licensed 2.0.1 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c0f8ca7a1d4607f4051c9347ce5d9de2b42fa46f
-  data.tar.gz: 9a0aee1b3d112ca9c57ea0ec74db1c91e62048cd
+  metadata.gz: c7f39c048283d853075674325f0d371edaf124a8
+  data.tar.gz: 60530129f47ed34f51cac3152be83aab27e32a01
 SHA512:
-  metadata.gz: 3e9c5fcd573bbe2bd7a275ac60ae90423d207b87673d900e95322404081f2aefd7db237aef8f582a5bf51b9e007e271e49a28b8cb73e7df612c5e5559b8c9954
-  data.tar.gz: ea703164f15583a9eb0728055a2443ddde2e14e53a0b93fae2dcada23ca64b926f8e4821ad1c76edf0397a3af8abd0540790084e3d93e741b2cb1fadaff7f4d8
+  metadata.gz: 2b2bc431aea2a64f3f12139d533914ad2de740cc5eb00310166dbfa6160fc5a6821d73faf214ceb49fcb6207d9c695561fc44a9ff21e146d88cc4f4eb7de0d38
+  data.tar.gz: 53db8e3e0272e976428471bbe0f5a2c6e54cdb7743b2e309ac8b2d839a352073fb8a81026e8bc19838f155a09d0b2a74097736ee6e68bc4152eb2124177ceb7e

data/.licensed.yml

@@ -0,0 +1,7 @@
+allowed:
+  - mit
+  - apache-2.0
+
+reviewed:
+  bundler:
+    - pathname-common_prefix

data/.travis.yml

@@ -93,5 +93,10 @@ matrix:
       script: ./script/test git_submodule
       env: NAME="git_submodule"
 
+    - language: java
+      before_script: ./test/fixtures/gradle/gradlew --quiet --version
+      script: ./script/test gradle
+      env: NAME="gradle"
+
 notifications:
   disable: true

data/CHANGELOG.md

@@ -6,6 +6,20 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 2.1.0 - 2019-04-16
+
+### Added
+- New Gradle dependency source enumerator (:tada: @dbussink https://github.com/github/licensed/pull/150, @jandersson-svt https://github.com/github/licensed/pull/159)
+- Metadata added to distributed packages (https://github.com/github/licensed/pull/160)
+
+### Changes
+- Bundler dependency source loads license key from a gem's cached gemspec file as a fallback (https://github.com/github/licensed/pull/154)
+- Licensed will only raise errors on an empty dependency path when caching records (https://github.com/github/licensed/pull/149)
+
+### Fixed
+- Migrating to v2 will no longer crash trying to migrate cached records that don't exist (https://github.com/github/licensed/pull/148)
+- Reported warnings will no longer crash licensed when caching records (https://github.com/github/licensed/pull/147)
+
 ## 2.0.1 - 2019-02-14
 
 ### Changes

data/Rakefile

@@ -44,11 +44,7 @@ namespace :test do
       t.description = "Run #{source} tests"
       t.libs << "test"
       t.libs << "lib"
-
-      # use negative lookahead to exclude all source tests except
-      # the tests for `source`
-      t.test_files = FileList["test/**/*_test.rb"].exclude(/test\/sources\/(?!#{source}).*?_test.rb/,
-                                                           "test/fixtures/**/*_test.rb")
+      t.test_files = FileList["test/commands/*_test.rb", "test/sources/#{source}_test.rb"]
     end
   end
 end
@@ -61,6 +57,7 @@ end
 
 packages_search = File.expand_path("script/packages/*", __dir__)
 platforms = Dir[packages_search].map { |f| File.basename(f, ".*") }
+                                .reject { |f| f == "build" }
 
 namespace :package do
   platforms.each do |platform|

data/docker/Dockerfile.build-linux

@@ -1,11 +1,14 @@
 FROM ruby:2.4-slim-stretch
 
 RUN apt-get update \
-    && apt-get install -y --no-install-recommends cmake make gcc pkg-config squashfs-tools git curl bison \
+    && apt-get install -y --no-install-recommends cmake make gcc pkg-config squashfs-tools git curl bison rsync \
     && rm -rf /var/lib/apt/lists/*
 
 RUN curl -L http://enclose.io/rubyc/rubyc-linux-x64.gz | gunzip > /usr/local/bin/rubyc \
     && chmod +x /usr/local/bin/rubyc
 
+RUN gem update --system && gem update bundler
+
 ENV CPPFLAGS="-P"
 ENV RUBYC="/usr/local/bin/rubyc"
+ENV LANG=C.UTF-8

data/docs/adding_a_new_source.md

@@ -71,6 +71,17 @@ Creating a new `Licensed::Dependency` object requires name, version, and path ar
 6. errors (optional)
   - Any errors found when loading dependency information.
 
