licensed 1.4.0 → 1.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5c9bec838ecfcc1a05a17a40200bd1c166197d01
-  data.tar.gz: 87dad427c0c7b78f05015031b8be76132ccb96f4
+  metadata.gz: 1985113209d911393981eb8f69dfaae7f5924593
+  data.tar.gz: e7ba321109bae085d9345e41c599370e24547fb2
 SHA512:
-  metadata.gz: b868455d7be394025fee42db87172e8722423750f9f938f345f253e036673a0ada06982b4c5012ce4f530d068fb6f4bdea0cf5cb43bfa07a1a28cb91f293ca9b
-  data.tar.gz: 1810f02787fa0133f93fa7d482190da18c5579abab12b3ec2f698a0ecdf60814a3bd75335144a50b03b62a4761e011a315cd6fc1a412a6203bacf6a325e572a0
+  metadata.gz: a5046d1ebce6f3b386d94b8e0606e3ad1b7d93eba73bc94d37e2fa933129f649ea3efca557fe828386aedda310e40d796b32ddac9aa1f2dbaa95bc0c0ca8db1d
+  data.tar.gz: ec5ccf83bb05ba32038a7a45092f236be2835e1947959c3fcd8c67c8f0d25b92d1e7ff82cfe927204af3d1c5fe2c19ca1fb9afd6d680e058d4bc3530ec4fdbb4

data/CHANGELOG.md

@@ -6,6 +6,20 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 1.5.1 - 2018-10-30
+
+### Fixed
+- Fixed a scenario where licensed wasn't finding bundler dependencies when run as an executable due to a ruby version mismatch (https://github.com/github/licensed/pull/106)
+
+## 1.5.0 - 2018-10-24
+### Added
+- `licensed (version | -v | --version)` command to see the current licensed version (:tada: @mwagz! https://github.com/github/licensed/pull/101)
+
+### Fixed
+- NPM source no longer raises an error when ignored dependencies aren't found (:tada: @mwagz! https://github.com/github/licensed/pull/100)
+- Checking for a Git repo will no longer possibly modify `.git/index` (:tada: @dbussink https://github.com/github/licensed/pull/102)
+- Fixed a scenario where licensed wasn't finding bundler dependencies when run as an executable (https://github.com/github/licensed/pull/103)
+
 ## 1.4.0 - 2018-10-20
 ### Added
 - Git Submodules dependency source :tada:
@@ -90,4 +104,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/1.4.0...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/1.5.1...HEAD

data/README.md

@@ -74,9 +74,11 @@ Warnings:
 3 dependencies checked, 3 warnings found.
 ```
 
+- `licensed version`: Show current installed version of Licensed. Aliases: `-v|--version`
+
 ### Configuration
 
-All commands accept a `-c|--config` option to specify a path to a configuration file or directory.
+All commands, except `version`, accept a `-c|--config` option to specify a path to a configuration file or directory.
 
 If a directory is specified, `licensed` will look in that directory for a file named (in order of preference):
 1. `.licensed.yml`

data/docs/sources/bundler.md

@@ -2,6 +2,18 @@
 
 The bundler source will detect dependencies `Gemfile` and `Gemfile.lock` files are found at an apps `source_path`.  The source uses the `Bundler` API to enumerate dependencies from `Gemfile` and `Gemfile.lock`.
 
+### Enumerating bundler dependencies when using the licensed executable
+
+**Note** this content only applies to running licensed from an executable.  It does not apply when using licensed as a gem.
+
+_It is strongly recommended that ruby is always available when running the licensed executable._
+
+The licensed executable contains and runs a version of ruby.  When using the Bundler APIs, a mismatch between the version of ruby built into the licensed executable and the version of licensed used during `bundle install` can occur.  This mismatch can lead to licensed raising errors due to not finding dependencies.
+
+For example, if `bundle install` was run with ruby 2.5.0 then the bundler specification path would be `<bundle path>/ruby/2.5.0/specifications`.  However, if the licensed executable contains ruby 2.4.0, then licensed will be looking for specifications at `<bundle path>/ruby/2.4.0/specifications`.  That path may not exist, or it may contain invalid or stale content.
+
+If ruby is available when running licensed, licensed will determine the ruby version used during `bundle install` and prefer that version string over the version contained in the executable.  If bundler is also available, then the ruby command will be run from a `bundle exec` context.
+
 ### Excluding gem groups
 
 The bundler source determines which gem groups to include or exclude with the following logic, in order of precedence.
@@ -15,14 +27,14 @@ The bundler source determines which gem groups to include or exclude with the fo
 Strings and string arrays are both :+1:
 
