license_finder 3.0.2 → 3.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 77916ef7c2face0470fd2f9b4b137e16d4cb43cf
-  data.tar.gz: 2488fffc58af2331e7e5b9e4befc3f46bfa878fa
+  metadata.gz: df518f591c669fe1a648f5513797ba99701be14b
+  data.tar.gz: e19c932c315fe285f147adc7c99f5ab982be13f2
 SHA512:
-  metadata.gz: 137f091f16a6658bd979491ef9c7eb68faa9cba32f864d648d88bde41f2025e20f15e434d3bdead5d70e1b9bc64c2f2bff5603378feac295c75f83baa25321d8
-  data.tar.gz: a5a444fe8914c62309d21420af06d72cab5f9aabb5491e9c72e2acdba653a7cb1885ccd4d9ac707b4c664f3f4148af173cd509035d3b2d3a59519e6c36fa3927
+  metadata.gz: 4ed3e1a000a8838c366b9773bcf7fffd508e7a61398e72173d2b38e1ea6538c944a13eb1d5bb176c61f994ce2bcf2b46e7a2c8507ee02c383d20d95f2e23040c
+  data.tar.gz: 0f575f901938b93b9acde6dd461a7ed57ed99224862ec0fb3e1f68f128ec4a9685836f64b9852522af6d96326a76681549a67cde1f736590edb67e17699513ba

data/CHANGELOG.md

@@ -1,22 +1,34 @@
-# 3.0.2 / 2017-07-27:
-
-Features:
+# [3.0.4] / 2017-09-11
 
+### Added
+* Added concourse pipeline file for Docker image process (#335, #337)
 * Add status checks to pull requests
+* Allow Custom Pip Requirements File Path (#328, thanks @sam-10e)
 
-Bugfixes:
+### Fixed
+* Fixed NPM stack too deep issue (#327, #329)
 
-* Support NPM packages providing a string for the licenses key
-* Use different env-var to indicate ruby version for tests
-* Resolve NPM circular dependencies
+# [3.0.3] / Skipped because of accidentally yanking gem
 
-# 3.0.1 / 2017-07-12:
+# [3.0.2] / 2017-07-27:
 
-Features:
+### Added
+
+* Add CI status checks to pull requests (#321)
+
+### Fixed
+
+* Support NPM packages providing a string for the licenses key (#317)
+* Use different env-var to indicate ruby version for tests (#303)
+* Resolve NPM circular dependencies (#306, #307, #311, #313, #314, #319, #322)
+
+# [3.0.1] / 2017-07-12:
+
+### Added
 
 * Add --maven-options to allow options for maven scans (#305, thanks @jgielstra!)
 
-Bugfixes:
+### Fixed:
 
 * Restore the original GOPATH after modifying it (#287, thanks @sschuberth!)
 * LF doesn't recognize .NET projects using 'packages' directory (#290, #292, thanks @bspeck!)
@@ -27,9 +39,9 @@ Bugfixes:
 * Fix dockerfile by explicitly using rvm stable (#303)
 * Report multiple versions of the same NPM dependency (#310)
 
-# 3.0.0 / 2016-03-02
+# [3.0.0] / 2016-03-02
 
-Features:
+### Added
 
 * Changed dependencies to be unique based on name _and_ version (#241)
 * Enable '--columns' option with text reports (#244, thanks @raimon49!)
@@ -41,7 +53,7 @@ Features:
 * Added a Dockerfile for [licensefinder/license_finder](https://hub.docker.com/r/licensefinder/license_finder/)
 * Switched from Travis to Concourse
 
-Bugfixes:
+### Fixed
 
 * Gradle works in CI containers where TERM is not set (revert and fix of c15bdb7, which broke older versions of gradle)
 * Check for the correct Ruby Bundler command: `bundle` (#233. Thanks, @raimon49!)
@@ -447,3 +459,9 @@ Bugfixes:
 * Bugfixes
 
   * Fix blow up if there's not `ignore_groups` setting in the config file.
+
+
+[Unreleased]: https://github.com/pivotal/LicenseFinder/compare/v3.0.2...HEAD
+[3.0.2]: https://github.com/pivotal/LicenseFinder/compare/v3.0.1...v3.0.2
+[3.0.1]: https://github.com/pivotal/LicenseFinder/compare/v3.0.0...v3.0.1
+[3.0.0]: https://github.com/pivotal/LicenseFinder/compare/v2.1.2...v3.0.0

data/Dockerfile

@@ -34,22 +34,22 @@ RUN apt-get install -y python-pip && \
     pip install --upgrade pip
 
