licensed 2.13.0 → 2.14.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a4477f07cae2650a7d8679a9042f73a7d14d8de019088be22d09f30e0f8af4c2
4
- data.tar.gz: b4cbd8769c1f98b1a0729e5d603ff08c15d2d5c5e4e8e029cd3bce7f69f395c1
3
+ metadata.gz: b246cf67fe29bfe3612770c81b44006cdc185e2875deba36aa339b7f8be6d654
4
+ data.tar.gz: 47e90e173cd914d214c270db673c1ffdff61f155853fec18da41837cebe7740b
5
5
  SHA512:
6
- metadata.gz: 83e7612e7a1fe2dbb77d48893c68db036630a45cdbc37f38f6630be0380231d9ac7fc0d37298d3a8a349d4bd43eb1dad64b7ec26a4b8d795806fb682091d94b7
7
- data.tar.gz: 26e4fed8cede2d4de43fc511a85a82507dcc0cbcc9a66537d39a189d533a7cfbb22fdf2be5ad242ae72f4943fde6676c23b0bdcdf906beeecef813369177c158
6
+ metadata.gz: 8e651c1ce72c6802b7f13e813ea4227c8dbeb53058deb8f68f1c8eabbcf4b9c4b9bd4a130b2d00b4238e14577f0a341d55fabac5aa72d0c3d0195a4b75bd1c86
7
+ data.tar.gz: b07832f775f62da3fef628bf3ca9769e6f33e9d32338ffe468dad212f27d65d2be455e57ac73786930017d55308cd5222f2280f2944c832a1f32fa5c8a3557bb
@@ -1,18 +1,12 @@
1
- name: Create release
1
+ name: Build and publish release assets
2
2
 
3
- on: create
3
+ on:
4
+ release:
5
+ types: [created]
4
6
 
5
7
  jobs:
6
- tag_filter:
7
- runs-on: ubuntu-latest
8
- if: startsWith(github.ref, 'refs/tags/')
9
- steps:
10
- - run: exit 0
11
-
12
8
  package_linux:
13
9
  runs-on: ubuntu-latest
14
- needs: tag_filter
15
-
16
10
  steps:
17
11
  - uses: actions/checkout@v2
18
12
  - name: Set up Ruby 2.6
@@ -23,17 +17,15 @@ jobs:
23
17
  - name: Build package
24
18
  run: script/packages/linux
25
19
  env:
26
- VERSION: ${{github.event.ref}}
20
+ VERSION: ${{github.event.release.tag_name}}
27
21
 
28
22
  - uses: actions/upload-artifact@v2
29
23
  with:
30
- name: ${{github.event.ref}}-linux
31
- path: pkg/${{github.event.ref}}/licensed-${{github.event.ref}}-linux-x64.tar.gz
24
+ name: ${{github.event.release.tag_name}}-linux
25
+ path: pkg/${{github.event.release.tag_name}}/licensed-${{github.event.release.tag_name}}-linux-x64.tar.gz
32
26
 
33
27
  package_mac:
34
28
  runs-on: macOS-latest
35
- needs: tag_filter
36
-
37
29
  steps:
38
30
  - uses: actions/checkout@v2
39
31
  - name: Set up Ruby 2.6
@@ -44,17 +36,15 @@ jobs:
44
36
  - name: Build package
45
37
  run: script/packages/mac
46
38
  env:
47
- VERSION: ${{github.event.ref}}
39
+ VERSION: ${{github.event.release.tag_name}}
48
40
 
49
41
  - uses: actions/upload-artifact@v2
50
42
  with:
51
- name: ${{github.event.ref}}-darwin
52
- path: pkg/${{github.event.ref}}/licensed-${{github.event.ref}}-darwin-x64.tar.gz
43
+ name: ${{github.event.release.tag_name}}-darwin
44
+ path: pkg/${{github.event.release.tag_name}}/licensed-${{github.event.release.tag_name}}-darwin-x64.tar.gz
53
45
 
54
46
  build_gem:
55
47
  runs-on: ubuntu-latest
56
- needs: tag_filter
57
-
58
48
  steps:
59
49
  - uses: actions/checkout@v2
60
50
  - name: Set up Ruby 2.6
@@ -63,25 +53,16 @@ jobs:
63
53
  ruby-version: 2.6.x
64
54
 
65
55
  - name: Build gem
66
- run: gem build *.gemspec
56
+ run: gem build licensed.gemspec -o licensed-${{github.event.release.tag_name}}.gem
67
57
 