 ```yml
-rubygems:
+rubygem:
   without: development
 ```
 
 or
 
 ```yml
-rubygems:
+rubygem:
   without:
     - build
     - development

data/lib/licensed.rb

@@ -17,4 +17,5 @@ require "licensed/configuration"
 require "licensed/command/cache"
 require "licensed/command/status"
 require "licensed/command/list"
+require "licensed/command/version"
 require "licensed/ui/shell"

data/lib/licensed/cli.rb

@@ -30,6 +30,13 @@ module Licensed
       run Licensed::Command::List.new(config)
     end
 
+    map "-v" => :version
+    map "--version" => :version
+    desc "version", "Show Installed Version of Licensed, [-v, --version]"
+    def version
+      run Licensed::Command::Version.new
+    end
+
     private
 
     # Returns a configuration object for the CLI command

data/lib/licensed/command/version.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+module Licensed
+  module Command
+    class Version
+      def initialize
+        @ui = Licensed::UI::Shell.new
+      end
+
+      def run
+        @ui.info(Licensed::VERSION)
+      end
+
+      def success?
+        true
+      end
+    end
+  end
+end

data/lib/licensed/configuration.rb

@@ -11,9 +11,13 @@ module Licensed
     ].freeze
     SOURCE_TYPES = Source.constants.map { |c| Source.const_get(c) }.freeze
 
+    attr_reader :ui
+
     def initialize(options = {}, inherited_options = {})
       super()
 
+      @ui = Licensed::UI::Shell.new
+
       # update order:
       # 1. anything inherited from root config
       # 2. app defaults
@@ -120,8 +124,6 @@ module Licensed
   class Configuration < AppConfiguration
     class LoadError < StandardError; end
 
-    attr_accessor :ui
-
     # Loads and returns a Licensed::Configuration object from the given path.
     # The path can be relative or absolute, and can point at a file or directory.
     # If the path given is a directory, the directory will be searched for a
@@ -133,8 +135,6 @@ module Licensed
     end
 
     def initialize(options = {})
-      @ui = Licensed::UI::Shell.new
-
       apps = options.delete("apps") || []
       super(default_options.merge(options))
 

data/lib/licensed/git.rb

@@ -7,16 +7,16 @@ module Licensed
         @git ||= Licensed::Shell.tool_available?("git")
       end
 
-      def git_repo?
-        return false unless available?
-        !Licensed::Shell.execute("git", "status", allow_failure: true).empty?
-      end
-
       # Returns the root of the current git repository
       # or nil if not in a git repository.
       def repository_root
-        return unless git_repo?
-        Licensed::Shell.execute("git", "rev-parse", "--show-toplevel")
+        return unless available?
+        Licensed::Shell.execute("git", "rev-parse", "--show-toplevel", allow_failure: true)
+      end
+
+      # Returns true if a git repository is found, false otherwise
+      def git_repo?
+        !repository_root.to_s.empty?
       end
 
       # Returns the most recent git SHA for a file or directory

data/lib/licensed/source/bundler.rb

@@ -80,13 +80,11 @@ module Licensed
       def gem_spec(dependency)
         return unless dependency
 
-        # bundler specifications aren't put in ::Bundler.specs_path, even if the
-        # gem is a runtime dependency.  it needs to be handled specially
-        return bundler_spec if dependency.name == "bundler"
-
         # find a specifiction from the resolved ::Bundler::Definition specs
         spec = definition.resolve.find { |s| s.satisfies?(dependency) }
-        return spec unless spec.is_a?(::Bundler::LazySpecification)
+
+        # a nil spec should be rare, generally only seen from bundler
+        return bundle_exec_gem_spec(dependency.name) if spec.nil?
 