 # install maven
-RUN curl -O http://www-us.apache.org/dist/maven/maven-3/3.3.9/binaries/apache-maven-3.3.9-bin.tar.gz && \
-    tar -xf apache-maven-3.3.9-bin.tar.gz; rm -rf apache-maven-3.3.9-bin.tar.gz && \
-    mv apache-maven-3.3.9 /usr/local/lib/maven && \
+RUN curl -O http://www-us.apache.org/dist/maven/maven-3/3.5.0/binaries/apache-maven-3.5.0-bin.tar.gz && \
+    tar -xf apache-maven-3.5.0-bin.tar.gz; rm -rf apache-maven-3.5.0-bin.tar.gz && \
+    mv apache-maven-3.5.0 /usr/local/lib/maven && \
     ln -s /usr/local/lib/maven/bin/mvn /usr/local/bin/mvn
 
 # install gradle
 WORKDIR /tmp
-RUN curl -L -o gradle.zip http://services.gradle.org/distributions/gradle-2.4-bin.zip && \
+RUN curl -L -o gradle.zip http://services.gradle.org/distributions/gradle-2.9-bin.zip && \
     unzip -q gradle.zip && \
     rm gradle.zip && \
-    mv gradle-2.4 /root/gradle
+    mv gradle-2.9 /root/gradle
 ENV PATH=/root/gradle/bin:$PATH
 
 #install go
 WORKDIR /go
-RUN wget https://storage.googleapis.com/golang/go1.5.3.linux-amd64.tar.gz -O go.tar.gz && tar --strip-components=1 -xf go.tar.gz
+RUN wget https://storage.googleapis.com/golang/go1.8.3.linux-amd64.tar.gz -O go.tar.gz && tar --strip-components=1 -xf go.tar.gz
 ENV GOROOT /go
 ENV PATH=$PATH:/go/bin
 
@@ -76,4 +76,4 @@ RUN bash -lc "rvm install 2.4.1 --default && gem install bundler"
 # install license_finder
 RUN bash -lc "git clone https://github.com/pivotal/LicenseFinder /LicenseFinder && cd /LicenseFinder && bundle install -j4 && rake install"
 
-WORKDIR /
+WORKDIR /

data/LICENSE

@@ -1,6 +1,6 @@
 The MIT License
 
-Copyright (c) 2012 Pivotal Labs
+Copyright (c) 2012-2017 Pivotal Software, Inc. All Rights Reserved.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

data/README.md

@@ -22,20 +22,22 @@ report.
 * support:
   * license-finder@googlegroups.com
   * https://groups.google.com/forum/#!forum/license-finder
-* backlog: https://www.pivotaltracker.com/s/projects/234851
+* backlog: https://www.pivotaltracker.com/n/projects/234851
 
 ### Supported project types
 
-* Ruby Gems (via `bundler`)
-* Python Eggs (via `pip`)
-* Node.js (via `npm`)
-* Bower
-* Nuget (without license discovery)
-* Godep
-* Go workspace (via a `.envrc` file)
-* Go submodules
-* Java (via `maven`)
-* Java (via `gradle`)
+| Project Type | Package Manager | Tested on Version |
+| ------------ | --------------- | -------:|
+| Ruby Gems    | bundler         | 1.15.4  |
+| Python Eggs  | pip             | 9.0.1   |
+| Node.js      | npm             | 5.3.0   |
+| Bower        | bower           | 1.8.0   |
+| Nuget (without license discovery) | nuget | N/A |
+| Godep        | Godep           | 79      |
+| Go workspace (via a `.envrc` file) | Go lang |    1.8.3 |
+| Go submodules | Go lang | 1.8.3 |
+| Java         | maven           | 3.5.0   |
+| Java         | gradle          | 2.9     |
 
 ### Experimental project types
 
@@ -111,6 +113,30 @@ Run `license_finder help` to see other available commands, and
 `license_finder help [COMMAND]` for detailed help on a specific
 command.
 
+### Docker
+
+If you have docker installed, try using the included `dlf` script (potentially
+symlinked to be in your path via `ln -s LicenseFinder/dlf /usr/local/bin` or
+whatever method you prefer). This will run any commmands passed to it inside a
+pre-provisioned Docker container to maintain consistent versions of all the
+package managers. For example,
+
+```
+$ dlf npm --version
+5.3.0
+
+$ dlf license_finder --help
+
+Dependencies that need approval:
+...
+license_finder, 3.0.3, MIT
+
+$ dlf "bundle install && license_finder"
+```
+
+You can better understand the way this script works by looking at its source, but for
+reference it will mount your current directory at the path `/scan` and run any commands
+passed to it from that directory.
 
