licensed 0.11.1 → 1.0.0

data/lib/licensed/source/manifest.rb

@@ -1,4 +1,5 @@
-require 'pathname/common_prefix'
+# frozen_string_literal: true
+require "pathname/common_prefix"
 
 module Licensed
   module Source
@@ -12,65 +13,67 @@ module Licensed
       end
 
       def type
-        'manifest'
+        "manifest"
       end
 
       def dependencies
         @dependencies ||= packages.map do |package_name, sources|
           Dependency.new(sources_license_path(sources), {
-            'type'     => type,
-            'name'     => package_name,
-            'version'  => package_version(sources)
+            "type"     => type,
+            "name"     => package_name,
+            "version"  => package_version(sources)
           })
         end
       end
 
+      # Returns the top-most directory that is common to all paths in `sources`
       def sources_license_path(sources)
         common_prefix = Pathname.common_prefix(*sources).to_path
 
         # don't allow the repo root to be used as common prefix
         # the project this is run for should be excluded from the manifest,
         # or ignored in the config.  any license in the root should be ignored.
-        return common_prefix if common_prefix != repository_root
+        return common_prefix if common_prefix != Licensed::Git.repository_root
 
         # use the first source file as the license path.
         sources.first
       end
 
+      # Returns the latest git SHA available from `sources`
       def package_version(sources)
         return if sources.nil? || sources.empty?
 
-        # return the latest version from the sources
-        sources.map { |s| source_version_command(s) }
-               .max_by { |sha| commit_date_command(sha) }
-      end
-
-      def commit_date_command(sha)
-        `git show -s -1 --format=%ct #{sha}`.strip
-      end
-
-      def source_version_command(source)
-        `git rev-list -1 HEAD -- #{source}`.strip
+        sources.map { |s| Licensed::Git.version(s) }
+               .compact
+               .max_by { |sha| Licensed::Git.commit_date(sha) }
       end
 
+      # Returns a map of package names -> array of full source paths found
+      # in the app manifest
       def packages
         manifest.each_with_object({}) do |(src, package_name), hsh|
           next if src.nil? || src.empty?
           hsh[package_name] ||= []
-          hsh[package_name] << File.join(repository_root, src)
+          hsh[package_name] << File.join(Licensed::Git.repository_root, src)
         end
       end
 
+      # Returns parsed manifest data for the app
       def manifest
-        JSON.parse(File.read(manifest_path))
+        case manifest_path.extname.downcase.delete "."
+        when "json"
+          JSON.parse(File.read(manifest_path))
+        when "yml", "yaml"
+          YAML.load_file(manifest_path)
+        end
       end
 
+      # Returns the manifest location for the app
       def manifest_path
-        @config.path.join('manifest.json')
-      end
+        path = @config["manifest"]["path"] if @config["manifest"]
+        return Licensed::Git.repository_root.join(path) if path
 
-      def repository_root
-        @root ||= `git rev-parse --show-toplevel`.strip
+        @config.cache_path.join("manifest.json")
       end
     end
   end

data/lib/licensed/source/npm.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require "json"
 
 module Licensed
@@ -39,14 +40,8 @@ module Licensed
         end
       end
 
-      def package_location_command
-        `npm list --parseable --production --long 2>/dev/null`
-      end
-
-      def package_metadata_command
-        `npm list --json --production --long 2>/dev/null`
-      end
-
+      # Recursively parse dependency JSON data.  Returns a hash mapping the
+      # package name to it's metadata
       def recursive_dependencies(dependencies, result = {})
         dependencies.each do |name, dependency|
           (result[name] ||= {}).update(dependency)
@@ -54,6 +49,22 @@ module Licensed
         end
         result
       end
+
+      # Returns the output from running `npm list` to get package paths
+      def package_location_command
+        npm_list_command("--parseable", "--production", "--long")
+      end
+
+      # Returns the output from running `npm list` to get package metadata
+      def package_metadata_command
+        npm_list_command("--json", "--production", "--long")
+      end
+
+      # Executes an `npm list` command with the provided args and returns the
+      # output from stdout
+      def npm_list_command(*args)
+        Licensed::Shell.execute("npm", "list", *args)
+      end
     end
   end
 end

data/lib/licensed/ui/shell.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 require "thor"
 
 module Licensed
@@ -7,7 +8,7 @@ module Licensed
 
       def initialize
         @shell = STDOUT.tty? ? Thor::Base.shell.new : Thor::Shell::Basic.new
-        @level = ENV['DEBUG'] ? "debug" : "info"
+        @level = ENV["DEBUG"] ? "debug" : "info"
       end
 
       def debug(msg, newline = true)

data/lib/licensed/version.rb

@@ -1,3 +1,4 @@
+# frozen_string_literal: true
 module Licensed
-  VERSION = "0.11.1"
+  VERSION = "1.0.0".freeze
 end

data/licensed.gemspec

@@ -1,16 +1,18 @@
 # coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
+# frozen_string_literal: true
+lib = File.expand_path("../lib", __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'licensed/version'
+require "licensed/version"
 
