licensed 2.15.2 → 3.2.0

data/docs/sources/bundler.md

@@ -2,17 +2,7 @@
 
 The bundler source will detect dependencies `Gemfile` and `Gemfile.lock` files are found at an apps `source_path`.  The source uses the `Bundler` API to enumerate dependencies from `Gemfile` and `Gemfile.lock`.
 
-### Enumerating bundler dependencies when using the licensed executable
-
-**Note** this content only applies to running licensed from an executable.  It does not apply when using licensed as a gem.
-
-_It is required that the ruby runtime is available when running the licensed executable._
-
-The licensed executable contains and runs a version of ruby.  When using the Bundler APIs, a mismatch between the version of ruby built into the licensed executable and the version of licensed used during `bundle install` can occur.  This mismatch can lead to licensed raising errors due to not finding dependencies.
-
-For example, if `bundle install` was run with ruby 2.5.0 then the bundler specification path would be `<bundle path>/ruby/2.5.0/specifications`.  However, if the licensed executable contains ruby 2.4.0, then licensed will be looking for specifications at `<bundle path>/ruby/2.4.0/specifications`.  That path may not exist, or it may contain invalid or stale content.
-
-To prevent confusion, licensed uses the local ruby runtime to determine the ruby version for local gems during `bundle install`.  If bundler is also available, then the ruby command will be run from a `bundle exec` context.
+**Note** The bundler source cannot be used when running the [packaged licensed executable](../packaging.md)
 
 ### Excluding gem groups
 

data/docs/sources/swift.md

@@ -0,0 +1,4 @@
+# Swift
+
+The Swift source uses `swift package` subcommands
+to enumerate dependencies and properties.

data/lib/licensed.rb

@@ -6,6 +6,7 @@ require "licensed/dependency"
 require "licensed/git"
 require "licensed/sources"
 require "licensed/configuration"
+require "licensed/report"
 require "licensed/reporters"
 require "licensed/commands"
 require "licensed/ui/shell"

data/lib/licensed/cli.rb

@@ -20,12 +20,12 @@ module Licensed
     end
 
     desc "status", "Check status of dependencies' cached licenses"
-    method_option :format, enum: ["yaml", "json"],
-      desc: "Output format"
     method_option :config, aliases: "-c", type: :string,
       desc: "Path to licensed configuration file"
     method_option :sources, aliases: "-s", type: :array,
       desc: "Individual source(s) to evaluate.  Must also be enabled via configuration."
+    method_option :format, aliases: "-f", enum: ["yaml", "json"],
+      desc: "Output format"
     def status
       run Licensed::Commands::Status.new(config: config), sources: options[:sources], reporter: options[:format]
     end
@@ -74,11 +74,14 @@ module Licensed
     method_option :from, aliases: "-f", type: :string, required: true,
       desc: "Licensed version to migrate from - #{Licensed.previous_major_versions.map { |major| "v#{major}" }.join(", ")}"
     def migrate
+      shell = Thor::Base.shell.new
       case options["from"]
       when "v1"
         Licensed::Migrations::V2.migrate(options["config"])
+      when "v2"
+        shell.say "No configuration or cached file migration needed."
+        shell.say "Please see the documentation at https://github.com/github/licensed/tree/master/docs/migrations/v3.md for details."
       else
-        shell = Thor::Base.shell.new
         shell.say "Unrecognized option from=#{options["from"]}", :red
         CLI.command_help(shell, "migrate")
         exit 1

data/lib/licensed/commands/cache.rb

@@ -11,6 +11,8 @@ module Licensed
         Licensed::Reporters::CacheReporter.new
       end
 
+      protected
+
       # Run the command.
       # Removes any cached records that don't match a current application
       # dependency.
@@ -18,20 +20,15 @@ module Licensed
       # options - Options to run the command with
       #
       # Returns whether the command was a success
-      def run(**options)
-        begin
-          result = super
+      def run_command(report)
+        super do |result|
           clear_stale_cached_records if result
-
-          result
-        ensure
-          cache_paths.clear
-          files.clear
         end
+      ensure
+        cache_paths.clear
+        files.clear
       end
 
-      protected
-
       # Run the command for all enumerated dependencies found in a dependency source,
       # recording results in a report.
       # Enumerating dependencies in the source is skipped if a :sources option
@@ -41,17 +38,12 @@ module Licensed
       # source - A dependency source enumerator
       #
       # Returns whether the command succeeded for the dependency source enumerator
-      def run_source(app, source)
-        super do |report|
-          if Array(options[:sources]).any? && !options[:sources].include?(source.class.type)
-            report.warnings << "skipped source"
-            next :skip
-          end
+      def run_source(app, source, report)
+        # add the full cache path to the list of cache paths
+        # that should be cleaned up after the command run
+        cache_paths << app.cache_path.join(source.class.type)
 
-          # add the full cache path to the list of cache paths
-          # that should be cleaned up after the command run
-          cache_paths << app.cache_path.join(source.class.type)
-        end
+        super
       end
 