68
58
  - uses: actions/upload-artifact@v2
69
59
  with:
70
- name: ${{github.event.ref}}-gem
71
- path: licensed-${{github.event.ref}}.gem
72
-
73
- create_release:
74
- runs-on: ubuntu-latest
75
- needs: [package_linux, package_mac, build_gem]
76
- steps:
77
- - uses: Roang-zero1/github-create-release-action@v1.0.2
78
- env:
79
- GITHUB_TOKEN: ${{ secrets.API_AUTH_TOKEN }}
80
- VERSION_REGEX: "^[[:digit:]]+\\.[[:digit:]]+\\.[[:digit:]]+"
60
+ name: ${{github.event.release.tag_name}}-gem
61
+ path: licensed-${{github.event.release.tag_name}}.gem
81
62
 
82
63
  upload_packages:
83
64
  runs-on: ubuntu-latest
84
- needs: [create_release]
65
+ needs: [package_linux, package_mac, build_gem]
85
66
 
86
67
  steps:
87
68
  - name: Set up Ruby 2.6
@@ -92,32 +73,45 @@ jobs:
92
73
  - name: Download linux package
93
74
  uses: actions/download-artifact@v2
94
75
  with:
95
- name: ${{github.event.ref}}-linux
76
+ name: ${{github.event.release.tag_name}}-linux
96
77
 
97
78
  - name: Download macOS package
98
79
  uses: actions/download-artifact@v2
99
80
  with:
100
- name: ${{github.event.ref}}-darwin
81
+ name: ${{github.event.release.tag_name}}-darwin
101
82
 
102
83
  - name: Download gem
103
84
  uses: actions/download-artifact@v2
104
85
  with:
105
- name: ${{github.event.ref}}-gem
86
+ name: ${{github.event.release.tag_name}}-gem
106
87
 
107
- - name: Publish packages to GitHub Release
108
- uses: Roang-zero1/github-upload-release-artifacts-action@v2.0.0
88
+ - name: Publish linux package
89
+ uses: actions/upload-release-asset@v1
90
+ env:
91
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
109
92
  with:
110
- args: licensed-${{github.event.ref}}-linux-x64.tar.gz licensed-${{github.event.ref}}-darwin-x64.tar.gz
93
+ upload_url: ${{ github.event.release.upload_url }}
94
+ asset_path: ./licensed-${{github.event.release.tag_name}}-linux-x64.tar.gz
95
+ asset_name: licensed-${{github.event.release.tag_name}}-linux-x64.tar.gz
96
+ asset_content_type: application/gzip
97
+
98
+ - name: Publish mac package
99
+ uses: actions/upload-release-asset@v1
111
100
  env:
112
- GITHUB_TOKEN: ${{secrets.API_AUTH_TOKEN}}
101
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
102
+ with:
103
+ upload_url: ${{ github.event.release.upload_url }}
104
+ asset_path: ./licensed-${{github.event.release.tag_name}}-darwin-x64.tar.gz
105
+ asset_name: licensed-${{github.event.release.tag_name}}-darwin-x64.tar.gz
106
+ asset_content_type: application/gzip
113
107
 
114
108
  - name: Publish gem to RubyGems
115
109
  run: |
116
110
  mkdir -p $HOME/.gem
117
111
  touch $HOME/.gem/credentials
118
112
  chmod 0600 $HOME/.gem/credentials
119
- printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
113
+ printf -- "---\n:rubygems_api_key: ${RUBYGEMS_API_KEY}\n" > $HOME/.gem/credentials
120
114
  gem push $GEM
121
115
  env:
122
- GEM_HOST_API_KEY: ${{secrets.RUBYGEMS_AUTH_TOKEN}}
123
- GEM: licensed-${{github.event.ref}}.gem
116
+ RUBYGEMS_API_KEY: ${{secrets.RUBYGEMS_AUTH_TOKEN}}
117
+ GEM: licensed-${{github.event.release.tag_name}}.gem
@@ -165,7 +165,7 @@ jobs:
165
165
  runs-on: ubuntu-latest
166
166
  strategy:
167
167
  matrix:
168
- go: [ '1.7.x', '1.10.x', '1.11.x', '1.12.x', '1.13.x', '1.14.x' ]
168
+ go: [ '1.10.x', '1.11.x', '1.12.x', '1.13.x', '1.14.x', '1.15.x' ]
169
169
  steps:
170
170
  - uses: actions/checkout@v2
171
171
  - name: Setup go
@@ -6,6 +6,15 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
6
6
 