 Gem::Specification.new do |spec|
   spec.name          = "licensed"
   spec.version       = Licensed::VERSION
   spec.authors       = ["GitHub"]
-  spec.email         = ["opensource@github.com"]
+  spec.email         = ["opensource+licensed@github.com"]
+
+  spec.summary       = %q{Extract and validate the licenses of dependencies.}
+  spec.description   = "Licensed automates extracting and validating the licenses of dependencies."
 
-  spec.summary       = %q{extract and validate the licenses of dependencies.}
-  spec.description   = File.read("README.md")
   spec.homepage      = "https://github.com/github/licensed"
   spec.license       = "MIT"
 
@@ -29,4 +31,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "minitest", "~> 5.8"
   spec.add_development_dependency "vcr", "~> 2.9"
   spec.add_development_dependency "webmock", "~> 1.21"
+  spec.add_development_dependency "rubocop", "~> 0.49"
+  spec.add_development_dependency "rubocop-github", "~> 0.6"
 end

data/{bin/setup → script/bootstrap}

@@ -3,24 +3,29 @@ set -euo pipefail
 IFS=$'\n\t'
 
 if [ -n "$(which bundle)" ]; then
-  bundle install
+  bundle install --path vendor/gems
+fi
+
+cd test/fixtures
+
+if [ -n "$(which bundle)" ]; then
+  pushd bundler
+  bundle install --path vendor/gems
+  popd
 fi
 
 # Install bower fixtures
 if [ -n "$(which bower)" ]; then
+  pushd bower
   bower install
+  popd
 fi
 
-cd test/fixtures
-
 # Install npm fixtures
 if [ -n "$(which npm)" ]; then
+  pushd npm
   npm install
-fi
-
-# Install stack fixtures
-if [ -n "$(which stack)" ]; then
-  stack build
+  popd
 fi
 
 if [ -n "$(which go)" ]; then

data/script/cibuild

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+set -e
+
+bundle exec rake test
+bundle exec rubocop -S -D
+gem build licensed.gemspec

data/{bin → script}/console

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# frozen_string_literal: true
 