+##### Creating specialized Dependency objects
+
+`Licensed::Dependency` objects inherit from `Licensee::Projects::FsProject` and can override or extend the default `Licensee` behavior to find files for a dependency.
+
+If a dependency source requires customized logic when finding or loading license or legal content, the source should define and use a `Licensed::Dependency` subclass to implement the required logic.
+
+For examples of this see:
+
+- [Manifest::Dependency](../../lib/licensed/sources/manifest.rb) which finds license text from C-style comments
+- [Gradle::Dependency](../../lib/licensed/sources/gradle.rb) which loads license text from a URI
+
 #### Finding licenses
 
 In some cases, license content will be in a parent directory of the specified location.  For instance, this can happen with Golang packages

data/docs/sources/gradle.md

@@ -0,0 +1,16 @@
+# Gradle
+
+The gradle source will detect dependencies when a `build.gradle` file is found along with either `gradle` or `gradlew` executables being available. The source uses the [Gradle-License-Report](https://github.com/jk1/Gradle-License-Report) plugin to enumerate dependencies and locate their licensing information.
+
+An active network connection is required when running the `licensed cache` command with the gradle source.  Gradle packages generally do not include license text or other legal notices, and additional network requests are needed to find and pull the necessary license content.
+
+### Setting dependency configurations to load
+
+The `gradle.configurations` property is used to determine which dependencies are fetched to load license information.  The default configurations are `"runtime"` and `"runtimeClassPath"`.
+
+```yml
+gradle:
+  configurations:
+    - runtime
+    - runtimeClassPath
+```

data/lib/licensed/commands/cache.rb

@@ -32,6 +32,11 @@ module Licensed
       #
       # Returns true.
       def evaluate_dependency(app, source, dependency, report)
+        if dependency.path.empty?
+          report.errors << "dependency path not found"
+          return false
+        end
+
         filename = app.cache_path.join(source.class.type, "#{dependency.name}.#{DependencyRecord::EXTENSION}")
         cached_record = Licensed::DependencyRecord.read(filename)
         if options[:force] || save_dependency_record?(dependency, cached_record)

data/lib/licensed/dependency.rb

@@ -8,6 +8,7 @@ module Licensed
     attr_reader :name
     attr_reader :version
     attr_reader :errors
+    attr_reader :path
 
     # Create a new project dependency
     #
@@ -21,23 +22,16 @@ module Licensed
     # Returns a new dependency object.  Dependency metadata and license contents
     # are available if no errors are set on the dependency.
     def initialize(name:, version:, path:, search_root: nil, metadata: {}, errors: [])
-      # check the path for default errors if no other errors
-      # were found when loading the dependency
-      if errors.empty? && path.to_s.empty?
-        errors.push("dependency path not found")
-      end
-
       @name = name
       @version = version
       @metadata = metadata
       @errors = errors
-
-      # if there are any errors, don't evaluate any dependency contents
-      return if errors.any?
+      path = path.to_s
+      @path = path
 
       # enforcing absolute paths makes life much easier when determining
       # an absolute file path in #notices
-      if !Pathname.new(path).absolute?
+      if File.exist?(path) && !Pathname.new(path).absolute?
         # this is an internal error related to source implementation and
         # should be raised, not stored to be handled by reporters
         raise ArgumentError, "dependency path #{path} must be absolute"
@@ -52,13 +46,7 @@ module Licensed
       # but they can still find license contents between the given path and
       # the search root
       # @root is defined
-      path.exist? || File.exist?(@root)
-    end
-
-    # Returns the location of this dependency on the local disk
-    def path
-      # exposes the private method Licensee::Projects::FSProject#dir_path
-      dir_path
+      File.exist?(path) || File.exist?(@root)
     end
 