7
7
  ## [Unreleased]
8
8
 
9
+ ## 2.14.0
10
+ 2020-10-04
11
+
12
+ ### Addded
13
+ - `reviewed` dependencies can use glob pattern matching (https://github.com/github/licensed/pull/313)
14
+
15
+ ### Fixed
16
+ - Fix configuring source path globs that expand into a single directory (https://github.com/github/licensed/pull/312)
17
+
9
18
  ## 2.13.0
10
19
  2020-09-23
11
20
 
@@ -351,4 +360,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
351
360
 
352
361
  Initial release :tada:
353
362
 
354
- [Unreleased]: https://github.com/github/licensed/compare/2.13.0...HEAD
363
+ [Unreleased]: https://github.com/github/licensed/compare/2.14.0...HEAD
@@ -39,7 +39,7 @@ Pull requests that include a new dependency source must also
39
39
  ## Releasing
40
40
  If you are the current maintainer of this gem:
41
41
 
42
- 1. Create a branch for the release: git checkout -b cut-release-vxx.xx.xx
42
+ 1. Create a branch for the release: git checkout -b cut-release-xx.xx.xx
43
43
  2. Make sure your local dependencies are up to date: `script/bootstrap`
44
44
  3. Ensure that tests are green: `bundle exec rake test`
45
45
  4. Bump gem version in lib/licensed/version.rb.
@@ -51,15 +51,16 @@ If you are the current maintainer of this gem:
51
51
  2. Install the new gem locally
52
52
  3. Test behavior locally, branch deploy, whatever needs to happen
53
53
  9. Merge github/licensed PR
54
- 10. Tag and push: `git tag x.xx.xx; git push --tags`
54
+ 10. Create a new [github/licensed release](https://github.com/github/licensed/releases)
55
+ - Set the release name and tag to the release version - `x.xx.x`
56
+ - Set the release body to the changelog entries for the release
55
57
 
56
58
  The following steps will happen automatically from a GitHub Actions workflow
57
- after pushing a new tag. In case that fails, the following steps can be performed manually
59
+ after creating the release. In case that fails, the following steps can be performed manually
58
60
 
59
- 11. Push to rubygems.org -- `gem push licensed-x.xx.xx.gem`
61
+ 11. Push the gem from (7) to rubygems.org -- `gem push licensed-x.xx.xx.gem`
60
62
  12. Build packages for new tag: `VERSION=x.xx.xx bundle exec rake package`
61
- 13. Create release for new tag at github/licensed.
62
- 14. Add built packages to new release
63
+ 13. Upload packages from (12) to release from (10)
63
64
 
64
65
  ## Resources
65
66
 
@@ -23,7 +23,7 @@ If a root path is not specified, it will default to using the following, in orde
23
23
 
24
24
  The `source_path` property can use a glob path to share configuration properties across multiple application entrypoints.
25
25
 
26
- For example, there is a common pattern in go projects to include multiple executable entrypoints under folders in `cmd`. Using a glob pattern allows users to avoid manually configuring and maintaining multiple licensed application `source_path`s. Using a glob pattern will also ensure that any new entrypoints matching the pattern are automatically picked up by licensed commands as they are added.
26
+ For example, there is a common pattern in Go projects to include multiple executable entrypoints under folders in `cmd`. Using a glob pattern allows users to avoid manually configuring and maintaining multiple licensed application `source_path`s. Using a glob pattern will also ensure that any new entrypoints matching the pattern are automatically picked up by licensed commands as they are added.
27
27
 