         # try to find a non-lazy specification that matches `spec`
         # spec.source.specs gives access to specifications with more
@@ -97,8 +95,11 @@ module Licensed
 
         # look for a specification at the bundler specs path
         spec_path = ::Bundler.specs_path.join("#{spec.full_name}.gemspec")
-        return unless File.exist?(spec_path.to_s)
-        Gem::Specification.load(spec_path.to_s)
+        return Gem::Specification.load(spec_path.to_s) if File.exist?(spec_path.to_s)
+
+        # if the specification file doesn't exist, get the specification using
+        # the bundler and gem CLI
+        bundle_exec_gem_spec(dependency.name)
       end
 
       # Returns whether a dependency should be included in the final
@@ -130,24 +131,15 @@ module Licensed
         end
       end
 
-      # Returns a gemspec for bundler, found and loaded by running `gem specification bundler`
-      # This is a hack to work around bundler not placing it's own spec at
-      # `::Bundler.specs_path` when it's an explicit dependency
-      def bundler_spec
-        # cache this so we run CLI commands as few times as possible
-        return @bundler_spec if defined?(@bundler_spec)
-
-        # finding the bundler gem is dependent on having `gem` available
-        unless Licensed::Shell.tool_available?("gem")
-          @bundler_spec = nil
-          return
-        end
+      # Load a gem specification from the YAML returned from `gem specification`
+      # This is a last resort when licensed can't obtain a specification from other means
+      def bundle_exec_gem_spec(name)
+        # `gem` must be available to run `gem specification`
+        return unless Licensed::Shell.tool_available?("gem")
 
-        # Bundler is always used from the default gem install location.
-        # we can use `gem specification bundler` with a clean ENV to
-        # get the system bundler gem as YAML
-        yaml = ::Bundler.with_original_env { Licensed::Shell.execute("gem", "specification", "bundler") }
-        @bundler_spec = Gem::Specification.from_yaml(yaml)
+        # use `gem specification` with a clean ENV to get gem specification YAML
+        yaml = ::Bundler.with_original_env { Licensed::Shell.execute(*ruby_command_args("gem", "specification", name)) }
+        Gem::Specification.from_yaml(yaml)
       end
 
       # Build the bundler definition
@@ -166,8 +158,9 @@ module Licensed
       # Defaults to [:development, :test] + ::Bundler.settings[:without]
       def exclude_groups
         @exclude_groups ||= begin
-          exclude = Array(@config.dig("rubygems", "without"))
-          exclude.push(*DEFAULT_WITHOUT_GROUPS) if exclude.empty?
+          exclude = Array(@config.dig("rubygem", "without"))
+          exclude = Array(@config.dig("rubygems", "without")) if exclude.empty? # :sad:
+          exclude = DEFAULT_WITHOUT_GROUPS if exclude.empty?
           exclude.uniq.map(&:to_sym)
         end
       end
@@ -184,6 +177,23 @@ module Licensed
         @lockfile_path ||= gemfile_path.dirname.join("#{gemfile_path.basename}.lock")
       end
 
+      # Returns the configured bundler executable to use, or "bundle" by default.
+      def bundler_exe
+        @bundler_exe ||= begin
+          exe = @config.dig("rubygem", "bundler_exe")
+          return "bundle" unless exe
+          return exe if Licensed::Shell.tool_available?(exe)
+          @config.root.join(exe)
+        end
+      end
+
+      # Determines if the configured bundler executable is available and returns
+      # shell command args with or without `bundle exec` depending on availability.
+      def ruby_command_args(*args)
+        return Array(args) unless Licensed::Shell.tool_available?(bundler_exe)
+        [bundler_exe, "exec", *args]
+      end
+
       private
 
