
 
-Once you've whitelisted licenses, you can then tell license finder to analyze your Gemfile:
+Once you've whitelisted licenses, you can then tell license finder to analyze your Gemfile and generate a list of
+dependencies that have non-whitelisted licenses:
 
 ```sh
-$ bundle exec rake license:generate_dependencies
+$ bundle exec rake license:action_items
 ```
 
-This will write out a dependencies.yml and dependencies.txt file in the root of your project.
+This will write out a dependencies.yml and dependencies.txt file in the root of your project, as well as
+output a list of unapproved dependencies to the console. It will also return a non-zero exit status if there
+unapproved dependencies. You could use this in a CI build, for example, to alert you whenever someone adds an
+unapproved dependency to the project.
 
 It will also merge in an existing dependencies.yml file, if one exists (i.e., you've previously run this command
 and then edited the resulting file).
 
-### Action Items
+### Manually approving dependencies
 
-Once you've generated a `dependencies.yml` file via the `rake license:generate_dependencies` file, you can tell
-License Finder to output a list of dependencies that have non-whitelisted licenses:
+Whenever you have a dependency that falls outside of your whitelist, `rake license:action_items` will tell you.
+If your business decides that this is an acceptable risk, you can manually approve the dependency by finding its
+section in the `dependencies.yml` file and setting its `approved` attribute to true. For example, lets assume you've only
+whitelisted the "MIT" license in your `config/license_finder.yml`. You then add the 'awesome_gpl_gem' to your Gemfile,
+which we'll assume is licensed with the `GPL` license. You then run `rake license_finder:action_items` and see
+the gem listed in the output:
 
-```sh
-$ bundle exec rake license:action_items
+```txt
+awesome_gpl_gem 1.0.0, GPL
+```
+
+Your business tells you that in this case, it's acceptable to use this gem. You should now update your `dependencies.yml`
+file, setting the `approved` attribute to `true` for the `awesome_gpl_gem` section:
+
+```yaml
+- name: awesome_gpl_gem
+  version: 1.0.0
+  license: GPL
+  approved: true
 ```
 
-This will output a list of unapproved dependencies to the console.
+If you rerun `rake license:action_items`, you should no longer see `awesome_gpl_gem` in the output.
+
+
+## Manually managing Javascript Dependencies
+
+License Finder currently has no method for automatically detecting third-party javascript libraries in your application
+and alerting you to license violations. However, you can manually add javascript dependencies to your `dependencies.yml`
+file:
+
+```yaml
+- name: "my_javascript_library"
+  version: "0.0.0"
+  license: "GPL"
+  approved: false
+```
 
-Similarly, `bundle exec rake license:action_items:ok` will return a non-zero exit status if there unapproved dependencies.
-You could use this in a CI build, for example, to alert you whenever someone adds an unapproved dependency to the project.
+You could then update the "approved" attribute to true once you have signoff from your business. License Finder will
+remember any manually added licenses between successive runs.
 
 
 ## Usage outside Rails

data/bin/license_finder

@@ -1,7 +1,4 @@
 #!/usr/bin/env ruby
 
-require 'pathname'
-$LOAD_PATH.unshift Pathname.new(__FILE__).dirname + ".." + "lib"
-require "license_finder"
-
-LicenseFinder::Finder.new.from_bundler.each { |lf| puts lf.to_s(ARGV.first == "--with-licenses") }
+require 'license_finder'
+LicenseFinder::CLI.new.check_for_action_items

data/features/executables/license_finder.feature

@@ -0,0 +1,19 @@
+Feature: License Finder command line executable
+
+  Scenario: I want to check if any of my dependencies are not approved
+    Given I have an application setup with rake and license finder
+    And my app depends on a gem "gpl_licensed_gem" licensed with "GPL"
+    And my app depends on a gem "mit_licensed_gem" licensed with "MIT"
+    And I whitelist the "MIT" license
