licensed 1.5.2 → 2.0.0

data/lib/licensed/{source → sources}/git_submodule.rb

@@ -1,8 +1,8 @@
 # frozen_string_literal: true
 
 module Licensed
-  module Source
-    class GitSubmodule
+  module Sources
+    class GitSubmodule < Source
       REMOTE_URL_ARGUMENT = "$(git remote get-url origin)".freeze
       GIT_SUBMODULES_ARGUMENTS = [
         "$displaypath", # path from repo root to submodule folder to find the name and submodule content
@@ -11,21 +11,13 @@ module Licensed
         "$(git config --get remote.origin.url)", # use the configured remote origin url as the homepage
       ].freeze
 
-      def self.type
-        "git_submodule"
-      end
-
-      def initialize(config)
-        @config = config
-      end
-
       def enabled?
         return false unless Licensed::Shell.tool_available?("git") && Licensed::Git.git_repo?
         gitmodules_path.exist?
       end
 
-      def dependencies
-        @dependencies ||= git_submodules_command.lines.map do |line|
+      def enumerate_dependencies
+        git_submodules_command.lines.map do |line|
           displaypath, toplevel, version, homepage = line.strip.split
           name = File.basename(displaypath)
           submodule_path = if toplevel == @config.pwd.to_s
@@ -36,13 +28,16 @@ module Licensed
           end
           submodule_paths[name] = submodule_path
 
-          Licensed::Dependency.new(@config.pwd.join(displaypath), {
-            "type" => self.class.type,
-            "name" => name,
-            "version" => version,
-            "homepage" => homepage,
-            "path" => submodule_path
-          })
+          Licensed::Dependency.new(
+            name: submodule_path,
+            version: version,
+            path: @config.pwd.join(displaypath),
+            metadata: {
+              "type" => self.class.type,
+              "name" => name,
+              "homepage" => homepage
+            }
+          )
         end
       end
 

data/lib/licensed/{source → sources}/go.rb

@@ -3,33 +3,31 @@ require "json"
 require "pathname"
 
 module Licensed
-  module Source
-    class Go
-      def self.type
-        "go"
-      end
-
-      def initialize(config)
-        @config = config
-      end
-
+  module Sources
+    class Go < Source
       def enabled?
         Licensed::Shell.tool_available?("go") && go_source?
       end
 
-      def dependencies
-        @dependencies ||= with_configured_gopath do
+      def enumerate_dependencies
+        with_configured_gopath do
           packages.map do |package|
             import_path = non_vendored_import_path(package["ImportPath"])
+            error = package.dig("Error", "Err") if package["Error"]
             package_dir = package["Dir"]
-            Dependency.new(package_dir, {
-              "type"        => Go.type,
-              "name"        => import_path,
-              "summary"     => package["Doc"],
-              "homepage"    => homepage(import_path),
-              "search_root" => search_root(package_dir),
-              "version"     => package_version(package)
-            })
+
+            Dependency.new(
+              name: import_path,
+              version: package_version(package),
+              path: package_dir,
+              search_root: search_root(package_dir),
+              errors: Array(error),
+              metadata: {
+                "type"        => Go.type,
+                "summary"     => package["Doc"],
+                "homepage"    => homepage(import_path)
+              }
+            )
           end
         end
       end
@@ -53,25 +51,18 @@ module Licensed
       def root_package_deps
         # check for ignored packages to avoid raising errors calling `go list`
         # when ignored package is not found
-        Array(root_package["Deps"])
-          .reject { |name| @config.ignored?("type" => Go.type, "name" => name) }
-          .map { |name| package_info(name) }
+        Array(root_package["Deps"]).map { |name| package_info(name) }
       end
 