     # Returns true if the dependency has any errors, false otherwise
@@ -68,7 +56,6 @@ module Licensed
 
     # Returns a record for this dependency including metadata and legal contents
     def record
-      return nil if errors?
       @record ||= DependencyRecord.new(
         metadata: license_metadata,
         licenses: license_contents,
@@ -78,62 +65,56 @@ module Licensed
 
     # Returns a string representing the dependencys license
     def license_key
-      return "none" if errors? || !license
+      return "none" unless license
       license.key
     end
 
     # Returns the license text content from all matched sources
     # except the package file, which doesn't contain license text.
     def license_contents
-      return [] if errors?
       matched_files.reject { |f| f == package_file }
                    .group_by(&:content)
-                   .map { |content, files| { "sources" => content_sources(files), "text" => content } }
+                   .map { |content, files| { "sources" => license_content_sources(files), "text" => content } }
     end
 
     # Returns legal notices found at the dependency path
     def notice_contents
-      return [] if errors?
-      notice_files.sort # sorted by the path
-                  .map { |file| { "sources" => content_sources(file), "text" => File.read(file).rstrip } }
-                  .select { |text| text.length > 0 } # files with content only
-    end
-
-    # Returns an array of file paths used to locate legal notices
-    def notice_files
-      return [] if errors?
-
       Dir.glob(dir_path.join("*"))
          .grep(LEGAL_FILES_PATTERN)
          .select { |path| File.file?(path) }
+         .sort # sorted by the path
+         .map { |path| { "sources" => normalize_source_path(path), "text" => File.read(path).rstrip } }
+         .select { |notice| notice["text"].length > 0 } # files with content only
     end
 
     private
 
-    # Returns the sources for a group of license or notice file contents
+    # Returns the sources for a group of license file contents
     #
     # Sources are returned as a single string with sources separated by ", "
-    def content_sources(files)
+    def license_content_sources(files)
       paths = Array(files).map do |file|
-        path = if file.is_a?(Licensee::ProjectFiles::ProjectFile)
-          dir_path.join(file[:dir], file[:name])
-        else
-          Pathname.new(file).expand_path(dir_path)
-        end
-
-        if path.fnmatch?(dir_path.join("**").to_path)
-          # files under the dependency path return the relative path to the file
-          path.relative_path_from(dir_path).to_path
-        else
-          # otherwise return the source_path as the immediate parent folder name
-          # joined with the file name
-          path.dirname.basename.join(path.basename).to_path
-        end
+        next file[:uri] if file[:uri]
+
+        path = dir_path.join(file[:dir], file[:name])
+        normalize_source_path(path)
       end
 
       paths.join(", ")
     end
 
+    def normalize_source_path(path)
+      path = Pathname.new(path) unless path.is_a?(Pathname)
+      if path.fnmatch?(dir_path.join("**").to_path)
+        # files under the dependency path return the relative path to the file
+        path.relative_path_from(dir_path).to_path
+      else
+        # otherwise return the source_path as the immediate parent folder name
+        # joined with the file name
+        path.dirname.basename.join(path.basename).to_path
+      end
+    end
+
     # Returns the metadata that represents this dependency.  This metadata
     # is written to YAML in the dependencys cached text file
     def license_metadata

data/lib/licensed/migrations/v2.rb

@@ -28,7 +28,9 @@ module Licensed
           end
 
           app.sources.each do |source|
-            Dir.chdir app.cache_path.join(source.class.type) do
+            cache_path = app.cache_path.join(source.class.type)
+            next unless File.exist?(cache_path)
+            Dir.chdir cache_path do
               # licensed v1 cached records were stored as .txt files with YAML frontmatter
               Dir["**/*.txt"].each do |file|
                 yaml, licenses, notices = parse_file(file)

data/lib/licensed/sources.rb

@@ -11,5 +11,6 @@ module Licensed
     require "licensed/sources/manifest"
     require "licensed/sources/npm"
     require "licensed/sources/pip"
+    require "licensed/sources/gradle"
   end
 end

data/lib/licensed/sources/bundler.rb

@@ -1,4 +1,5 @@
 # frozen_string_literal: true
+require "delegate"
 begin
   require "bundler"
 rescue LoadError
@@ -36,6 +37,43 @@ module Licensed
         end
       end
 