+    When I run "license_finder"
+    Then I should see "gpl_licensed_gem" in its output
+    And I should not see "mit_licensed_gem" in its output
+    And it should exit with status code 1
+
+  Scenario: I want my build to pass when all dependencies are approved
+    Given I have an application setup with rake and license finder
+    And my app depends on a gem "mit_licensed_gem" licensed with "MIT"
+    And I whitelist the following licenses: "MIT, other"
+    When I run "license_finder"
+    Then it should exit with status code 0
+    And I should see "All gems are approved for use" in its output

data/features/rake_tasks/action_items.feature

@@ -3,11 +3,25 @@ Feature: rake license:action_items
   I want a rake task "license:action_items" that lists any dependencies with licenses that fall outside of my whitelist
   So that I know the limitations of distributing my application
 
+  Background:
+    Given I have an application setup with rake and license finder
+
   Scenario: Application with non-free dependency
-    Given I have a rails application with license finder
-    And my rails app depends on a gem "gpl_licensed_gem" licensed with "GPL"
-    And my rails app depends on a gem "mit_licensed_gem" licensed with "MIT"
+    Given my app depends on a gem "gpl_licensed_gem" licensed with "GPL"
+    And my app depends on a gem "mit_licensed_gem" licensed with "MIT"
     And I whitelist the "MIT" license
-    When I run "bundle exec rake license:action_items"
+    When I run "rake license:action_items"
     Then I should see "gpl_licensed_gem" in its output
     And I should not see "mit_licensed_gem" in its output
+
+  Scenario: Application with action items
+    Given my app depends on a gem "gpl_licensed_gem" licensed with "GPL"
+    And I whitelist the "MIT" license
+    When I run "rake license:action_items"
+    Then it should exit with status code 1
+
+  Scenario: Application with no action items
+    Given I whitelist the "MIT" license
+    When I run "rake license:action_items"
+    Then I should see "All gems are approved for use" in its output
+    And it should exit with status code 0

data/features/rake_tasks/action_items_ok.feature

@@ -4,17 +4,20 @@ Feature: rake license:action_items:ok
   So that I can create a CI build that fails if there are any action items
 
   Background:
-    Given I have a rails application with license finder
+    Given I have an application setup with rake and license finder
 
   Scenario: Application with action items
-    Given my rails app depends on a gem "gpl_licensed_gem" licensed with "GPL"
+    Given my app depends on a gem "gpl_licensed_gem" licensed with "GPL"
     And I whitelist the "MIT" license
-    When I run "bundle exec rake license:action_items:ok"
-    Then I should see "Dependencies that need approval" in its output
-    And it should exit with status code 1
+    When I run "rake license:action_items:ok"
+    Then it should exit with status code 1
 
   Scenario: Application with no action items
-    Given I whitelist the following licenses: "MIT, other"
-    When I run "bundle exec rake license:action_items:ok"
+    Given I whitelist the following licenses: "MIT"
+    When I run "rake license:action_items:ok"
     Then I should see "All gems are approved for use" in its output
     And it should exit with status code 0
+
+  Scenario: Deprecation for version 1.0
+    When I run "rake license:action_items:ok"
+    Then I should see "rake license:action_items:ok is deprecated and will be removed in version 1.0.  Use rake license:action_items instead." in its output

data/features/rake_tasks/generate_dependencies.feature

@@ -4,28 +4,59 @@ Feature: rake license:generate_dependencies
   So that I can manually approve a dependency with a non-whitelisted license
 
   Scenario: Manually approve non-whitelisted dependency
-    Given I have a rails application with license finder
-    And my rails app depends on a gem "gpl_gem" licensed with "GPL"
+    Given I have an application setup with rake and license finder
+    And my app depends on a gem "gpl_gem" licensed with "GPL"
