licensed 2.4.0 → 2.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4578c64f9787f2894b6366165f1a1075f61ac7eb
-  data.tar.gz: 34ffddfaa1572948bce8bc116a5cfd093c685a13
+  metadata.gz: 45476f98c8dd054a36758218f6337826e90b1112
+  data.tar.gz: e040ac55ae8dbd3b7dd498318b8046a271c58832
 SHA512:
-  metadata.gz: 0c9861f9d076050e389843122baeb96501f9a53e5252309576512e102fdef4f1dc7196593c66254e30a793c734a0127b53942215366a78e6f7444e04bffe9e27
-  data.tar.gz: 51880d49fca93099ee44997b2878c29d7ed25bc88d221439fcf73039a9728ee6079d0843fd90a615ffb21f6871ce9dadd310765c3a98799e13e81138630bf7fd
+  metadata.gz: 6773ae7dc4f41afd8f0597c11e3ea4bda59c10de44654c9fd9b6b91bce6f2a0b0b092ecccb95dc39ce6da5678736672d6fb3fa9b48b47bf82eb1758cecc91297
+  data.tar.gz: 80c82cfccb88980bc3b1b04da520e740683bb18d52cc3dcc5e60801e529f5c926d64c9df80a24dfc431e4ff2271a4fef67389b7bf4b9779edd7aeb739d015036

data/.github/workflows/release.yml

@@ -28,7 +28,7 @@ jobs:
 
     - uses: actions/upload-artifact@master
       with:
-        name: licensed-${{github.event.ref}}-linux-x64.tar.gz
+        name: ${{github.event.ref}}-linux
         path: pkg/${{github.event.ref}}/licensed-${{github.event.ref}}-linux-x64.tar.gz
 
   package_mac:
@@ -49,28 +49,28 @@ jobs:
 
     - uses: actions/upload-artifact@master
       with:
-        name: licensed-${{github.event.ref}}-darwin-x64.tar.gz
+        name: ${{github.event.ref}}-darwin
         path: pkg/${{github.event.ref}}/licensed-${{github.event.ref}}-darwin-x64.tar.gz
-        
+
   build_gem:
     runs-on: ubuntu-latest
     needs: tag_filter
-    
+
     steps:
     - uses: actions/checkout@master
     - name: Set up Ruby 2.6
       uses: actions/setup-ruby@v1
       with:
         version: 2.6.x
-    
+
     - name: Build gem
       run: gem build *.gemspec
-    
+
     - uses: actions/upload-artifact@master
       with:
-        name: licensed-${{github.event.ref}}.gem
+        name: ${{github.event.ref}}-gem
         path: licensed-${{github.event.ref}}.gem
-  
+
   create_release:
     runs-on: ubuntu-latest
     needs: [package_linux, package_mac, build_gem]
@@ -86,38 +86,40 @@ jobs:
     needs: [create_release]
 
     steps:
+    - name: Set up Ruby 2.6
+      uses: actions/setup-ruby@v1
+      with:
+        version: 2.6.x
+
     - name: Download linux package
       uses: actions/download-artifact@master
       with:
-        name: licensed-${{github.event.ref}}-linux-x64.tar.gz
+        name: ${{github.event.ref}}-linux
+
     - name: Download macOS package
       uses: actions/download-artifact@master
       with:
-        name: licensed-${{github.event.ref}}-darwin-x64.tar.gz
+        name: ${{github.event.ref}}-darwin
+
+    - name: Download gem
+      uses: actions/download-artifact@master
+      with:
+        name: ${{github.event.ref}}-gem
 
     - name: Publish packages to GitHub Release
       uses: Roang-zero1/github-upload-release-artifacts-action@v2.0.0
       with:
-        args: licensed-${{github.event.ref}}-linux-x64.tar.gz licensed-${{github.event.ref}}-darwin-x64.tar.gz
+        args: ${{github.event.ref}}-linux ${{github.event.ref}}-darwin
       env:
         GITHUB_TOKEN: ${{secrets.API_AUTH_TOKEN}}
 