+      class BundlerSpecification < ::SimpleDelegator
+        def gem_dir
+          dir = super
+          return dir if File.exist?(dir)
+
+          File.join(Gem.dir, "gems", full_name)
+        end
+      end
+
+      class Dependency < Licensed::Dependency
+        attr_reader :loaded_from
+
+        def initialize(name:, version:, path:, loaded_from:, errors: [], metadata: {})
+          @loaded_from = loaded_from
+          super name: name, version: version, path: path, errors: errors, metadata: metadata
+        end
+
+        # Load a package manager file from the base Licensee::Projects::FsProject
+        # or from a gem specification file.
+        def package_file
+          super || spec_file
+        end
+
+        private
+
+        # Find a package manager file from the given bundler specification's
+        # `loaded_from` if available.
+        def spec_file
+          return @spec_file if defined?(@spec_file)
+          return @spec_file = nil unless loaded_from && File.exist?(loaded_from)
+          @spec_file = begin
+            file = { name: File.basename(loaded_from), dir: File.dirname(loaded_from) }
+            Licensee::ProjectFiles::PackageManagerFile.new(File.read(loaded_from), file)
+          end
+        end
+      end
+
       GEMFILES = %w{Gemfile gems.rb}.freeze
       DEFAULT_WITHOUT_GROUPS = %i{development test}
 
@@ -50,10 +88,11 @@ module Licensed
         with_local_configuration do
           specs.map do |spec|
             error = spec.error if spec.respond_to?(:error)
-            Licensed::Dependency.new(
+            Dependency.new(
               name: spec.name,
               version: spec.version.to_s,
               path: spec.gem_dir,
+              loaded_from: spec.loaded_from,
               errors: Array(error),
               metadata: {
                 "type"     => Bundler.type,
@@ -112,7 +151,7 @@ module Licensed
         spec = definition.resolve.find { |s| s.satisfies?(dependency) }
 
         # a nil spec should be rare, generally only seen from bundler
-        return bundle_exec_gem_spec(dependency.name) if spec.nil?
+        return matching_spec(dependency) || bundle_exec_gem_spec(dependency.name) if spec.nil?
 
         # try to find a non-lazy specification that matches `spec`
         # spec.source.specs gives access to specifications with more
@@ -184,6 +223,21 @@ module Licensed
         end
       end
 
+      # Loads a dependency specification using rubygems' built-in
+      # `Dependency#matching_specs` and `Dependency#to_spec`, from the original
+      # gem environment
+      def matching_spec(dependency)
+        begin
+          ::Bundler.with_original_env do
+            ::Bundler.rubygems.clear_paths
+            return unless dependency.matching_specs(true).any?
+            BundlerSpecification.new(dependency.to_spec)
+          end
+        ensure
+          ::Bundler.configure
+        end
+      end
+
       # Build the bundler definition
       def definition
         @definition ||= ::Bundler::Definition.build(gemfile_path, lockfile_path, nil)