     And I whitelist the "MIT" license
 
-    When I run "bundle exec rake license:generate_dependencies"
+    When I run "rake license:generate_dependencies"
+    Then I should see the following settings for "gpl_gem":
+      """
+      version: "0.0.0"
+      license: "GPL"
+      approved: false
+      """
 
-    Then license finder should generate a file "dependencies.yml" that includes the following content:
+    When I update the settings for "gpl_gem" with the following content:
       """
-      - name: "gpl_gem"
+      approved: true
+      """
+    And I run "rake license:action_items"
+    Then I should not see "gpl_gem" in its output
+
+  Scenario: Manually adding a javascript dependency to dependencies.yml
+    Given I have an application setup with rake and license finder
+    When I run "rake license:generate_dependencies"
+    And I add the following content to "dependencies.yml":
+      """
+      - name: "my_javascript_library"
         version: "0.0.0"
         license: "GPL"
         approved: false
       """
+    And I run "rake license:action_items"
+    Then I should see "my_javascript_library" in its output
 
-    When I replace that content with the following content in "dependencies.yml":
+    When I update the settings for "my_javascript_library" with the following content:
       """
-      - name: "gpl_gem"
-        version: "0.0.0"
-        license: "GPL"
-        approved: true
+      approved: true
       """
+    And I run "rake license:action_items"
+    Then I should not see "my_javascript_library" in its output
 
-    And I run "bundle exec rake license:action_items"
+  Scenario: I want to see the group that my dependencies belong to in the dependencies.txt
+    Given I have an application setup with rake and license finder
+    And my app depends on a gem "mit_gem" licensed with "MIT" in the "production" bundler groups
+    When I run "rake license:generate_dependencies"
+    Then license finder should generate a file "dependencies.txt" containing:
+      """
+      mit_gem 0.0.0, MIT, production
+      """
 
-    Then I should not see "gpl_gem" in its output
+  Scenario: I have specified multiple groups for my gem
+    Given I have an application setup with rake and license finder
+    And my app depends on a gem "mit_gem" licensed with "MIT" in the "production, demo, staging" bundler groups
+    When I run "rake license:generate_dependencies"
+    Then license finder should generate a file "dependencies.txt" containing:
+      """
+      mit_gem 0.0.0, MIT, production, demo, staging
+      """

data/features/rake_tasks/init.feature

@@ -5,7 +5,7 @@ Feature: rake license:init
 
   Scenario: No license finder configuration
     Given I have a rails application with license finder
-    When I run "bundle exec rake license:init"
+    When I run "rake license:init"
     Then license finder should generate a file "config/license_finder.yml" with the following content:
       """
         ---
@@ -17,3 +17,10 @@ Feature: rake license:init
         #- development
         dependencies_file_dir: './'
       """
+
+  Scenario: The project including LicenseFinder does not already have a config directory
+    Given I have an application with license finder
+    And my application's rake file requires license finder
+    And my application does not have a config directory
+    When I run "rake license:init"
+    Then the config directory should exist

data/features/rake_tasks/regressions.feature

@@ -0,0 +1,18 @@
+Feature: Catch Regressions!
+
+  Scenario Outline: Generating dependencies multiple times should not lose information
+    Given I have an application setup with rake and license finder
+    And my application depends on a gem "descriptive_gem" with:
+    | license | summary | description |
+    | MIT     | summary | description |
+    When I run "<command>"
+    And I run "<command>"
+    Then license finder should generate a file "dependencies.txt" containing:
+      """
+      descriptive_gem 0.0.0, MIT, summary, description, default
+      """
+
+    Examples:
