licensed 2.3.2 → 2.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 56c8ff31beb8493afcf2d724011bd55765767d01
-  data.tar.gz: 87146893755f09eedfa24d532eaae569d3f4cf9f
+  metadata.gz: 4578c64f9787f2894b6366165f1a1075f61ac7eb
+  data.tar.gz: 34ffddfaa1572948bce8bc116a5cfd093c685a13
 SHA512:
-  metadata.gz: caa53e7f93ec83fa18c4b3264339035b9478e3dfb6ac0b3a50d3d52b06037f03d3c3c8446765fe52a330cb8d21fa48f580439000b6e1c8c024c68c940d6b3969
-  data.tar.gz: 5894bef9cc7e7824a7adbe5a341bd244dcf45e7816a49c77aac49141a6b750c26d2fc160c7c36cc0439c3fb19603674e9ad3e0b71f0f2737dda3f8e4c9a72faf
+  metadata.gz: 0c9861f9d076050e389843122baeb96501f9a53e5252309576512e102fdef4f1dc7196593c66254e30a793c734a0127b53942215366a78e6f7444e04bffe9e27
+  data.tar.gz: 51880d49fca93099ee44997b2878c29d7ed25bc88d221439fcf73039a9728ee6079d0843fd90a615ffb21f6871ce9dadd310765c3a98799e13e81138630bf7fd

data/.github/workflows/release.yml

@@ -86,25 +86,33 @@ jobs:
     needs: [create_release]
 
     steps:
-    - uses: actions/download-artifact@master
+    - name: Download linux package
+      uses: actions/download-artifact@master
       with:
         name: licensed-${{github.event.ref}}-linux-x64.tar.gz
-    - uses: actions/download-artifact@master
+    - name: Download macOS package
+      uses: actions/download-artifact@master
       with:
         name: licensed-${{github.event.ref}}-darwin-x64.tar.gz
 
-    - name: Publish to GitHub Release
+    - name: Publish packages to GitHub Release
       uses: Roang-zero1/github-upload-release-artifacts-action@v2.0.0
       with:
         args: licensed-${{github.event.ref}}-linux-x64.tar.gz licensed-${{github.event.ref}}-darwin-x64.tar.gz
       env:
         GITHUB_TOKEN: ${{secrets.API_AUTH_TOKEN}}
 
-    - uses: actions/download-artifact@master
+    - name: Download gem
+      uses: actions/download-artifact@master
       with:
         name: licensed-${{github.event.ref}}.gem
+        
+    - name: Set up Ruby 2.6
+      uses: actions/setup-ruby@v1
+      with:
+        version: 2.6.x
 
-    - name: Publish to RubyGems
+    - name: Publish gem to RubyGems
       run: |
         mkdir -p $HOME/.gem
         touch $HOME/.gem/credentials

data/.github/workflows/test.yml

@@ -2,7 +2,10 @@ name: Test
 
 on: 
   push:
-    tags: !*
+    branches:
+    - "*"
+    tags:
+    - "!*"
 
 jobs:
   bower:
@@ -205,3 +208,25 @@ jobs:
       run: script/source-setup/pipenv
     - name: Run tests
       run: script/test pipenv
+
+  composer:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php: [ '5.6', '7.1', '7.2', '7.3' ]
+    steps:
+    - uses: actions/checkout@master
+    - name: Setup php
+      uses: nanasess/setup-php@v1.0.2
+      with:
+        php-version: ${{ matrix.php }}
+    - name: Set up Ruby
+      uses: actions/setup-ruby@v1
+      with:
+        version: 2.6.x
+    - name: Bootstrap
+      run: script/bootstrap
+    - name: Set up fixtures
+      run: script/source-setup/composer
+    - name: Run tests
+      run: script/test composer

data/.gitignore

@@ -26,6 +26,8 @@ test/fixtures/git_submodule/*
 test/fixtures/pip/venv
 test/fixtures/pipenv/Pipfile.lock
 !test/fixtures/migrations/**/*
+test/fixtures/composer/**/*
+!test/fixtures/composer/composer.json
 
 vendor/licenses
 .licenses

data/CHANGELOG.md

@@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 2.4.0
+2019-09-15
+
+### Added
+- Composer source for PHP (https://github.com/github/licensed/pull/182)
+
 ## 2.3.2
 2019-08-26
 