       # Returns the list of dependencies as returned by "go list -json -deps"
       # available in go 1.11
       def go_list_deps
-        @go_list_deps ||= begin
-          deps = package_info_command("-deps")
-          # the CLI command returns packages in a pretty-printed JSON format but
-          # not separated by commas. this gsub adds commas after all non-indented
-          # "}" that close root level objects.
-          # (?!\z) uses negative lookahead to not match the final "}"
-          deps.gsub!(/^}(?!\z)$/m, "},")
-          JSON.parse("[#{deps}]")
-            .reject { |pkg| @config.ignored?("type" => Go.type, "name" => pkg["ImportPath"]) }
-            .each { |pkg| raise pkg.dig("Error", "Err") if pkg["Error"] }
-        end
+        # the CLI command returns packages in a pretty-printed JSON format but
+        # not separated by commas. this gsub adds commas after all non-indented
+        # "}" that close root level objects.
+        # (?!\z) uses negative lookahead to not match the final "}"
+        deps = package_info_command("-deps").gsub(/^}(?!\z)$/m, "},")
+        JSON.parse("[#{deps}]")
       end
 
       # Returns whether the given package import path belongs to the
@@ -129,6 +120,8 @@ module Licensed
       #
       # package - package object obtained from package_info
       def search_root(package_dir)
+        return nil if package_dir.nil? || package_dir.empty?
+
         # search root choices:
         # 1. vendor folder if package is vendored
         # 2. GOPATH
@@ -165,7 +158,7 @@ module Licensed
       #
       # args - additional arguments to `go list`, e.g. Go package import path
       def package_info_command(*args)
-        Licensed::Shell.execute("go", "list", "-json", *Array(args)).strip
+        Licensed::Shell.execute("go", "list", "-e", "-json", *Array(args)).strip
       end
 
       # Returns the info for the package under test

data/lib/licensed/{source → sources}/manifest.rb

@@ -2,29 +2,22 @@
 require "pathname/common_prefix"
 
 module Licensed
-  module Source
-    class Manifest
-      def self.type
-        "manifest"
-      end
-
-      def initialize(config)
-        @config = config
-      end
-
+  module Sources
+    class Manifest < Source
       def enabled?
         File.exist?(manifest_path) || generate_manifest?
       end
 
-      def dependencies
-        @dependencies ||= packages.map do |package_name, sources|
-          Licensed::Source::Manifest::Dependency.new(sources,
-            @config.root,
-            package_license(package_name),
-            {
+      def enumerate_dependencies
+        packages.map do |package_name, sources|
+          Licensed::Sources::Manifest::Dependency.new(
+            name: package_name,
+            version: package_version(sources),
+            path: configured_license_path(package_name) || sources_license_path(sources),
+            sources: sources,
+            metadata: {
               "type"     => Manifest.type,
-              "name"     => package_name,
-              "version"  => package_version(sources)
+              "name"     => package_name
             }
           )
         end
@@ -40,7 +33,7 @@ module Licensed
       end
 
       # Returns the license path for a package specified in the configuration.
-      def package_license(package_name)
+      def configured_license_path(package_name)
         license_path = @config.dig("manifest", "licenses", package_name)
         return unless license_path
 
@@ -49,6 +42,25 @@ module Licensed
         license_path
       end
 
+      # Returns the top-most directory that is common to all paths in `sources`
+      def sources_license_path(sources)
+        # if there is more than one source, try to find a directory common to
+        # all sources
+        if sources.size > 1
+          common_prefix = Pathname.common_prefix(*sources).to_path
+
+          # don't allow the workspace root to be used as common prefix
+          # the project this is run for should be excluded from the manifest,
+          # or ignored in the config.  any license in the root should be ignored.
+          return common_prefix if common_prefix != @config.root
+        end
+
+        # use the first (or only) sources directory to find license information
+        source = sources.first
+        return File.dirname(source) if File.file?(source)
+        source
+      end
+
       # Returns a map of package names -> array of full source paths found
       # in the app manifest
       def packages
@@ -98,7 +110,7 @@ module Licensed
       def verify_configured_dependencies!
         # verify that dependencies are configured
         if configured_dependencies.empty?
-          raise "The manifest \"dependencies\" cannot be empty!"
+          raise Source::Error.new("The manifest \"dependencies\" cannot be empty!")
         end
 
         # verify all included files match a single configured dependency
@@ -116,7 +128,7 @@ module Licensed
         end
 
         errors.compact!
-        raise errors.join($/) unless errors.empty?
+        raise Source::Error.new(errors.join($/)) if errors.any?
       end
 
       # Returns the project dependencies specified from the licensed configuration
@@ -177,87 +189,53 @@ module Licensed
           )
         /imx.freeze
 