+    | command                            |
+    | rake license:generate_dependencies |
+    | rake license:action_items          |

data/features/step_definitions/steps.rb

@@ -1,10 +1,42 @@
+require 'fileutils'
+
 Given /^I have a rails application with license finder$/ do
   @user = DSL::User.new
   @user.create_rails_app
 end
 
-Given /^my rails app depends on a gem "(.*?)" licensed with "(.*?)"$/ do |gem_name, license|
-  @user.add_dependency_to_app gem_name, license
+Given /^I have an application with license finder$/ do
+  @user = DSL::User.new
+  @user.create_nonrails_app
+end
+
+
+Given /^I have an application setup with rake and license finder$/ do
+  @user = DSL::User.new
+  @user.create_nonrails_app
+  @user.add_license_finder_to_rakefile
+  @user.execute_command "rake license:init"
+end
+
+Given /^my application does not have a config directory$/ do
+  FileUtils.rm_rf(@user.config_path)
+  File.exists?(@user.config_path).should be_false
+end
+
+Then /^the config directory should exist$/ do
+  File.exists?(@user.config_path).should be_true
+end
+
+Given /^my application's rake file requires license finder$/ do
+  @user.add_license_finder_to_rakefile
+end
+
+Given /^my (?:rails )?app depends on a gem "(.*?)" licensed with "(.*?)"$/ do |gem_name, license|
+  @user.add_dependency_to_app gem_name, :license => license
+end
+
+Given /^my (?:rails )?app depends on a gem "(.*?)" licensed with "(.*?)" in the "(.*?)" bundler groups$/ do |gem_name, license, bundler_groups|
+  @user.add_dependency_to_app gem_name, :license => license, :bundler_groups => bundler_groups
 end
 
 Given /^I whitelist the "(.*?)" license$/ do |license|
@@ -19,8 +51,21 @@ When /^I run "(.*?)"$/ do |command|
   @output = @user.execute_command command
 end
 
-When /^I replace that content with the following content in "([^"]*)":$/ do |filename, text|
-  @user.edit_file(filename, replace_this: @content, with: text)
+When /^I update the settings for "([^"]*)" with the following content:$/ do |gem, text|
+  @user.update_gem(gem, YAML.load(text))
+end
+
+When /^I add the following content to "([^"]*)":$/ do |filename, text|
+  @user.append_to_file(filename, @content = text)
+end
+
+When /^my application depends on a gem "([^"]*)" with:$/ do |gem_name, gem_info|
+  info = gem_info.hashes.first
+  @user.add_dependency_to_app(gem_name,
+    :license      => info["license"],
+    :summary      => info["summary"],
+    :description  => info["description"]
+  )
 end
 
 Then /^I should see "(.*?)" in its output$/ do |gem_name|
@@ -32,13 +77,19 @@ Then /^I should not see "(.*?)" in its output$/ do |gem_name|
 end
 
 Then /^license finder should generate a file "([^"]*)" with the following content:$/ do |filename, text|
-  File.read(File.join(@user.app_location, filename)).should == text.gsub(/^\s+/, "")
+  File.read(File.join(@user.app_path, filename)).should == text.gsub(/^\s+/, "")
 end
 
-Then /^license finder should generate a file "([^"]*)" that includes the following content:$/ do |filename, text|
-  @content = text
-  file = File.read(File.join(@user.app_location, filename))
-  file.should include @content
+Then /^license finder should generate a file "([^"]*)" containing:$/ do |filename, text|
+  File.read(File.join(@user.app_path, filename)).should include(text.gsub(/^\s+/, ""))
+end
+
+Then /^I should see the following settings for "([^"]*)":$/ do |name, yaml|
+  expected_settings = YAML.load(yaml)
+  all_settings = YAML.load(File.read(@user.dependencies_file_path))
+  actual_settings = all_settings.detect { |gem| gem['name'] == name }
+
+  actual_settings.should include expected_settings
 end
 
 Then /^it should exit with status code (\d)$/ do |status|
@@ -46,86 +97,155 @@ Then /^it should exit with status code (\d)$/ do |status|
 end
 
 
-
 module DSL
   class User
+    def create_nonrails_app
+      reset_projects!
+
+      `cd #{projects_path} && bundle gem #{app_name}`
+
+      add_gem_dependency('rake')
+      add_gem_dependency('license_finder', :path => root_path)
+    end
+
     def create_rails_app
-      reset_sandbox!
+      reset_projects!