       # Cache dependency record data.
@@ -70,6 +62,12 @@ module Licensed
 
         filename = app.cache_path.join(source.class.type, "#{dependency.name}.#{DependencyRecord::EXTENSION}")
         cached_record = Licensed::DependencyRecord.read(filename)
+
+        report["cached"] = false
+        report["license"] = cached_record["license"] if cached_record
+        report["filename"] = filename.to_s
+        report["version"] = dependency.version
+
         if options[:force] || save_dependency_record?(dependency, cached_record)
           if dependency.record.matches?(cached_record)
             # use the cached license value if the license text wasn't updated
@@ -82,6 +80,7 @@ module Licensed
 
           dependency.record.save(filename)
           report["cached"] = true
+          report["license"] = dependency.record["license"]
         end
 
         if !dependency.exist?

data/lib/licensed/commands/command.rb

@@ -18,23 +18,12 @@ module Licensed
       def run(**options)
         @options = options
         @reporter = create_reporter(options)
-        begin
-          result = reporter.report_run(self) do |report|
-            # allow additional report data to be given by commands
-            if block_given?
-              next true if (yield report) == :skip
-            end
-
-            config.apps.sort_by { |app| app["name"] }
-                       .map { |app| run_app(app) }
-                       .all?
-          end
-        ensure
-          @options = nil
-          @reporter = nil
-        end
 
-        result
+        command_report = Licensed::Report.new(name: nil, target: self)
+        run_command(command_report)
+      ensure
+        @options = nil
+        @reporter = nil
       end
 
       # Creates a reporter to use during a command run
@@ -64,36 +53,65 @@ module Licensed
 
       protected
 
+      # Run the command for all application configurations
+      #
+      # report - A Licensed::Report object for this command
+      #
+      # Returns whether the command succeeded
+      def run_command(report)
+        reporter.begin_report_command(self, report)
+        apps = config.apps.sort_by { |app| app["name"] }
+        results = apps.map do |app|
+          app_report = Licensed::Report.new(name: app["name"], target: app)
+          report.reports << app_report
+          run_app(app, app_report)
+        end
+
+        result = results.all?
+
+        yield(result) if block_given?
+
+        result
+      ensure
+        reporter.end_report_command(self, report)
+      end
+
       # Run the command for all enabled sources for an application configuration,
       # recording results in a report.
       #
       # app - An application configuration
+      # report - A report object for this application
       #
       # Returns whether the command succeeded for the application.
-      def run_app(app)
-        reporter.report_app(app) do |report|
-          # ensure the app source path exists before evaluation
-          if !Dir.exist?(app.source_path)
-            report.errors << "No such directory #{app.source_path}"
-            next false
-          end
+      def run_app(app, report)
+        reporter.begin_report_app(app, report)
 
-          Dir.chdir app.source_path do
-            begin
-              # allow additional report data to be given by commands
-              if block_given?
-                next true if (yield report) == :skip
-              end
-
-              app.sources.select(&:enabled?)
-                         .sort_by { |source| source.class.type }
-                         .map { |source| run_source(app, source) }.all?
-            rescue Licensed::Shell::Error => err
-              report.errors << err.message
-              false
-            end
+        # ensure the app source path exists before evaluation
+        if !Dir.exist?(app.source_path)
+          report.errors << "No such directory #{app.source_path}"
+          return false
+        end
+
+        Dir.chdir app.source_path do
+          sources = app.sources.select(&:enabled?)
+                               .sort_by { |source| source.class.type }
+          results = sources.map do |source|
+            source_report = Licensed::Report.new(name: [report.name, source.class.type].join("."), target: source)
+            report.reports << source_report
+            run_source(app, source, source_report)
           end
+
+          result = results.all?
+
+          yield(result) if block_given?
+
+          result
         end
+      rescue Licensed::Shell::Error => err
+        report.errors << err.message
+        false
+      ensure
+        reporter.end_report_app(app, report)
       end
 
       # Run the command for all enumerated dependencies found in a dependency source,
@@ -101,27 +119,37 @@ module Licensed
       #
       # app - The application configuration for the source
       # source - A dependency source enumerator
+      # report - A report object for this source
       #
       # Returns whether the command succeeded for the dependency source enumerator
-      def run_source(app, source)
-        reporter.report_source(source) do |report|
-          begin
-            # allow additional report data to be given by commands
-            if block_given?
-              next true if (yield report) == :skip
-            end
-
-            source.dependencies.sort_by { |dependency| dependency.name }
-                               .map { |dependency| run_dependency(app, source, dependency) }
-                               .all?
-          rescue Licensed::Shell::Error => err
-            report.errors << err.message
-            false
-          rescue Licensed::Sources::Source::Error => err
-            report.errors << err.message
-            false
-          end
+      def run_source(app, source, report)
+        reporter.begin_report_source(source, report)
+
+        if !sources_overrides.empty? && !sources_overrides.include?(source.class.type)
+          report.warnings << "skipped source"
+          return true
         end
+
+        dependencies = source.dependencies.sort_by { |dependency| dependency.name }
+        results = dependencies.map do |dependency|
+          dependency_report = Licensed::Report.new(name: [report.name, dependency.name].join("."), target: dependency)
+          report.reports << dependency_report
+          run_dependency(app, source, dependency, dependency_report)
+        end
+
+        result = results.all?
+
+        yield(result) if block_given?
+
+        result
+      rescue Licensed::Shell::Error => err
+        report.errors << err.message
+        false
+      rescue Licensed::Sources::Source::Error => err
+        report.errors << err.message
+        false
+      ensure
+        reporter.end_report_source(source, report)
       end
 