@@ -208,4 +214,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/2.3.2...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/2.4.0...HEAD

data/CONTRIBUTING.md

@@ -34,7 +34,7 @@ Pull requests that include a new dependency source must also
 - Include [documentation](docs/sources) for the new source and update the [documented source list](README.md#sources).
 - Add a [setup script](script/source-setup) if needed.
 - Include [tests](test/source) and [test fixtures](test/fixtures) needed to verify the source in CI.
-- Add a CI job to [.travis.yml](.travis.yml).
+- Add a CI job to [.github/workflows/test.yml](.github/workflows/test.yml).
 
 ## Releasing
 If you are the current maintainer of this gem:

data/README.md

@@ -79,16 +79,17 @@ See the [configuration file documentation](./docs/configuration.md) for more det
 ### Sources
 
 Dependencies will be automatically detected for all of the following sources by default.
-1. [Bower (bower)](./docs/sources/bower.md)
-2. [Bundler](./docs/sources/bundler.md)
-3. [Cabal (cabal)](./docs/sources/cabal.md)
-4. [Go (go)](./docs/sources/go.md)
-5. [Go Dep (dep)](./docs/sources/dep.md)
-6. [Manifest lists (manifests)](./docs/sources/manifests.md)
-7. [NPM (npm)](./docs/sources/npm.md)
-8. [Pip (pip)](./docs/sources/pip.md)
-9. [Pipenv (pipenv)](./docs/sources/pipenv.md)
-10. [Git Submodules (git_submodule)](./docs/sources/git_submodule.md)
+1. [Bower](./docs/sources/bower.md)
+1. [Bundler](./docs/sources/bundler.md)
+1. [Cabal](./docs/sources/cabal.md)
+1. [Composer](./docs/sources/composer.md)
+1. [Go](./docs/sources/go.md)
+1. [Go Dep (dep)](./docs/sources/dep.md)
+1. [Manifest lists (manifests)](./docs/sources/manifests.md)
+1. [NPM](./docs/sources/npm.md)
+1. [Pip](./docs/sources/pip.md)
+1. [Pipenv](./docs/sources/pipenv.md)
+1. [Git Submodules (git_submodule)](./docs/sources/git_submodule.md)
 
 You can disable any of them in the configuration file:
 

data/docs/sources/composer.md

@@ -0,0 +1,14 @@
+# Composer
+
+The composer source will detect dependencies when php is available, a `composer.lock` file is found at an apps `source_path`, and a composer application file is found.
+
+It enumerates dependencies and metadata by parsing `composer.lock` files for for dependency metadata and running `php <composer application file> show --format json --path` to obtain local dependency paths on disk.
+
+### Composer application file
+
+The default composer application file location is `<repository root>/composer.phar`.  To specify a custom composer file location, use the `composer.application_path` configuration setting.
+
+```yml
+composer:
+  application_path: "/path/to/composer"
+```

data/lib/licensed/sources.rb

@@ -5,6 +5,7 @@ module Licensed
     require "licensed/sources/bower"
     require "licensed/sources/bundler"
     require "licensed/sources/cabal"
+    require "licensed/sources/composer"
     require "licensed/sources/dep"
     require "licensed/sources/git_submodule"
     require "licensed/sources/go"