       # helper to clear all bundler environment around a yielded block
@@ -191,6 +201,35 @@ module Licensed
         # force bundler to use the local gem file
         original_bundle_gemfile, ENV["BUNDLE_GEMFILE"] = ENV["BUNDLE_GEMFILE"], gemfile_path.to_s
 
+        if ruby_packer?
+          # if running under ruby-packer, set environment from host
+
+          # hack: setting this ENV var allows licensed to use Gem paths outside
+          # of the ruby-packer filesystem.  this is needed to find spec sources
+          # from the host filesystem
+          ENV["ENCLOSE_IO_RUBYC_1ST_PASS"] = "1"
+          ruby_version = Gem::ConfigMap[:ruby_version]
+
+          if Licensed::Shell.tool_available?("ruby")
+            # set the ruby version in Gem::ConfigMap to the ruby version from the host.
+            # this helps Bundler find the correct spec sources and paths
+            Gem::ConfigMap[:ruby_version] = host_ruby_version
+          else
+            # running a ruby-packer-built licensed exe when ruby and bundler aren't available
+            # is possible but could lead to errors if the host ruby version doesn't
+            # match the built executable's ruby version
+            @config.ui.warn <<~WARNING
+              Ruby wasn't found when enumerating bundler
+              dependencies using the licensed executable.  This can cause a
+              ruby mismatch between licensed and bundled dependencies and a
+              failure to find gem specifications.
+
+              If licensed is unable to find gem specifications that you believe are present,
+              please ensure that ruby and bundler are available and try again.
+            WARNING
+          end
+        end
+
         # reset all bundler configuration
         ::Bundler.reset!
         # and re-configure with settings for current directory
@@ -198,11 +237,27 @@ module Licensed
 
         yield
       ensure
+        if ruby_packer?
+          # if running under ruby-packer, restore environment after block is finished
+          ENV.delete("ENCLOSE_IO_RUBYC_1ST_PASS")
+          Gem::ConfigMap[:ruby_version] = ruby_version
+        end
+
         ENV["BUNDLE_GEMFILE"] = original_bundle_gemfile
         # restore bundler configuration
         ::Bundler.reset!
         ::Bundler.configure
       end
+
+      # Returns whether the current licensed execution is running ruby-packer
+      def ruby_packer?
+        @ruby_packer ||= RbConfig::TOPDIR =~ /__enclose_io_memfs__/
+      end
+
+      # Returns the ruby version found in the bundler environment
+      def host_ruby_version
+        Licensed::Shell.execute(*ruby_command_args("ruby", "-e", "puts Gem::ConfigMap[:ruby_version]"))
+      end
     end
   end
 end

data/lib/licensed/source/npm.rb

@@ -34,6 +34,7 @@ module Licensed
       def packages
         root_dependencies = JSON.parse(package_metadata_command)["dependencies"]
         recursive_dependencies(root_dependencies).each_with_object({}) do |(name, results), hsh|
+          next if @config.ignored?("type" => NPM.type, "name" => name)
           results.uniq! { |package| package["version"] }
           if results.size == 1
             hsh[name] = results[0]

data/lib/licensed/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "1.4.0".freeze
+  VERSION = "1.5.1".freeze
 end

data/script/build-rubyc-exe

@@ -37,8 +37,8 @@ BUILD_DEST="$(mktemp -d)"
 trap "rm -rf $BUILD_DEST" EXIT
 
 if [ -n "$VERSION" ]; then
-  git checkout "$VERSION"
   CURRENT_BRANCH="$(git rev-parse --abbrev-ref HEAD)"
+  git checkout "$VERSION"
   trap "rm -rf $BUILD_DEST; git checkout $CURRENT_BRANCH" EXIT
 else
   VERSION="$(git rev-parse --abbrev-ref HEAD)"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.5.1
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-10-21 00:00:00.000000000 Z
+date: 2018-10-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -188,6 +188,7 @@ files:
 - lib/licensed/command/cache.rb
 - lib/licensed/command/list.rb
 - lib/licensed/command/status.rb
+- lib/licensed/command/version.rb
 - lib/licensed/configuration.rb
 - lib/licensed/dependency.rb
 - lib/licensed/git.rb