 require "bundler/setup"
 require "licensed"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 0.11.1
+  version: 1.0.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-10-30 00:00:00.000000000 Z
+date: 2018-03-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -136,189 +136,84 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.21'
-description: |
-  # Licensed
-
-  Licensed is a Ruby gem to cache and verify the licenses of dependencies.
-
-  ## Installation
-
-  Add this line to your application's Gemfile:
-
-  ```ruby
-  gem 'licensed', :group => 'development'
-  ```
-
-  And then execute:
-
-      $ bundle
-
-  ## Usage
-
-  - `licensed cache`: Cache licenses and metadata in `vendor/licenses`
-
-  - `licensed verify`: Check for issues with the licenses of dependencies. For example:
-
-  ```
-  $ bundle exec licensed verify
-  Verifying licenses for 3 dependencies
-
-  Warnings:
-
-  vendor/licenses/rubygem/bundler.txt:
-    - license needs reviewed: mit.
-
-  vendor/licenses/rubygem/licensee.txt:
-    - missing license data
-
-  vendor/licenses/bower/jquery.txt:
-    - license needs reviewed: mit.
-    - cached license data out of date
-
-  3 dependencies checked, 3 warnings found.
-  ```
-
-  ### Configuration
-
-  Configuration is managed by `vendor/licenses/config.yml`.
-
-  ```yml
-  # Dependencies with these licenses are approved by default.
-  whitelist:
-    - mit
-    - apache-2.0
-    - bsd-2-clause
-    - bsd-3-clause
-    - cc0-1.0
-
-  # These dependencies are explicitly ignored.
-  ignored:
-    rubygem:
-      - some-internal-gem
-
-    bower:
-      - some-internal-package
-
-  # These dependencies have been reviewed.
-  reviewed:
-    rubygem:
-      - bcrypt-ruby
-
-    bower:
-    - classlist # public domain
-    - octicons
-  ```
-
-  ### Sources
-
-  Dependencies will be automatically detected for
-  1. Bundler (rubygem)
-  2. NPM
-  3. Bower
-  4. HaskellStack
-  5. Cabal
-  6. Go
-  7. Manifest lists
-
-  You can disable any of them in `vendor/licenses/config.yml`:
-
-  ```yml
-  sources:
-    rubygem: false
-    npm: false
-    bower: false
-    stack: false
-  ```
-
-  #### Special Considerations for Sources
-  ##### rubygem
-  The rubygem source will explicitly exclude gems in the `:development` and `:test` groups.  Be aware that if you have a local
-  bundler configuration (e.g. `.bundle`), that configuration will be respected as well.  For example, if you have a local
-  configuration set for `without: [':server']`, the rubygem source will exclude all gems in the `:server` group.
-
-  ##### cabal
-  Cabal sourced dependencies are found exclusively through `ghc-pkg`. `licensed` makes no assumptions on where `ghc` package dbs are found.
-  As a result, it is up to the caller to set `GHC_PACKAGE_PATHS` to all package db directories prior to calling into `licensed`.
-
-  ##### manifests
-  Manifests are intended to be a stopgap if no package managers are available.  The manifest is a JSON file that should be placed in
-  the same directory as `config.yml` and should have the following format
-  ```JSON
-  {
-    "file1": "package1",
-    "path/to/file2": "package1",
-    "other/file3": "package2"
-  }
-  ```
-  Paths to files are expected to be relative to the git repository root.  Package names will match 1:1 with metadata files at `<licenses directory>/manifest/*.txt`.
-
-  It is the responsibility of the repository owner to maintain the manifest file.
-
-  ## Development
-
-  After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
-
-  To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
-
-  #### Adding sources
-
-  When adding new dependency sources, ensure that `bin/setup` scripting and tests are only run if the required tooling is available on the development machine.
-
-  * See `bin/setup` for examples of gating scripting based on whether tooling executables are found.
-  * Use `tool_available?` when writing test files to gate running a test suite when tooling executables aren't available.
-  ```ruby
-  if tool_available?('bundle')
-    describe Licensed::Source::Bundler do
-      ...
-    end
-  end
-  ```
-
-  ## Contributing
-
-  Bug reports and pull requests are welcome on GitHub at https://github.com/github/licensed. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org/) code of conduct.
-
-  ## License
-
-  The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.49'
+- !ruby/object:Gem::Dependency
+  name: rubocop-github
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.6'
+description: Licensed automates extracting and validating the licenses of dependencies.
 email:
-- opensource@github.com
+- opensource+licensed@github.com
 executables:
 - licensed
-- licensor
 extensions: []
 extra_rdoc_files: []
 files:
-- ".bowerrc"
 - ".gitignore"
+- ".rubocop.yml"
+- ".ruby-version"
 - ".travis.yml"
+- CHANGELOG.md
 - CODE_OF_CONDUCT.md
+- CONTRIBUTING.md
 - Gemfile
-- LICENSE.txt
+- LICENSE
 - README.md
 - Rakefile
-- bin/console
-- bin/setup
+- docs/configuration.md
+- docs/sources/bower.md
+- docs/sources/bundler.md
+- docs/sources/cabal.md
+- docs/sources/go.md
+- docs/sources/manifests.md
+- docs/sources/npm.md
+- docs/sources/stack.md
 - exe/licensed
-- exe/licensor
 - lib/licensed.rb
 - lib/licensed/cli.rb
 - lib/licensed/command/cache.rb
 - lib/licensed/command/list.rb
-- lib/licensed/command/verify.rb
+- lib/licensed/command/status.rb
 - lib/licensed/configuration.rb
 - lib/licensed/dependency.rb
+- lib/licensed/git.rb
 - lib/licensed/license.rb
+- lib/licensed/shell.rb
 - lib/licensed/source/bower.rb
 - lib/licensed/source/bundler.rb
 - lib/licensed/source/cabal.rb
 - lib/licensed/source/go.rb
 - lib/licensed/source/manifest.rb
 - lib/licensed/source/npm.rb
-- lib/licensed/source/stack.rb
 - lib/licensed/ui/shell.rb
 - lib/licensed/version.rb
 - licensed.gemspec
+- script/bootstrap
+- script/cibuild
+- script/console
 homepage: https://github.com/github/licensed
 licenses:
 - MIT
@@ -339,8 +234,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
-summary: extract and validate the licenses of dependencies.
+summary: Extract and validate the licenses of dependencies.
 test_files: []