 
-      `bundle exec rails new #{app_location} --skip-bundle`
+      `bundle exec rails new #{app_path} --skip-bundle`
 
-      Bundler.with_clean_env do
-        `cd #{app_location} && echo \"gem 'license_finder', path: '../../'\" >> Gemfile`
-      end
+      add_gem_dependency('license_finder', :path => root_path)
+
+      bundle_app
     end
 
-    def edit_file(filename, options={})
-      replace_this = options.fetch :replace_this
-      with = options.fetch :with
+    def add_license_finder_to_rakefile
+      add_to_rakefile <<-RUBY
+        require 'bundler/setup'
+        require 'license_finder'
+        LicenseFinder.load_rake_tasks
+      RUBY
+    end
+
+    def update_gem(name, attrs)
+      file_contents = YAML.load(File.read(dependencies_file_path))
 
-      file_contents = File.read(File.join(app_location, filename))
+      index = file_contents.index { |gem| gem['name'] == name }
+      file_contents[index].merge!(attrs)
 
-      file_contents[replace_this] = with
+      File.open(dependencies_file_path, "w") do |f|
+        f.puts file_contents.to_yaml
+      end
+    end
 
-      File.open(File.join(app_location, filename), "w") do |f|
-        f.puts file_contents
+    def append_to_file(filename, text)
+      File.open(File.join(app_path, filename), "a") do |f|
+        f.puts text
       end
     end
 
-    def add_dependency_to_app(gem_name, license)
-      `mkdir #{sandbox_location}/#{gem_name}`
+    def add_dependency_to_app(gem_name, options={})
+      license = options.fetch(:license)
+      summary = options.fetch(:summary, "")
+      description = options.fetch(:description, "")
+      bundler_groups = options.fetch(:bundler_groups, "").split(',').map(&:strip)
 
-      File.open("#{sandbox_location}/#{gem_name}/#{gem_name}.gemspec", 'w') do |file|
+      gem_dir = File.join(projects_path, gem_name)
+
+      FileUtils.mkdir(gem_dir)
+      File.open(File.join(gem_dir, "#{gem_name}.gemspec"), 'w') do |file|
         file.write <<-GEMSPEC
           Gem::Specification.new do |s|
             s.name = "#{gem_name}"
             s.version = "0.0.0"
             s.author = "Cucumber"
-            s.summary = "Gem for testing License Finder"
+            s.summary = "#{summary}"
             s.license = "#{license}"
+            s.description = "#{description}"
           end
         GEMSPEC
       end
 
-      Bundler.with_clean_env do
-        `cd #{app_location} && echo \"gem '#{gem_name}', path: '../#{gem_name}'\" >> Gemfile && bundle`
-      end
+      gem_options = {}
+      gem_options[:path] = File.join(projects_path, gem_name)
+      gem_options[:groups] = bundler_groups unless bundler_groups.empty?
+
+      add_gem_dependency(gem_name, gem_options)
+
+      bundle_app
     end
 
     def configure_license_finder_whitelist(whitelisted_licenses=[])
-      File.open("tmp/my_app/config/license_finder.yml", "w") do |f|
-        f.write <<-YML
----
-whitelist:
-#{whitelisted_licenses.map {|l| "- #{l}"}.join("\n")}
-YML
+      File.open(File.join(config_path, "license_finder.yml"), "w") do |f|
+        f.write({'whitelist' => whitelisted_licenses}.to_yaml)
       end
     end
 
     def execute_command(command)
       Bundler.with_clean_env do
-        @output = `cd #{app_location} && bundle exec #{command}`
+        @output = `cd #{app_path} && bundle exec #{command}`
       end
 
       @output
     end
 
-    def app_location
-      File.join(sandbox_location, app_name)
+    def app_path
+      File.join(projects_path, app_name)
+    end
+
+    def config_path
+      File.join(app_path, 'config')
+    end
+
+    def dependencies_file_path
+      File.join(app_path, 'dependencies.yml')
     end
 
     private
+
+    def bundle_app
+      Bundler.with_clean_env do
+        `bundle install --gemfile=#{File.join(app_path, "Gemfile")} --path=#{bundle_path}`
+      end
+    end
+
+    def add_gem_dependency(name, options = {})
+      line = "gem #{name.inspect}"
+      line << ", " + options.inspect unless options.empty?
+
+      add_to_gemfile(line)
+    end
+
+    def add_to_gemfile(line)
+      `echo #{line.inspect} >> #{File.join(app_path, "Gemfile")}`
+    end
+
+    def add_to_rakefile(line)
+      `echo #{line.inspect} >> #{File.join(app_path, "Rakefile")}`
+    end
+
     def app_name
       "my_app"
     end
 
-    def sandbox_location
-      "tmp"
+    def sandbox_path
+      File.join(root_path, "tmp")
+    end
+
+    def projects_path
+      File.join(sandbox_path, "projects")
+    end
+
+    def bundle_path
+      File.join(sandbox_path, "bundle")
+    end
+
+    def reset_projects!
+      `rm -rf #{projects_path}`
+      `mkdir -p #{projects_path}`
     end
 
-    def reset_sandbox!
-      `rm -rf #{sandbox_location}`
-      `mkdir #{sandbox_location}`
+    def root_path
+      File.realpath(File.join(File.dirname(__FILE__), "..", ".."))
     end
   end
 end