 ### Activation
 
@@ -343,7 +369,7 @@ Android projects will sometimes specify their meaningful dependencies in the
 "compile" group), you can specify it in your project's `build.gradle`:
 
 ```
-// Must come *after* the 'apply plugin: license' line
+// Must come *after* applying the appropriate plugin from [https://github.com/hierynomus/license-gradle-plugin](https://github.com/hierynomus/license-gradle-plugin)
 
 downloadLicenses {
   dependencyConfiguration "compile"
@@ -390,7 +416,7 @@ And save a `LICENSE` file which contains your license text in your repo.
 ## Support
 
 * Send an email to the list: [license-finder@googlegroups.com](license-finder@googlegroups.com)
-* View the project backlog at Pivotal Tracker: [https://www.pivotaltracker.com/s/projects/234851](https://www.pivotaltracker.com/s/projects/234851)
+* View the project backlog at Pivotal Tracker: [https://www.pivotaltracker.com/n/projects/234851](https://www.pivotaltracker.com/n/projects/234851)
 
 
 ## Contributing

data/bin/license_finder_pip.py

@@ -1,13 +1,14 @@
 #!/usr/bin/env python
 
 import json
+import sys
 from pip.req import parse_requirements
 from pip.download import PipSession
 from pip._vendor import pkg_resources
 from pip._vendor.six import print_
 
 requirements = [pkg_resources.Requirement.parse(str(req.req)) for req
-                in parse_requirements('requirements.txt', session=PipSession())]
+                in parse_requirements(sys.argv[1], session=PipSession()) if req.req != None]
 
 transform = lambda dist: {
         'name': dist.project_name,

data/ci/pipelines/pipeline.yml.erb

@@ -35,7 +35,7 @@ resources:
 <% end %>
 
 jobs:
-<% ['2.4.1', '2.3.0', '2.2.0', '2.1.5', 'jruby-9.0.4.0'].each do |ruby_version| %>
+<% %w(2.4.1 2.3.0 2.2.0 2.1.5 jruby-9.0.4.0).each do |ruby_version| %>
 - name: ruby-<%= ruby_version %>
   public: true
   plan:
@@ -55,7 +55,7 @@ jobs:
 <% end %>
 <% end %>
 
-<% ['2.4.1', '2.3.0', '2.2.0', '2.1.5', 'jruby-9.0.4.0'].each do |ruby_version| %>
+<% %w(2.4.1 2.3.0 2.2.0 2.1.5 jruby-9.0.4.0).each do |ruby_version| %>
 - name: PR-ruby-<%= ruby_version %>
   public: true
   plan:
@@ -67,6 +67,18 @@ jobs:
     params:
       RUBY_VERSION_UNDER_TEST: <%= ruby_version %>
     input_mapping: { LicenseFinder: pull-request }
+    on_success:
+      put: pull-request
+      params:
+        path: pull-request
+        status: success
+        context: ruby-<%= ruby_version %>
+    on_failure:
+      put: pull-request
+      params:
+        path: pull-request
+        status: failure
+        context: ruby-<%= ruby_version %>
 <% if setup_slack %>
   on_failure:
     put: slack-alert

data/ci/pipelines/release.yml

@@ -0,0 +1,60 @@
+resources:
+- name: lf-git
+  type: git
+  source:
+    uri: git@github.com:pivotal/LicenseFinder.git
+    private_key: ((CfOslBotPrivateKey))
+    branch: master
+
+- name: lf-image
+  type: docker-image
+  source:
+    repository: licensefinder/license_finder
+    email: ((LicenseFinderDockerEmail))
+    username: ((LicenseFinderDockerUserName))
+    password: ((LicenseFinderDockerPassword))
+
+- name: lf-release
+  type: github-release
+  source:
+    owner: pivotal
+    repository: LicenseFinder
+    access_token: ((GithubApiTokenProduction))
+
+jobs:
+- name: docker
+  plan:
+  - get: lf-git
+  - put: lf-image
+    params:
+     build: lf-git
+
+- name: release
+  plan:
+  - get: lf-git
+  - get: lf-image
+    params:
+      save: true
+  - task: get-version-and-tag
+    image: lf-image
+    file: lf-git/ci/tasks/get-version-and-tag.yml
+  - task: build-and-push-gem
+    image: lf-image
+    params:
+      GEM_API_KEY: ((LicenseFinderGemApiKey))
+    file: lf-git/ci/tasks/build-and-push-gem.yml
+  - task: create-source-archives
+    file: lf-git/ci/tasks/create-source-archives.yml
+  - put: lf-git
+    params:
+      repository: lf-git
+      tag: version/tag.txt
+  - put: lf-image
+    params:
+      load: lf-image
+      tag: version/version.txt
+  - put: lf-release
+    params:
+      name: version/tag.txt
+      tag: version/tag.txt
+      globs: ["archives/*.zip", "archives/*.tar.gz"]