data/lib/licensed/sources/gradle.rb

@@ -0,0 +1,183 @@
+# frozen_string_literal: true
+require "tempfile"
+require "csv"
+require "uri"
+require "json"
+require "net/http"
+require "fileutils"
+
+module Licensed
+  module Sources
+    class Gradle < Source
+
+      DEFAULT_CONFIGURATIONS   = ["runtime", "runtimeClasspath"].freeze
+      GRADLE_LICENSES_PATH     = ".gradle-licenses".freeze
+
+      class Dependency < Licensed::Dependency
+        GRADLE_LICENSES_CSV_NAME = "licenses.csv".freeze
+
+        class << self
+          # Returns a key to uniquely identify a name and version in the obtained CSV content
+          def csv_key(name:, version:)
+            "#{name}-#{version}"
+          end
+
+          # Loads and caches license report CSV data as a hash of :name-:version => :url pairs
+          #
+          # executable     - The gradle executable to run to generate the license report
+          # configurations - The gradle configurations to generate license report for
+          #
+          # Returns a hash of dependency identifiers to their license content URL
+          def load_csv(path, executable, configurations)
+            @csv ||= begin
+              gradle_licenses_dir = File.join(path, GRADLE_LICENSES_PATH)
+              Licensed::Sources::Gradle.gradle_command("generateLicenseReport", path: path, executable: executable, configurations: configurations)
+              CSV.foreach(File.join(gradle_licenses_dir, GRADLE_LICENSES_CSV_NAME), headers: true).each_with_object({}) do |row, hsh|
+                name, _, version = row["artifact"].rpartition(":")
+                key = csv_key(name: name, version: version)
+                hsh[key] = row["moduleLicenseUrl"]
+              end
+            ensure
+              FileUtils.rm_rf(gradle_licenses_dir)
+            end
+          end
+
+          # Returns the cached url for the given dependency
+          def url_for(dependency)
+            @csv[csv_key(name: dependency.name, version: dependency.version)]
+          end
+
+          # Cache and return the results of getting the license content.
+          def retrieve_license(url)
+            (@licenses ||= {})[url] ||= Net::HTTP.get(URI(url))
+          end
+        end
+
+        def initialize(name:, version:, path:, executable:, configurations:, metadata: {})
+          @configurations = configurations
+          @executable = executable
+          super(name: name, version: version, path: path, metadata: metadata)
+        end
+
+        # Returns whether the dependency content exists
+        def exist?
+          # shouldn't force network connections just to check if content exists
+          # only check that the path is not empty
+          !path.to_s.empty?
+        end
+
+        # Returns a Licensee::ProjectFiles::LicenseFile for the dependency
+        def project_files
+          self.class.load_csv(path, @executable, @configurations)
+          url = self.class.url_for(self)
+
+          return [] if url.nil?
+
+          license_data = self.class.retrieve_license(url)
+
+          Array(Licensee::ProjectFiles::LicenseFile.new(license_data, { uri: url }))
+        end
+      end
+
+      def enabled?
+        !gradle_executable.to_s.empty? && File.exist?(config.pwd.join("build.gradle"))
+      end
+
+      def enumerate_dependencies
+        JSON.parse(self.class.gradle_command("printDependencies", path: config.pwd, executable: gradle_executable, configurations: configurations)).map do |package|
+          name = "#{package["group"]}:#{package["name"]}"
+          Dependency.new(
+            name: name,
+            version: package["version"],
+            path: config.pwd,
+            executable: gradle_executable,
+            configurations: configurations,
+            metadata: {
+              "type"     => Gradle.type
+            }
+          )
+        end
+      end
+
+      private
+
+      def gradle_executable
+        return @gradle_executable if defined?(@gradle_executable)
+        @gradle_executable = begin
+          gradlew = File.join(config.pwd, "gradlew")
+          return gradlew if File.executable?(gradlew)
+          "gradle" if Licensed::Shell.tool_available?("gradle")
+        end
+      end
+
+      # Returns the configurations to include in license generation.
+      # Defaults to ["runtime", "runtimeClasspath"]
+      def configurations
+        @configurations ||= begin
+          if configurations = config.dig("gradle", "configurations")
+            Array(configurations)
+          else
+            DEFAULT_CONFIGURATIONS
+          end
+        end
+      end
+
+      def self.add_gradle_license_report_plugins_block(gradle_build_file)
+
+        if gradle_build_file.include? "plugins"
+          gradle_build_file.gsub(/(?<=plugins)\s+{/, " { id 'com.github.jk1.dependency-license-report' version '1.6'")
+        else
+
+          gradle_build_file = " plugins { id 'com.github.jk1.dependency-license-report' version '1.6' }" + gradle_build_file
+        end
+      end
+
+      def self.gradle_command(*args, path:, executable:, configurations:)
+        gradle_build_file = File.read("build.gradle")
+
+        if !gradle_build_file.include? "dependency-license-report"
+          gradle_build_file = Licensed::Sources::Gradle.add_gradle_license_report_plugins_block(gradle_build_file)
+        end
+
+        Dir.chdir(path) do
+          Tempfile.create(["license-", ".gradle"], path) do |f|
+            f.write(gradle_build_file)
+            f.write gradle_file(configurations)
+            f.close
+            Licensed::Shell.execute(executable, "-q", "-b", f.path, *args)
+          end
+        end
+      end
+
+      def self.gradle_file(configurations)
+        <<~EOF
+
+          import com.github.jk1.license.render.CsvReportRenderer
+          import com.github.jk1.license.filter.LicenseBundleNormalizer
+
+          final configs = #{configurations.inspect}
+
+          licenseReport {
+              configurations = configs
+              outputDir = "$projectDir/#{GRADLE_LICENSES_PATH}"
+              renderers = [new CsvReportRenderer()]
+              filters = [new LicenseBundleNormalizer()]
+          }
+
+          task printDependencies {
+              doLast {
+                  def dependencies = []
+                  configs.each {
+                      configurations[it].resolvedConfiguration.resolvedArtifacts.each { artifact ->
+                          def id = artifact.moduleVersion.id
+                          dependencies << "  { \\"group\\": \\"${id.group}\\", \\"name\\": \\"${id.name}\\", \\"version\\": \\"${id.version}\\" }"
+                      }
+                  }
+                  println "[\\n${dependencies.join(", ")}\\n]"
+              }
+          }
+        EOF
+      end
+    end
+  end
+end