data/lib/licensed/sources/composer.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+require "json"
+
+module Licensed
+  module Sources
+    class Composer < Source
+      DEFAULT_COMPOSER_APPLICATON_PATH = "composer.phar"
+
+      def enabled?
+        return false unless Licensed::Shell.tool_available?("php")
+        File.exist?(composer_lock) && File.exist?(composer_application_path)
+      end
+
+      def enumerate_dependencies
+        packages.map do |package|
+          Dependency.new(
+            name: package["name"],
+            version: package["version"],
+            path: package_paths[package["name"]],
+            metadata: {
+              "type"     => Composer.type,
+              "name"     => package["name"],
+              "summary"  => package["description"],
+              "homepage" => package["homepage"]
+            }
+          )
+        end
+      end
+
+      def packages
+        JSON.parse(File.read(composer_lock))["packages"]
+      end
+
+      # Returns the output from running `php composer.phar` to get package metadata
+      def package_paths
+        return @package_paths if defined?(@package_paths)
+
+        @package_paths = begin
+          output = Licensed::Shell.execute("php", composer_application_path, "show", "--format", "json", "--path", allow_failure: true)
+          return {} if output.to_s.empty?
+
+          path_json = JSON.parse(output)
+          return {} unless path_json["installed"]
+
+          path_json["installed"].each_with_object({}) do |package, hsh|
+            hsh[package["name"]] = package["path"]
+          end
+        end
+      end
+
+      def composer_application_path
+        setting = @config.dig("composer", "application_path") || DEFAULT_COMPOSER_APPLICATON_PATH
+        File.expand_path(setting, @config.pwd)
+      end
+
+      def composer_lock
+        @config.pwd.join("composer.lock")
+      end
+    end
+  end
+end

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "2.3.2".freeze
+  VERSION = "2.4.0".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

data/script/source-setup/cabal

@@ -6,6 +6,8 @@ if [ -z "$(which cabal)" ]; then
   exit 127
 fi
 
+cabal --version
+
 # setup test fixtures
 BASE_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
 cd $BASE_PATH/test/fixtures/cabal
@@ -14,5 +16,4 @@ if [ "$1" == "-f" ]; then
   find . -not -regex "\.*" -and -not -path "*app*" -print0 | xargs -0 rm -rf
 fi
 
-cabal update
-cabal new-build
+cabal new-build || (cabal update && cabal install)

data/script/source-setup/composer

@@ -0,0 +1,38 @@
+#!/bin/bash
+set -e
+
+if [ -z "$(which php)" ]; then
+  echo "A local php installation is required for php development." >&2
+  exit 127
+fi
+
+# setup test fixtures
+BASE_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+cd $BASE_PATH/test/fixtures/composer
+
+if [ "$1" == "-f" ]; then
+  find . -not -regex "\.*" -and -not -name "composer\.json" -print0 | xargs -0 rm -rf
+fi
+
+if [ ! -f "composer.phar" ]; then
+  EXPECTED_SIGNATURE="$(curl -s https://composer.github.io/installer.sig)"
+  php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+  ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
+
+  if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]; then
+    >&2 echo 'ERROR: Invalid installer signature'
+    rm composer-setup.php
+    exit 1
+  fi
+
+  php composer-setup.php
+  RESULT=$?
+  rm composer-setup.php
+
+  if [ $RESULT -ne 0 ]; then
+    >&2 echo 'ERROR: composer.phar installation failed'
+    exit $RESULT
+  fi
+fi
+
+php composer.phar install

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 2.3.2
+  version: 2.4.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-08-28 00:00:00.000000000 Z
+date: 2019-09-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -198,7 +198,6 @@ files:
 - ".licensed.yml"
 - ".rubocop.yml"
 - ".ruby-version"
-- ".travis.yml"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
@@ -216,6 +215,7 @@ files:
 - docs/sources/bower.md
 - docs/sources/bundler.md
 - docs/sources/cabal.md
+- docs/sources/composer.md
 - docs/sources/dep.md
 - docs/sources/git_submodule.md
 - docs/sources/go.md
@@ -249,6 +249,7 @@ files:
 - lib/licensed/sources/bower.rb
 - lib/licensed/sources/bundler.rb
 - lib/licensed/sources/cabal.rb
+- lib/licensed/sources/composer.rb
 - lib/licensed/sources/dep.rb
 - lib/licensed/sources/git_submodule.rb
 - lib/licensed/sources/go.rb
@@ -273,6 +274,7 @@ files:
 - script/source-setup/bower
 - script/source-setup/bundler
 - script/source-setup/cabal
+- script/source-setup/composer
 - script/source-setup/git_submodule
 - script/source-setup/go
 - script/source-setup/npm