-        def initialize(sources, root, license_path, metadata = {})
+        def initialize(name:, version:, path:, sources:, metadata: {})
           @sources = sources
-          license_path ||= sources_license_path(sources, root)
-          super license_path, metadata
-        end
-
-        # Detects license information and sets it on this dependency object.
-        #  After calling `detect_license!``, the license is set at
-        # `dependency["license"]` and legal text is set to `dependency.text`
-        def detect_license!
-          # if no license key is found for the project, try to create a
-          # temporary LICENSE file from unique source file license headers
-          if license_key == "none"
-            tmp_license_file = write_license_from_source_licenses(self.path, @sources)
-            reset_license!
-          end
-
-          super
-        ensure
-          File.delete(tmp_license_file) if tmp_license_file && File.exist?(tmp_license_file)
+          super(name: name, version: version, path: path, metadata: metadata)
         end
 
-        private
-
-        # Returns the top-most directory that is common to all paths in `sources`
-        def sources_license_path(sources, root)
-          # return the source directory if there is only one source given
-          return source_directory(sources[0]) if sources.size == 1
-
-          common_prefix = Pathname.common_prefix(*sources).to_path
-
-          # don't allow the workspace root to be used as common prefix
-          # the project this is run for should be excluded from the manifest,
-          # or ignored in the config.  any license in the root should be ignored.
-          return common_prefix if common_prefix != root
-
-          # use the first source directory as the license path.
-          source_directory(sources.first)
+        def project_files
+          files = super
+          files.concat(source_files) if files.empty?
+          files
         end
 
-        # Returns the directory for the source.  Checks whether the source
-        # is a file or a directory
-        def source_directory(source)
-          return File.dirname(source) if File.file?(source)
-          source
+        # Returns an enumeration of Licensee::ProjectFiles::LicenseFile
+        # representing licenses found in source header comments
+        def source_files
+          @source_files ||= begin
+            @sources
+              .select { |file| File.file?(file) }
+              .flat_map { |file| source_file_comments(file) }
+              .map do |comment, file|
+                Licensee::ProjectFiles::LicenseFile.new(comment, file)
+              end
+          end
         end
 
-        # Writes any licenses found in source file comments to a LICENSE
-        # file at `dir`
-        # Returns the path to the license file
-        def write_license_from_source_licenses(dir, sources)
-          license_path = File.join(dir, "LICENSE")
-          File.open(license_path, "w") do |f|
-            licenses = source_comment_licenses(sources).uniq
-            f.puts(licenses.join("\n#{LICENSE_SEPARATOR}\n"))
-          end
+        private
 
-          license_path
+        # Returns all source header comments for a file
+        def source_file_comments(file)
+          file_parts = { dir: File.dirname(file), name: File.basename(file) }
+          content = File.read(file)
+          matches = content.scan(HEADER_LICENSE_REGEX)
+          matches.map { |match| [source_comment_text(match[0]), file_parts] }
         end
 
-        # Returns a list of unique licenses parsed from source comments
-        def source_comment_licenses(sources)
-          comments = sources.select { |s| File.file?(s) }.flat_map do |source|
-            content = File.read(source)
-            content.scan(HEADER_LICENSE_REGEX).map { |match| match[0] }
-          end
-
-          comments.map do |comment|
-            # strip leading "*" and whitespace
-            indent = nil
-            comment.lines.map do |line|
-              # find the length of the indent as the number of characters
-              # until the first word character
-              indent ||= line[/\A([^\w]*)\w/, 1]&.size
+        # Returns the comment text with leading * and whitespace stripped
+        def source_comment_text(comment)
+          indent = nil
+          comment.lines.map do |line|
+            # find the length of the indent as the number of characters
+            # until the first word character
+            indent ||= line[/\A([^\w]*)\w/, 1]&.size
 
-              # insert newline for each line until a word character is found
-              next "\n" unless indent
+            # insert newline for each line until a word character is found
+            next "\n" unless indent
 
-              line[/([^\w\r\n]{0,#{indent}})(.*)/m, 2]
-            end.join
-          end
+            line[/([^\w\r\n]{0,#{indent}})(.*)/m, 2]
+          end.join
         end
       end
     end

data/lib/licensed/{source → sources}/npm.rb

@@ -2,39 +2,36 @@
 require "json"
 
 module Licensed
-  module Source
-    class NPM
+  module Sources
+    class NPM < Source
       def self.type
         "npm"
       end
 