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "2.0.1".freeze
+  VERSION = "2.1.0".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

data/licensed.gemspec

@@ -31,7 +31,8 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "minitest", "~> 5.8"
-  spec.add_development_dependency "rubocop", "~> 0.49"
+  spec.add_development_dependency "mocha", "~> 1.0"
+  spec.add_development_dependency "rubocop", "~> 0.49", "< 0.67"
   spec.add_development_dependency "rubocop-github", "~> 0.6"
   spec.add_development_dependency "byebug", "~> 10.0.0"
 end

data/script/packages/build

@@ -0,0 +1,92 @@
+#!/bin/bash
+#/ Usage: script/packages/build <RUBYC> [VERSION]
+#/
+#/ WARNING: Do not call this directly. Please create packages using
+#/ `script/package [platform]` or `bundle exec rake package[platform]`
+#/
+#/ Builds a distributable package for licensed for a given RUBYC compiler and licensed VERSION.
+#/ Packages are of the form licensed-$VERSION-$PLATFORM-x64.tar.gz and contain a `./licensed` executable
+#/ Built Packages are placed in the <root>/pkg/$VERSION directory.
+#/
+#/ OPTIONS:
+#/   <RUBYC>           The path to a rubyc compiler that should be used to compile the target executable
+#/   [VERSION]         (optional, default to current git branch or SHA1) version of licensed to build exe at
+#/
+#/ EXAMPLES:
+#/
+#/   Builds a package for version 1.1.0 using a local rubyc compiler
+#/     $ script/packages/build RUBYC="./rubyc-darwin" VERSION="1.1.0"
+#/
+
+set -euo pipefail
+
+BASE_DIR="$(cd "$(dirname $0)/../.." && pwd)"
+RUBYC=${RUBYC:=""}
+if [ ! -f "$RUBYC" ]; then
+  echo "Specify a rubyc compiler using the RUBYC environment variable" >&2
+  exit 127
+fi
+
+# if a version is not provided, get an identifier from the current HEAD
+VERSION=${VERSION:="$(git rev-parse --abbrev-ref HEAD)"}
+
+BUILD_DIR="$(mktemp -d)"
+COPY_DIR="$(mktemp -d)"
+trap "rm -rf $BUILD_DIR; rm -rf $COPY_DIR" EXIT
+
+# copy the repo to a separate directory.  determining license metadata
+# will require a clean environment with no Gemfile.lock.  using a work location
+# is preferred to messing with a development repository
+rsync -r --exclude="test/" --exclude=".licenses/" --exclude="vendor/" --exclude="Gemfile.lock" --exclude="pkg/" $BASE_DIR/ $COPY_DIR
+cd $COPY_DIR
+
+# ensure repo is at $VERSION and build executable, restoring the repo to previous
+# state after build.
+(
+  # run in a subshell for ease of returning to the current branch after building
+  # the executable
+  CURRENT_BRANCH="$(git rev-parse --abbrev-ref HEAD)"
+  if [[ "$VERSION" != "$CURRENT_BRANCH" ]]; then
+    git checkout "$VERSION"
+    trap "git checkout $CURRENT_BRANCH" EXIT
+  fi
+
+  # build the licensed rubyc executable
+  "$RUBYC" --clean-tmpdir -o "$BUILD_DIR/licensed" "$COPY_DIR/exe/licensed"
+  chmod +x $BUILD_DIR/licensed
+)
+
+# non-executable content will be stored in a `meta` directory
+mkdir -p "$BUILD_DIR/meta"
+
+# include dependency license data in package; run bundle update in temp work dir
+# and then run licensed on itself in that directory to grab license data
+# NOTE: this does not produce accurate license information if any licensed
+# depends on any platform-specific gems.
+(
+  # run in a subshell so that `unset BUNDLER_VERSION` is contained.  the ENV var
+  # is required to successfully build a distributable executable on
+  # dockerized linux
+  unset BUNDLER_VERSION
+
+  # determining dependency license data needs to be done from a clean environment
+  # without previous dependencies or a Gemfile.lock so as to pull in the latest
+  # bundler version, which is what the distributed executable uses
+  script/bootstrap
+  bundle exec exe/licensed cache
+  cp -R "$COPY_DIR/.licenses" "$BUILD_DIR/meta"
+)
+
+# copy static metadata to build directory
+mkdir -p "$BUILD_DIR/meta/ruby"
+curl -o "$BUILD_DIR/meta/ruby/license.txt" "https://www.ruby-lang.org/en/about/license.txt"
+cp "$BASE_DIR/LICENSE" "$BUILD_DIR/meta"
+cp "$BASE_DIR/README.md" "$BUILD_DIR/meta"
+
+# create release archive
+PLATFORM="$(uname -s | tr '[:upper:]' '[:lower:]')"
+TARGET="$BASE_DIR/pkg/$VERSION/licensed-$VERSION-$PLATFORM-x64.tar.gz"
+mkdir -p "$(dirname $TARGET)"
+tar -C "$BUILD_DIR" -czf "$TARGET" .
+
+echo "licensed package built to $TARGET"