data/ci/scripts/pushscript.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+echo -e "---\n:rubygems_api_key: $GEM_API_KEY" > ~/.gem/credentials
+chmod 0600 ~/.gem/credentials
+
+cd lf-git
+build_version=$(ruby -r ./lib/license_finder/version.rb -e "puts LicenseFinder::VERSION")
+built_gem="pkg/license_finder-$build_version.gem"
+
+if [ -z "$(gem fetch license_finder -v $build_version 2>&1 | grep ERROR)" ]; then
+  exit 0
+fi
+
+rake build
+gem push ${built_gem}

data/ci/tasks/build-and-push-gem.yml

@@ -0,0 +1,9 @@
+---
+platform: linux
+inputs:
+- name: lf-git
+run:
+  path: bash
+  args:
+  - "-lc"
+  - lf-git/ci/scripts/pushscript.sh

data/ci/tasks/create-source-archives.yml

@@ -0,0 +1,23 @@
+---
+image_resource:
+  type: docker-image
+  source:
+    repository: kramos/alpine-zip
+    tag: latest
+platform: linux
+inputs:
+- name: lf-git
+- name: version
+outputs:
+- name: archives
+run:
+  path: sh
+  args:
+  - -ec
+  - |
+    version=`cat version/version.txt`
+    tmp_dir_name=tmp/LicenseFinder-$version
+    mkdir -p $tmp_dir_name
+    cp -r lf-git $tmp_dir_name
+    zip -r archives/LicenseFinder-$version.zip tmp
+    tar -cz $tmp_dir_name > archives/LicenseFinder-$version.tar.gz

data/ci/tasks/get-version-and-tag.yml

@@ -0,0 +1,20 @@
+---
+image_resource:
+  type: docker-image
+  source:
+    repository: licensefinder/license_finder
+    tag: latest
+platform: linux
+inputs:
+- name: lf-git
+outputs:
+- name: version
+run:
+  path: bash
+  args:
+  - -elc
+  - |
+    version=$(ruby -r ./lf-git/lib/license_finder/version.rb -e "puts LicenseFinder::VERSION")
+    echo "v$version" > version/tag.txt
+    echo "$version" > version/version.txt
+

data/dlf

@@ -0,0 +1,8 @@
+#!/bin/bash
+if `which docker > /dev/null`; then
+  docker run -v $PWD:/scan -it licensefinder/license_finder /bin/bash -lc "cd /scan && `echo $@`"
+else
+  echo "You do not have docker installed. Please install it:"
+  echo "    https://docs.docker.com/engine/installation/"
+  exit 1
+fi

data/lib/license_finder/cli/base.rb

@@ -33,6 +33,7 @@ module LicenseFinder
           :gradle_include_groups,
           :maven_include_groups,
           :maven_options,
+          :pip_requirements_path,
           :rebar_command,
           :rebar_deps_dir,
           :save

data/lib/license_finder/cli/main.rb

@@ -25,6 +25,7 @@ module LicenseFinder
       class_option :gradle_command, desc: "Command to use when fetching gradle packages. Only meaningful if used with a Java/gradle project. Defaults to 'gradlew' / 'gradlew.bat' if the wrapper is present, otherwise to 'gradle'."
       class_option :maven_include_groups, desc: "Whether dependency name should include group id. Only meaningful if used with a Java/maven project. Defaults to false."
       class_option :maven_options, desc: "Maven options to append to command. Defaults to empty."
+      class_option :pip_requirements_path, desc: "Path to python requirements file. Defaults to requirements.txt."
       class_option :rebar_command, desc: "Command to use when fetching rebar packages. Only meaningful if used with a Erlang/rebar project. Defaults to 'rebar'."
       class_option :rebar_deps_dir, desc: "Path to rebar dependencies directory. Only meaningful if used with a Erlang/rebar project. Defaults to 'deps'."
       class_option :subprojects, type: :array, desc: "Generate a single report for multiple sub-projects. Ex: --subprojects='path/to/project1', 'path/to/project2'"

data/lib/license_finder/configuration.rb

@@ -41,6 +41,10 @@ module LicenseFinder
       get(:maven_options)
     end
 
+    def pip_requirements_path
+      get(:pip_requirements_path)
+    end
+
     def rebar_command
       get(:rebar_command)
     end

data/lib/license_finder/core.rb

@@ -69,6 +69,7 @@ module LicenseFinder
         gradle_include_groups: config.gradle_include_groups,
         maven_include_groups: config.maven_include_groups,
         maven_options: config.maven_options,
+        pip_requirements_path: config.pip_requirements_path,
         rebar_command: config.rebar_command,
         rebar_deps_dir: config.rebar_deps_dir,
       )