-    - name: Download gem
-      uses: actions/download-artifact@master
-      with:
-        name: licensed-${{github.event.ref}}.gem
-        
-    - name: Set up Ruby 2.6
-      uses: actions/setup-ruby@v1
-      with:
-        version: 2.6.x
-
     - name: Publish gem to RubyGems
       run: |
         mkdir -p $HOME/.gem
         touch $HOME/.gem/credentials
         chmod 0600 $HOME/.gem/credentials
         printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
-        gem push *.gem
+        gem push "$GEM"
       env:
         GEM_HOST_API_KEY: ${{secrets.RUBYGEMS_AUTH_TOKEN}}
+        GEM: ${{github.event.ref}}-gem/*.gem

data/CHANGELOG.md

@@ -6,6 +6,15 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 2.5.0
+2019-09-26
+
+### Added
+- `env` command to output application environment configuration (https://github.com/github/licensed/pull/187, https://github.com/github/licensed/pull/191)
+
+### Changed
+- `status` command will pass if multiple allowed licenses are found (https://github.com/github/licensed/pull/188)
+
 ## 2.4.0
 2019-09-15
 
@@ -214,4 +223,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/2.4.0...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/2.5.0...HEAD

data/README.md

@@ -8,7 +8,7 @@ Licensed is **not** a complete open source license compliance solution. Please u
 
 ## Current Status
 
-[![Build Status](https://travis-ci.org/github/licensed.svg?branch=master)](https://travis-ci.org/github/licensed)
+![Build status](https://github.com/github/licensed/workflows/Test/badge.svg)
 
 Licensed is in active development and currently used at GitHub.  See the [open issues](https://github.com/github/licensed/issues) for a list of potential work.
 

data/docs/commands.md

@@ -25,8 +25,15 @@ The status command finds all dependencies and checks whether each dependency has
 A dependency will fail the status checks if:
 1. No cached record is found
 2. The cached record's version is different than the current dependency's version
-3. The cached record doesn't contain any license text
+3. The cached record's `licenses` data is empty
 4. The cached record's `license` metadata doesn't match an `allowed` license from the dependency's application configuration.
+   - If `license: other` is specified and all of the `licenses` entries match an `allowed` license a failure will not be logged
+
+## `env`
+
+Prints the runtime environment used by licensed after loading a configuration file.  By default the output is in YAML format, but can be output in JSON using the `--json` flag.
+
+The output will not be equivalent to configuration input.  For example, all paths will be
 
 ## `version`
 
@@ -41,7 +48,7 @@ Licensed commands inherit and override the [`Licensed::Sources::Command`](../lib
 #### Required method overrides
 1. `Licensed::Commands::Command#evaluate_dependency`
    - Runs a command execution on an application dependency.
-   
+
 The `evaluate_dependency` method should contain the specific command logic.  This method has access to the application configuration, dependency source enumerator and dependency currently being evaluated as well as a reporting hash to contain information about the command execution.
 
 #### Optional method overrides
@@ -59,23 +66,14 @@ The following methods break apart the different levels of command execution.  Ea
 
 As an example, `Licensed::Commands::Command#run_app` calls `Reporter#report_app` to wrap every call to `Licensed::Commands::Command#run_source`.
 
-##### Overriding optional methods
+##### Specifying additional report data
 
-The `run` methods can be overridden to provide additional reporting data or functionality.  Overriding a method should call the original method with a block for the additional logic.
+The `run` methods can be overridden and pass a block to `super` to provide additional reporting data or functionality.
 
 ```ruby
 def run_app(app)
   super do |report|
-    result = yield report
-    
-    # do other thing
-    call_additional_functionality(app)
-    
-    # add reporting information
-    report["result"] = result
-    
-    # return the result
-    result
+    report["my_app_data"] = true
   end
 end
 ```

data/lib/licensed/cli.rb

@@ -35,6 +35,15 @@ module Licensed
       puts Licensed::VERSION
     end
 
+    desc "env", "Output licensed environment configuration"
+    method_option :format, enum: ["yaml", "json"], default: "yaml",
+      desc: "Output format"
+    method_option :config, aliases: "-c", type: :string,
+      desc: "Path to licensed configuration file"
+    def env
+      run Licensed::Commands::Environment.new(config: config), format: options[:format]
+    end
+
     desc "migrate", "Migrate from a previous version of licensed"
     method_option :config, aliases: "-c", type: :string, required: true,
       desc: "Path to licensed configuration file"

data/lib/licensed/commands.rb

@@ -5,5 +5,6 @@ module Licensed
     require "licensed/commands/cache"
     require "licensed/commands/status"
     require "licensed/commands/list"
+    require "licensed/commands/environment"
   end
 end

data/lib/licensed/commands/cache.rb

@@ -2,8 +2,13 @@
 module Licensed
   module Commands
     class Cache < Command
-      def initialize(config:, reporter: Licensed::Reporters::CacheReporter.new)
-        super(config: config, reporter: reporter)
+      # Create a reporter to use during a command run
+      #
+      # options - The options the command was run with
+      #
+      # Raises a Licensed::Reporters::CacheReporter
+      def create_reporter(options)
+        Licensed::Reporters::CacheReporter.new
       end
 
       protected

data/lib/licensed/commands/command.rb

@@ -6,9 +6,8 @@ module Licensed
       attr_reader :reporter
       attr_reader :options
 