data/script/packages/linux

@@ -27,21 +27,23 @@ build_linux_docker() {
     -v "$BASE_DIR":/var/licensed \
     -w /var/licensed \
     "$IMAGE" \
-    "script/build-rubyc-exe"
+    "script/packages/build"
 }
 
 build_linux_local() {
   sudo apt-get update && \
        apt-get install -y --no-install-recommends cmake make gcc pkg-config squashfs-tools curl bison git
 
-  if [ ! -f "$BASE_DIR/bin/rubyc-linux" ]; then
-    mkdir -p "$BASE_DIR/bin"
-    curl -L http://enclose.io/rubyc/rubyc-linux-x64.gz | gunzip > "$BASE_DIR/bin/rubyc-linux"
-    chmod +x "$BASE_DIR/bin/rubyc-linux"
+  RUBYC="$BASE_DIR/bin/rubyc-linux"
+  if [ ! -f "$RUBYC" ]; then
+    mkdir -p "$(dirname "$RUBYC")"
+    curl -L http://enclose.io/rubyc/rubyc-linux-x64.gz | gunzip > "$RUBYC"
+    chmod +x "$RUBYC"
   fi
 
   export CPPFLAGS="-P"
-  RUBYC="$BASE_DIR/bin/rubyc-linux" "$BASE_DIR"/script/build-rubyc-exe
+  export RUBYC
+  "$BASE_DIR"/script/packages/build
 }
 
 if [[ "$(uname -s)" != "Linux" ]]; then

data/script/packages/mac

@@ -22,14 +22,16 @@ if [[ "$(uname -s)" != "Darwin" ]]; then
 fi
 
 BASE_DIR="$(cd "$(dirname $0)/../.." && pwd)"
+RUBYC="$BASE_DIR/bin/rubyc-darwin"
 
 brew update
 brew list "squashfs" &>/dev/null || brew install "squashfs"
 
-if [ ! -f "$BASE_DIR/bin/rubyc-darwin" ]; then
-  mkdir -p "$BASE_DIR/bin"
-  curl -L http://enclose.io/rubyc/rubyc-darwin-x64.gz | gunzip > "$BASE_DIR/bin/rubyc-darwin"
-  chmod +x "$BASE_DIR/bin/rubyc-darwin"
+if [ ! -f "$RUBYC" ]; then
+  mkdir -p "$(dirname "$RUBYC")"
+  curl -L http://enclose.io/rubyc/rubyc-darwin-x64.gz | gunzip > "$RUBYC"
+  chmod +x "$RUBYC"
 fi
 
-RUBYC="$BASE_DIR/bin/rubyc-darwin" "$BASE_DIR"/script/build-rubyc-exe
+export RUBYC
+"$BASE_DIR"/script/packages/build