-      def initialize(config)
-        @config = config
-      end
-
       def enabled?
         Licensed::Shell.tool_available?("npm") && File.exist?(@config.pwd.join("package.json"))
       end
 
-      def dependencies
-        @dependencies ||= packages.map do |name, package|
+      def enumerate_dependencies
+        packages.map do |name, package|
           path = package["path"]
-          fail "couldn't locate #{name} under node_modules/" unless path
-          Dependency.new(path, {
-            "type"     => NPM.type,
-            "name"     => package["name"],
-            "version"  => package["version"],
-            "summary"  => package["description"],
-            "homepage" => package["homepage"],
-            "path"     => name
-          })
+          Dependency.new(
+            name: name,
+            version: package["version"],
+            path: path,
+            metadata: {
+              "type"     => NPM.type,
+              "name"     => package["name"],
+              "summary"  => package["description"],
+              "homepage" => package["homepage"]
+            }
+          )
         end
       end
 
       def packages
         root_dependencies = JSON.parse(package_metadata_command)["dependencies"]
         recursive_dependencies(root_dependencies).each_with_object({}) do |(name, results), hsh|
-          next if @config.ignored?("type" => NPM.type, "name" => name)
           results.uniq! { |package| package["version"] }
           if results.size == 1
             hsh[name] = results[0]
@@ -59,13 +56,7 @@ module Licensed
 
       # Returns the output from running `npm list` to get package metadata
       def package_metadata_command
-        npm_list_command("--json", "--production", "--long")
-      end
-
-      # Executes an `npm list` command with the provided args and returns the
-      # output from stdout
-      def npm_list_command(*args)
-        Licensed::Shell.execute("npm", "list", *args)
+        Licensed::Shell.execute("npm", "list", "--json", "--production", "--long", allow_failure: true)
       end
     end
   end

data/lib/licensed/{source → sources}/pip.rb

@@ -3,42 +3,40 @@ require "json"
 require "English"
 
 module Licensed
-  module Source
-    class Pip
-      def self.type
-        "pip"
-      end
-
-      def initialize(config)
-        @config = config
-      end
+  module Sources
+    class Pip < Source
+      VERSION_OPERATORS = %w(< > <= >= == !=).freeze
+      PACKAGE_REGEX = /^(\w+)(#{VERSION_OPERATORS.join("|")})?/
 
       def enabled?
         return unless virtual_env_pip && Licensed::Shell.tool_available?(virtual_env_pip)
         File.exist?(@config.pwd.join("requirements.txt"))
       end
 
-      def dependencies
-        @dependencies ||= parse_requirements_txt.map do |package_name|
+      def enumerate_dependencies
+        packages_from_requirements_txt.map do |package_name|
           package = package_info(package_name)
           location = File.join(package["Location"], package["Name"] +  "-" + package["Version"] + ".dist-info")
-          Dependency.new(location, {
-                           "type"        => Pip.type,
-                           "name"        => package["Name"],
-                           "summary"     => package["Summary"],
-                           "homepage"    => package["Home-page"],
-                           "version"     => package["Version"]
-                         })
+          Dependency.new(
+            name: package["Name"],
+            version: package["Version"],
+            path: location,
+            metadata: {
+              "type"        => Pip.type,
+              "summary"     => package["Summary"],
+              "homepage"    => package["Home-page"]
+            }
+          )
         end
       end
 
-      # Build the list of packages from a 'requirements.txt'
-      # Assumes that the requirements.txt follow the format pkg=1.0.0 or pkg==1.0.0
-      def parse_requirements_txt
-        File.open(@config.pwd.join("requirements.txt")).map do |line|
-          p_split = line.split("=")
-          p_split[0]
-        end
+      private
+
+      def packages_from_requirements_txt
+        File.read(@config.pwd.join("requirements.txt"))
+            .lines
+            .map { |line| line.strip.match(PACKAGE_REGEX) { |match| match.captures.first } }
+            .compact
       end
 
       def package_info(package_name)