-      def initialize(config:, reporter:)
+      def initialize(config:)
         @config = config
-        @reporter = reporter
       end
 
       # Run the command
@@ -18,19 +17,33 @@ module Licensed
       # Returns whether the command was a success
       def run(**options)
         @options = options
+        @reporter = create_reporter(options)
         begin
-          result = reporter.report_run(self) do
+          result = reporter.report_run(self) do |report|
+            # allow additional report data to be given by commands
+            yield report if block_given?
+
             config.apps.sort_by { |app| app["name"] }
                        .map { |app| run_app(app) }
                        .all?
           end
         ensure
           @options = nil
+          @reporter = nil
         end
 
         result
       end
 
+      # Create a reporter to use during a command run
+      #
+      # options - The options the command was run with
+      #
+      # Raises an error
+      def create_reporter(options)
+        raise "`create_reporter` must be implemented by commands"
+      end
+
       protected
 
       # Run the command for all enabled sources for an application configuration,
@@ -43,6 +56,9 @@ module Licensed
         reporter.report_app(app) do |report|
           Dir.chdir app.source_path do
             begin
+              # allow additional report data to be given by commands
+              yield report if block_given?
+
               app.sources.select(&:enabled?)
                          .sort_by { |source| source.class.type }
                          .map { |source| run_source(app, source) }.all?
@@ -64,6 +80,9 @@ module Licensed
       def run_source(app, source)
         reporter.report_source(source) do |report|
           begin
+            # allow additional report data to be given by commands
+            yield report if block_given?
+
             source.dependencies.sort_by { |dependency| dependency.name }
                                .map { |dependency| run_dependency(app, source, dependency) }
                                .all?
@@ -94,6 +113,9 @@ module Licensed
           end
 
           begin
+            # allow additional report data to be given by commands
+            yield report if block_given?
+
             evaluate_dependency(app, source, dependency, report)
           rescue Licensed::Shell::Error => err
             report.errors << err.message

data/lib/licensed/commands/environment.rb

@@ -0,0 +1,57 @@
+# frozen_string_literal: true
+module Licensed
+  module Commands
+    class Environment < Command
+      class AppEnvironment
+        include Licensed::Sources::ContentVersioning
+
+        attr_reader :config
+        def initialize(config)
+          @config = config
+        end
+
+        def enabled_source_types
+          config.sources.select { |s| s.enabled? }.map { |s| s.class.type }
+        end
+
+        def to_h
+          {
+            "name" => config["name"],
+            "source_path" => config.source_path,
+            "cache_path" => config.cache_path,
+            "sources" => enabled_source_types,
+            "allowed" => config["allowed"],
+            "ignored" => config["ignored"],
+            "reviewed" => config["reviewed"],
+            "version_strategy" => self.version_strategy
+          }
+        end
+      end
+
+      def run(**options)
+        super do |report|
+          report["root"] = config.root
+          report["git_repo"] = Licensed::Git.git_repo?
+        end
+      end
+
+      def create_reporter(options)
+        case options[:format]
+        when "json"
+          Licensed::Reporters::JsonReporter.new
+        else
+          Licensed::Reporters::YamlReporter.new
+        end
+      end
+
+      protected
+
+      def run_app(app)
+        reporter.report_app(app) do |report|
+          report.merge! AppEnvironment.new(app).to_h
+          true
+        end
+      end
+    end
+  end
+end

data/lib/licensed/commands/list.rb

@@ -2,8 +2,13 @@
 module Licensed
   module Commands
     class List < Command
-      def initialize(config:, reporter: Licensed::Reporters::ListReporter.new)
-        super(config: config, reporter: reporter)
+      # Create a reporter to use during a command run
+      #
+      # options - The options the command was run with
+      #
+      # Returns a Licensed::Reporters::ListReporter
+      def create_reporter(options)
+        Licensed::Reporters::ListReporter.new
       end
 
       protected

data/lib/licensed/commands/status.rb

@@ -4,8 +4,13 @@ require "yaml"
 module Licensed
   module Commands
     class Status < Command
-      def initialize(config:, reporter: Licensed::Reporters::StatusReporter.new)
-        super(config: config, reporter: reporter)
+      # Create a reporter to use during a command run
+      #
+      # options - The options the command was run with
+      #
+      # Returns a Licensed::Reporters::StatusReporter
+      def create_reporter(options)
+        Licensed::Reporters::StatusReporter.new
       end
 