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 2.0.1
+  version: 2.1.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-02-14 00:00:00.000000000 Z
+date: 2019-04-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -108,6 +108,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '5.8'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
@@ -115,6 +129,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.49'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.67'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -122,6 +139,9 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '0.49'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.67'
 - !ruby/object:Gem::Dependency
   name: rubocop-github
   requirement: !ruby/object:Gem::Requirement
@@ -159,6 +179,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".licensed.yml"
 - ".rubocop.yml"
 - ".ruby-version"
 - ".travis.yml"
@@ -182,6 +203,7 @@ files:
 - docs/sources/dep.md
 - docs/sources/git_submodule.md
 - docs/sources/go.md
+- docs/sources/gradle.md
 - docs/sources/manifests.md
 - docs/sources/npm.md
 - docs/sources/pip.md
@@ -213,6 +235,7 @@ files:
 - lib/licensed/sources/dep.rb
 - lib/licensed/sources/git_submodule.rb
 - lib/licensed/sources/go.rb
+- lib/licensed/sources/gradle.rb
 - lib/licensed/sources/manifest.rb
 - lib/licensed/sources/npm.rb
 - lib/licensed/sources/pip.rb
@@ -221,10 +244,10 @@ files:
 - lib/licensed/version.rb
 - licensed.gemspec
 - script/bootstrap
-- script/build-rubyc-exe
 - script/cibuild
 - script/console
 - script/package
+- script/packages/build
 - script/packages/linux
 - script/packages/mac
 - script/setup

data/script/build-rubyc-exe

@@ -1,58 +0,0 @@
-#!/bin/bash
-#/ Usage: script/build-rubyc-exe <RUBYC> [VERSION]
-#/
-#/ WARNING: You should not need to call this directly. Please create packages using
-#/ `script/package [platform]` or `bundle exec rake package[platform]`
-#/
-#/ Builds a distributable package for licensed for a given RUBYC compiler and licensed VERSION.
-#/ Packages are of the form licensed-$VERSION-$PLATFORM-x64.tar.gz and contain a `./licensed` executable
-#/ Built Packages are placed in the <root>/pkg directory.
-#/
-#/ OPTIONS:
-#/   <RUBYC>           The path to a rubyc compiler that should be used to compile the target executable
-#/   [VERSION]         (optional, default to current git branch or SHA1) version of licensed to build exe at
-#/
-#/ EXAMPLES:
-#/
-#/   Builds a package for version 1.1.0 using a local rubyc compiler
-#/     $ build-rubyc-exe RUBYC="./rubyc-darwin" VERSION="1.1.0"
-#/
-
-set -euo pipefail
-
-usage(){
-  grep "^#/" <"$0" | cut -c3-
-}
-
-BASE_DIR="$(cd "$(dirname $0)/.." && pwd)"
-VERSION=${VERSION:=""}
-RUBYC=${RUBYC:=""}
-if [ ! -f "$RUBYC" ]; then
-  echo "Please specify a rubyc compiler" >&2
-  usage
-  exit 127
-fi
-
-BUILD_DEST="$(mktemp -d)"
-trap "rm -rf $BUILD_DEST" EXIT
-
-if [ -n "$VERSION" ]; then
-  CURRENT_BRANCH="$(git rev-parse --abbrev-ref HEAD)"
-  git checkout "$VERSION"
-  trap "rm -rf $BUILD_DEST; git checkout $CURRENT_BRANCH" EXIT
-else
-  VERSION="$(git rev-parse --abbrev-ref HEAD)"
-fi
-
-PACKAGE_DEST="$BASE_DIR/pkg"
-mkdir -p "$PACKAGE_DEST"
-
-PLATFORM="$(uname -s | tr '[:upper:]' '[:lower:]')"
-TARGET="licensed-$VERSION-$PLATFORM-x64.tar.gz"
-
-"$RUBYC" --clean-tmpdir -o "$BUILD_DEST/licensed" "$BASE_DIR/exe/licensed"
-
-chmod +x $BUILD_DEST/licensed
-tar -C "$BUILD_DEST" -czf "$PACKAGE_DEST/$TARGET" "./licensed"
-
-echo "licensed built to $PACKAGE_DEST/$TARGET"