data/.travis.yml

@@ -1,126 +0,0 @@
-install: ./script/bootstrap
-
-matrix:
-  include:
-    # lint and build
-    - language: ruby
-      rvm: 2.4.0
-      script: bundle exec rake rubocop build
-      env: NAME="Lint and Build"
-
-    # non-source tests
-    - language: ruby
-      rvm: 2.4.0
-      script: ./script/test core
-      env: NAME="Core"
-
-    # go 1.7 tests
-    - language: go
-      go: "1.7.x"
-      before_script: ./script/source-setup/go
-      script: ./script/test go
-      env: NAME="go 1.7.x"
-
-    # go 1.10 tests
-    - language: go
-      go: "1.10.x"
-      before_script: ./script/source-setup/go
-      script: ./script/test go
-      env: NAME="go 1.10.x"
-
-    - language: go
-      go: "1.11.1"
-      before_script: ./script/source-setup/go
-      script: ./script/test go
-      env: NAME="go 1.11.1"
-
-    # dep tests
-    - language: go
-      go: "1.10.x"
-      before_script: ./script/source-setup/go
-      script: ./script/test dep
-      env: NAME="go dep"
-
-    # cabal tests
-    - language: haskell
-      ghc: "8.2"
-      before_script: ./script/source-setup/cabal
-      script: ./script/test cabal
-      env: NAME="cabal"
-
-    # npm tests
-    - language: node_js
-      node_js: "8"
-      before_script: ./script/source-setup/npm
-      script: ./script/test npm
-      env: NAME="npm 8"
-
-    - language: node_js
-      node_js: "10"
-      before_script: ./script/source-setup/npm
-      script: ./script/test npm
-      env: NAME="npm 10"
-
-    - language: node_js
-      node_js: "12"
-      before_script: ./script/source-setup/npm
-      script: ./script/test npm
-      env: NAME="npm 12"
-
-    # bower tests
-    - language: node_js
-      node_js: "8"
-      before_script:
-        - npm install -g bower
-        - ./script/source-setup/bower
-      script: ./script/test bower
-      env: NAME="bower"
-
-    # bundler tests
-    - language: ruby
-      rvm: 2.4.0
-      before_script: ./script/source-setup/bundler
-      script: ./script/test bundler
-      env: NAME="bundler"
-
-    # manifest tests
-    - language: ruby
-      rvm: 2.4.0
-      script: ./script/test manifest
-      env: NAME="manifest"
-
-    # python 2.7 tests
-    - language: python
-      python: 2.7
-      before_script: ./script/source-setup/pip
-      script: ./script/test pip
-      env: NAME="pip"
-
-    # python 3.6 tests
-    - language: python
-      python: 3.6
-      before_script: ./script/source-setup/pip
-      script: ./script/test pip
-      env: NAME="pip"
-
-    - language: python
-      python: 3.6
-      before_script:
-        - pip install pipenv
-        - ./script/source-setup/pipenv
-      script: ./script/test pipenv
-      env: NAME="pipenv"
-
-    - language: ruby
-      rvm: 2.4.0
-      before_script: ./script/source-setup/git_submodule
-      script: ./script/test git_submodule
-      env: NAME="git_submodule"
-
-    - language: java
-      before_script: ./test/fixtures/gradle/gradlew --quiet --version
-      script: ./script/test gradle
-      env: NAME="gradle"
-
-notifications:
-  disable: true