       protected
@@ -30,20 +35,52 @@ module Licensed
         else
           report.errors << "cached dependency record out of date" if cached_record["version"] != dependency.version
           report.errors << "missing license text" if cached_record.licenses.empty?
-          report.errors << "license needs review: #{cached_record["license"]}" unless allowed_or_reviewed?(app, cached_record)
+          report.errors << "license needs review: #{cached_record["license"]}" if license_needs_review?(app, cached_record)
         end
 
         report.errors.empty?
       end
 
-      def allowed_or_reviewed?(app, dependency)
-        app.allowed?(dependency) || app.reviewed?(dependency)
+      # Returns true if a cached record needs further review based on the
+      # record's license(s) and the app's configuration
+      def license_needs_review?(app, cached_record)
+        # review is not needed if the record is set as reviewed
+        return false if app.reviewed?(cached_record)
+        # review is not needed if the top level license is allowed
+        return false if app.allowed?(cached_record["license"])
+
+        # the remaining checks are meant to allow records marked as "other"
+        # that have multiple licenses, all of which are allowed
+
+        # review is needed for non-"other" licenses
+        return true unless cached_record["license"] == "other"
+
+        licenses = cached_record.licenses.map { |license| license_from_text(license.text) }
+
+        # review is needed when there is only one license notice
+        # this is a performance optimization for the single license case
+        return true unless licenses.length > 1
+
+        # review is needed if any license notices don't represent an allowed license
+        licenses.any? { |license| !app.allowed?(license) }
       end
 
       def cached_record(filename)
         return nil unless File.exist?(filename)
         DependencyRecord.read(filename)
       end
+
+      # Returns a license key based on the content from a cached records `licenses`
+      # entry content
+      def license_from_text(text)
+        licenses = [
+          Licensee::ProjectFiles::LicenseFile.new(text).license&.key,
+          Licensee::ProjectFiles::ReadmeFile.new(text).license&.key,
+          "other"
+        ].compact
+
+        licenses.sort_by { |license| license != "other" ? 0 : 1 }.first
+      end
     end
   end
 end

data/lib/licensed/configuration.rb

@@ -79,8 +79,8 @@ module Licensed
     end
 
     # Is the license of the dependency allowed?
-    def allowed?(dependency)
-      Array(self["allowed"]).include?(dependency["license"])
+    def allowed?(license)
+      Array(self["allowed"]).include?(license)
     end
 
     # Ignore a dependency

data/lib/licensed/dependency_record.rb

@@ -5,6 +5,28 @@ require "licensee"
 
 module Licensed
   class DependencyRecord
+    class License
+      attr_reader :text, :sources
+      def initialize(content)
+        @sources = []
+
+        if content.is_a?(String)
+          @text = content.to_s
+        elsif content.respond_to?(:[])
+          @sources.concat content["sources"].to_s.split(", ")
+          @text = content["text"]
+        end
+      end
+
+      def to_cache
+        return text if sources.empty?
+        {
+          "sources" => sources.join(", "),
+          "text" => text
+        }
+      end
+    end
+
     include Licensee::ContentHelper
     extend Forwardable
 
@@ -36,7 +58,7 @@ module Licensed
     # notices - a string, or array of strings, representing the content of each legal notice
     # metadata - a Hash of the metadata for the package
     def initialize(licenses: [], notices: [], metadata: {})
-      @licenses = [licenses].flatten.compact
+      @licenses = [licenses].flatten.compact.map { |l| DependencyRecord::License.new(l) }
       @notices = [notices].flatten.compact
       @metadata = metadata
     end
@@ -46,7 +68,7 @@ module Licensed
     # filename - The destination file to save record contents at
     def save(filename)
       data_to_save = @metadata.merge({
-        "licenses" => licenses,
+        "licenses" => licenses.map(&:to_cache),
         "notices" => notices
       })
 
@@ -58,13 +80,7 @@ module Licensed
     # `Licensee::CotentHelper`
     def content
       return if licenses.nil? || licenses.empty?
-      licenses.map do |license|
-        if license.is_a?(String)
-          license
-        elsif license.respond_to?(:[])
-          license["text"]
-        end
-      end.join
+      licenses.map(&:text).compact.join
     end
 