28
28
  ```yml
29
29
  sources:
@@ -118,12 +118,6 @@ ignored:
118
118
  bower:
119
119
  - some-internal-package
120
120
 
121
- go:
122
- # ignore all go packages from import paths starting with github.com/internal-package
123
- # see the `File.fnmatch?` documentation for details on how patterns are matched.
124
- # comparisons use the FNM_CASEFOLD and FNM_PATHNAME flags
125
- - github.com/internal-package/**/*
126
-
127
121
  # These dependencies have licenses not on the `allowed` list and have been reviewed.
128
122
  # They will be cached and checked, but will not raise errors or warnings for a
129
123
  # non-allowed license. Dependencies on this list will still raise errors if
@@ -24,6 +24,26 @@ The setting supports absolute, relative and expandable (e.g. "~") paths. Relati
24
24
 
25
25
  Non-empty `GOPATH` configuration settings will override the `GOPATH` environment variable while enumerating `go` dependencies. The `GOPATH` environment variable is restored once dependencies have been enumerated.
26
26
 
27
+ #### Reviewing and ignoring all packages from a Go module
28
+
29
+ Go's package and module structure has common conventions that documentation and metadata for all packages in a module live in the module root. In this scenario all packages share the same LICENSE information and can be reviewed or ignored at the module level rather than per-package using glob patterns.
30
+
31
+ ```yaml
32
+ reviewed:
33
+ go:
34
+ # review all Go packages from import paths starting with github.com/external-package
35
+ # see the `File.fnmatch?` documentation for details on how patterns are matched.
36
+ # comparisons use the FNM_CASEFOLD and FNM_PATHNAME flags
37
+ - github.com/external-package/**/*
38
+
39
+ ignored:
40
+ go:
41
+ # ignore all Go packages from import paths starting with github.com/internal-package
42
+ # see the `File.fnmatch?` documentation for details on how patterns are matched.
43
+ # comparisons use the FNM_CASEFOLD and FNM_PATHNAME flags
44
+ - github.com/internal-package/**/*
45
+ ```
46
+
27
47
  #### Versioning
28
48
 
29
49
  The go source supports multiple versioning strategies to determine if cached dependency metadata is stale. A version strategy is chosen based on the availability of go module information along with the current app configuration.
@@ -72,6 +72,12 @@ module Licensed
72
72
  # Returns whether the command succeeded for the application.
73
73
  def run_app(app)
74
74
  reporter.report_app(app) do |report|
75
+ # ensure the app source path exists before evaluation
76
+ if !Dir.exist?(app.source_path)
77
+ report.errors << "No such directory #{app.source_path}"
78
+ next false
79
+ end
80
+
75
81
  Dir.chdir app.source_path do
76
82
  begin
77
83
  # allow additional report data to be given by commands
@@ -69,7 +69,9 @@ module Licensed
69
69
 
70
70
  # Is the given dependency reviewed?
71
71
  def reviewed?(dependency)
72
- Array(self["reviewed"][dependency["type"]]).include?(dependency["name"])
72
+ Array(self["reviewed"][dependency["type"]]).any? do |pattern|
73
+ File.fnmatch?(pattern, dependency["name"], File::FNM_PATHNAME | File::FNM_CASEFOLD)
74
+ end
73
75
  end
74
76
 
75
77
  # Is the given dependency ignored?
@@ -158,19 +160,22 @@ module Licensed
158
160
  def self.expand_app_source_path(app_config)
159
161
  return app_config if app_config["source_path"].to_s.empty?
160
162
 
163
+ # check if the source path maps to an existing directory
161
164
  source_path = File.expand_path(app_config["source_path"], AppConfiguration.root_for(app_config))
165
+ return app_config if Dir.exist?(source_path)
166
+
167
+ # try to expand the source path for glob patterns
162
168
  expanded_source_paths = Dir.glob(source_path).select { |p| File.directory?(p) }
163
- # return the original configuration if glob didn't result in multiple paths
164
- return app_config if expanded_source_paths.size <= 1
169
+ configs = expanded_source_paths.map { |path| app_config.merge("source_path" => path) }
165
170
 
166
- # map the expanded paths to new application configurations
167
- expanded_source_paths.map do |path|
168
- config = app_config.merge("source_path" => path)
171
+ # if no directories are found for the source path, return the original config
172
+ return app_config if configs.size == 0
169
173
 
170
- # update configured values for name and cache_path for uniqueness.
171
- # this is only needed when values are explicitly set, AppConfiguration
172
- # will handle configurations that don't have these explicitly set
173
- dir_name = File.basename(path)
174
+ # update configured values for name and cache_path for uniqueness.
175
+ # this is only needed when values are explicitly set, AppConfiguration
176
+ # will handle configurations that don't have these explicitly set
177
+ configs.each do |config|
178
+ dir_name = File.basename(config["source_path"])
174
179
  config["name"] = "#{config["name"]}-#{dir_name}" if config["name"]
175
180
 
176
181
  # if a cache_path is set and is not marked as shared, append the app name
@@ -178,9 +183,9 @@ module Licensed
178
183
  if config["cache_path"] && config["shared_cache"] != true
179
184
  config["cache_path"] = File.join(config["cache_path"], dir_name)
180
185
  end
181
-
182
- config
183
186
  end
187
+
188
+ configs
184
189
  end
185
190
 
186
191
  # Find a default configuration file in the given directory.
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
  module Licensed
3
- VERSION = "2.13.0".freeze
3
+ VERSION = "2.14.0".freeze
4
4
 
5
5
  def self.previous_major_versions
6
6
  major_version = Gem::Version.new(Licensed::VERSION).segments.first
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: licensed
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.13.0
4
+ version: 2.14.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - GitHub
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2020-09-24 00:00:00.000000000 Z
11
+ date: 2020-10-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: licensee