       # Run the command for a dependency, evaluating the dependency and
@@ -131,27 +159,27 @@ module Licensed
       # app - The application configuration for the dependency
       # source - The dependency source enumerator for the dependency
       # dependency - An application dependency
+      # report - A report object for this dependency
       #
       # Returns whether the command succeeded for the dependency
-      def run_dependency(app, source, dependency)
-        reporter.report_dependency(dependency) do |report|
-          if dependency.errors?
-            report.errors.concat(dependency.errors)
-            return false
-          end
+      def run_dependency(app, source, dependency, report)
+        reporter.begin_report_dependency(dependency, report)
 
-          begin
-            # allow additional report data to be given by commands
-            if block_given?
-              next true if (yield report) == :skip
-            end
-
-            evaluate_dependency(app, source, dependency, report)
-          rescue Licensed::DependencyRecord::Error, Licensed::Shell::Error => err
-            report.errors << err.message
-            false
-          end
+        if dependency.errors?
+          report.errors.concat(dependency.errors)
+          return false
         end
+
+        result = evaluate_dependency(app, source, dependency, report)
+
+        yield(result) if block_given?
+
+        result
+      rescue Licensed::DependencyRecord::Error, Licensed::Shell::Error => err
+        report.errors << err.message
+        false
+      ensure
+        reporter.end_report_dependency(dependency, report)
       end
 
       # Evaluate a dependency for the command.  Must be implemented by a command implementation.
@@ -165,6 +193,10 @@ module Licensed
       def evaluate_dependency(app, source, dependency, report)
         raise "`evaluate_dependency` must be implemented by a command"
       end
+
+      def sources_overrides
+        @sources_overrides = Array(options[:sources])
+      end
     end
   end
 end

data/lib/licensed/commands/environment.rb

@@ -29,12 +29,6 @@ module Licensed
         end
       end
 
-      def run(**options)
-        super do |report|
-          report["git_repo"] = Licensed::Git.git_repo?
-        end
-      end
-
       # Returns the default reporter to use during the command run
       #
       # options - The options the command was run with
@@ -46,11 +40,18 @@ module Licensed
 
       protected
 
-      def run_app(app)
-        reporter.report_app(app) do |report|
-          report.merge! AppEnvironment.new(app).to_h
-          true
-        end
+      def run_command(report)
+        report["git_repo"] = Licensed::Git.git_repo?
+        super
+      end
+
+      def run_app(app, report)
+        report.merge! AppEnvironment.new(app).to_h
+        super
+      end
+
+      def run_source(app, source, report)
+        true
       end
     end
   end

data/lib/licensed/commands/list.rb

@@ -13,25 +13,6 @@ module Licensed
 
       protected
 
-      # Run the command for all enumerated dependencies found in a dependency source,
-      # recording results in a report.
-      # Enumerating dependencies in the source is skipped if a :sources option
-      # is provided and the evaluated `source.class.type` is not in the :sources values
-      #
-      # app - The application configuration for the source
-      # source - A dependency source enumerator
-      #
-      # Returns whether the command succeeded for the dependency source enumerator
-      def run_source(app, source)
-        super do |report|
-          next if Array(options[:sources]).empty?
-          next if options[:sources].include?(source.class.type)
-
-          report.warnings << "skipped source"
-          :skip
-        end
-      end
-
       # Listing dependencies requires no extra work.
       #
       # app - The application configuration for the dependency

data/lib/licensed/commands/notices.rb

@@ -13,25 +13,6 @@ module Licensed
 
       protected
 
-      # Run the command for all enumerated dependencies found in a dependency source,
-      # recording results in a report.
-      # Enumerating dependencies in the source is skipped if a :sources option
-      # is provided and the evaluated `source.class.type` is not in the :sources values
-      #
-      # app - The application configuration for the source
-      # source - A dependency source enumerator
-      #
-      # Returns whether the command succeeded for the dependency source enumerator
-      def run_source(app, source)
-        super do |report|
-          next if Array(options[:sources]).empty?
-          next if options[:sources].include?(source.class.type)
-
-          report.warnings << "skipped source"
-          :skip
-        end
-      end
-
       # Load stored dependency record data to add to the notices report.
       #
       # app - The application configuration for the dependency