     # Returns whether two records match based on their contents

data/lib/licensed/reporters.rb

@@ -5,5 +5,7 @@ module Licensed
     require "licensed/reporters/cache_reporter"
     require "licensed/reporters/status_reporter"
     require "licensed/reporters/list_reporter"
+    require "licensed/reporters/json_reporter"
+    require "licensed/reporters/yaml_reporter"
   end
 end

data/lib/licensed/reporters/json_reporter.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+require "json"
+
+module Licensed
+  module Reporters
+    class JsonReporter < Reporter
+      def report_run(command)
+        super do |report|
+          result = yield report
+
+          report["apps"] = report.reports.map(&:to_h) if report.reports.any?
+          shell.info JSON.pretty_generate(report.to_h)
+
+          result
+        end
+      end
+
+      def report_app(app)
+        super do |report|
+          result = yield report
+          report["sources"] = report.reports.map(&:to_h) if report.reports.any?
+          result
+        end
+      end
+
+      def report_source(source)
+        super do |report|
+          result = yield report
+          report["dependencies"] = report.reports.map(&:to_h) if report.reports.any?
+          result
+        end
+      end
+    end
+  end
+end

data/lib/licensed/reporters/reporter.rb

@@ -28,6 +28,19 @@ module Licensed
           result << self
           result.push(*reports.flat_map(&:all_reports))
         end
+
+        # Returns the data from the report as a hash
+        def to_h
+          # add name, errors and warnings if they have real data
+          output = {}
+          output["name"] = name unless name.to_s.empty?
+          output["errors"] = errors.dup if errors.any?
+          output["warnings"] = warnings.dup if warnings.any?
+
+          # merge the hash data from the report.  command-specified data always
+          # overwrites local data
+          output.merge(super)
+        end
       end
 
       class ReportingError < StandardError; end;

data/lib/licensed/reporters/yaml_reporter.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+module Licensed
+  module Reporters
+    class YamlReporter < Reporter
+      def report_run(command)
+        super do |report|
+          result = yield report
+
+          report["apps"] = report.reports.map(&:to_h) if report.reports.any?
+          shell.info sanitize(report.to_h).to_yaml
+
+          result
+        end
+      end
+
+      def report_app(app)
+        super do |report|
+          result = yield report
+          report["sources"] = report.reports.map(&:to_h) if report.reports.any?
+          result
+        end
+      end
+
+      def report_source(source)
+        super do |report|
+          result = yield report
+          report["dependencies"] = report.reports.map(&:to_h) if report.reports.any?
+          result
+        end
+      end
+
+      def sanitize(object)
+        case object
+        when String, TrueClass, FalseClass, Numeric
+          object
+        when Array
+          object.compact.map { |item| sanitize(item) }
+        when Hash
+          object.reject { |_, v| v.nil? }
+                .map { |k, v| [k.to_s, sanitize(v)] }
+                .to_h
+        else
+          object.to_s
+        end
+      end
+    end
+  end
+end

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "2.4.0".freeze
+  VERSION = "2.5.0".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

data/licensed.gemspec

@@ -36,4 +36,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rubocop", "~> 0.49", "< 0.67"
   spec.add_development_dependency "rubocop-github", "~> 0.6"
   spec.add_development_dependency "byebug", "~> 10.0.0"
+  spec.add_development_dependency "spy",  "~> 1.0.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 2.4.0
+  version: 2.5.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-09-15 00:00:00.000000000 Z
+date: 2019-09-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -184,6 +184,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 10.0.0
+- !ruby/object:Gem::Dependency
+  name: spy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.0
 description: Licensed automates extracting and validating the licenses of dependencies.
 email:
 - opensource+licensed@github.com
@@ -231,6 +245,7 @@ files:
 - lib/licensed/commands.rb
 - lib/licensed/commands/cache.rb
 - lib/licensed/commands/command.rb
+- lib/licensed/commands/environment.rb
 - lib/licensed/commands/list.rb
 - lib/licensed/commands/status.rb
 - lib/licensed/configuration.rb
@@ -241,9 +256,11 @@ files:
 - lib/licensed/migrations/v2.rb
 - lib/licensed/reporters.rb
 - lib/licensed/reporters/cache_reporter.rb
+- lib/licensed/reporters/json_reporter.rb
 - lib/licensed/reporters/list_reporter.rb
 - lib/licensed/reporters/reporter.rb
 - lib/licensed/reporters/status_reporter.rb
+- lib/licensed/reporters/yaml_reporter.rb
 - lib/licensed/shell.rb
 - lib/licensed/sources.rb
 - lib/licensed/sources/bower.rb