licensed 2.6.1 → 2.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 399ad5d09b5d158f3c1a51aa719dd0f353bf9a4714d495d3998dd0e38c6b7009
-  data.tar.gz: 72a61d16fa72990cb12421bb29db09c80c15436eb5a85f962ffab089e78f7c99
+  metadata.gz: 01feaa48f4c38ee8a812dd909a05e46e0355c4a7e30add873c1410dca715df8f
+  data.tar.gz: ec09f82ba5ae08100b9c7e15631be48f6f14a302c26809172d0eb87a820b885a
 SHA512:
-  metadata.gz: 4c267eaf2523970f7e890e8e08eca972fa07cf3b616f66dc68ba010677014cd3ab8f08f7d7496c22345b4cd9801e6386015ff13e0064eed5ee850c12b068f8a5
-  data.tar.gz: ea1f68a031f398a43036648850325f34b44f28e5cfb9da630cc6d6bbdbe8e3b82b5d467b030256d4ed78bb4dda7e7c5820f5dd7fb97af08afe10105db8fc2946
+  metadata.gz: '03822f158d7aa6027eb6eb86856b271452bf0cd3f2bf202754a1391b65eee84c4c752fc857c40d5f4bac88dfd1490415cc0813a5003db3b127598e661a4360b2'
+  data.tar.gz: c7393d9cbd363f0dfc1dd5a919b990c31545bf9c6c6f7322174736bdba3dfad1fa30f579f63a6fe8374c5a931fe96c2b264277f717ceccc9dc5d9ebb0afdc600

data/.github/workflows/test.yml

@@ -20,6 +20,11 @@ jobs:
       uses: actions/setup-ruby@v1
       with:
         ruby-version: 2.6.x
+    - run: bundle lock
+    - uses: actions/cache@preview
+      with:
+        path: vendor/gems
+        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -42,6 +47,11 @@ jobs:
       run: |
         yes | gem uninstall bundler --all
         gem install bundler -v "${{ matrix.bundler }}"
+    - run: bundle lock
+    - uses: actions/cache@preview
+      with:
+        path: vendor/gems
+        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -66,6 +76,15 @@ jobs:
       with:
         ghc-version: ${{ matrix.ghc }}
         cabal-version: ${{ matrix.cabal }}
+    - run: bundle lock
+    - uses: actions/cache@preview
+      with:
+        path: vendor/gems
+        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
+    - uses: actions/cache@preview
+      with:
+        path: test/fixtures/cabal/dist-newstyle
+        key: ${{ runner.os }}-fixtures-cabal-${{ matrix.ghc }}-${{ matrix.cabal }}-${{ hashFiles(format('{0}{1}', github.workspace, '/test/fixtures/cabal/app.cabal')) }}
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -86,6 +105,11 @@ jobs:
         ruby-version: ${{matrix.ruby}}
     - name: Set up Bundler
       run: gem install bundler
+    - run: bundle lock
+    - uses: actions/cache@preview
+      with:
+        path: vendor/gems
+        key: ${{ runner.os }}-gem-${{ matrix.ruby }}-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
     - name: Bootstrap
       run: script/bootstrap
     - name: Build and lint
@@ -105,6 +129,11 @@ jobs:
       uses: actions/setup-ruby@v1
       with:
         ruby-version: 2.6.x
+    - run: bundle lock
+    - uses: actions/cache@preview
+      with:
+        path: vendor/gems
+        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -127,6 +156,11 @@ jobs:
       uses: actions/setup-ruby@v1
       with:
         ruby-version: 2.6.x
+    - run: bundle lock
+    - uses: actions/cache@preview
+      with:
+        path: vendor/gems
+        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -149,6 +183,11 @@ jobs:
       uses: actions/setup-ruby@v1
       with:
         ruby-version: 2.6.x
+    - run: bundle lock
+    - uses: actions/cache@preview
+      with:
+        path: vendor/gems
+        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -164,6 +203,11 @@ jobs:
       uses: actions/setup-ruby@v1
       with:
         ruby-version: 2.6.x
+    - run: bundle lock
+    - uses: actions/cache@preview
+      with:
+        path: vendor/gems
+        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
     - name: Bootstrap
       run: script/bootstrap
     - name: Gradle version
@@ -187,6 +231,11 @@ jobs:
       uses: actions/setup-ruby@v1
       with:
         ruby-version: 2.6.x
+    - run: bundle lock
+    - uses: actions/cache@preview
+      with:
+        path: vendor/gems
+        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
     - name: Bootstrap
       run: script/bootstrap
     - name: Install virtualenv
@@ -209,6 +258,11 @@ jobs:
       uses: actions/setup-ruby@v1
       with:
         ruby-version: 2.6.x
+    - run: bundle lock
+    - uses: actions/cache@preview
+      with:
+        path: vendor/gems
+        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
     - name: Bootstrap
       run: script/bootstrap
     - name: Install pipenv
@@ -233,6 +287,11 @@ jobs:
       uses: actions/setup-ruby@v1
       with:
         ruby-version: 2.6.x
+    - run: bundle lock
+    - uses: actions/cache@preview
+      with:
+        path: vendor/gems
+        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -256,6 +315,11 @@ jobs:
       uses: actions/setup-ruby@v1
       with:
         ruby-version: 2.6.x
+    - run: bundle lock
+    - uses: actions/cache@preview
+      with:
+        path: vendor/gems
+        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -271,6 +335,11 @@ jobs:
       uses: actions/setup-ruby@v1
       with:
         ruby-version: 2.6.x
+    - run: bundle lock
+    - uses: actions/cache@preview
+      with:
+        path: vendor/gems
+        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
     - name: Bootstrap
       run: script/bootstrap
     - name: Run tests

data/CHANGELOG.md

@@ -6,6 +6,17 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 2.6.2
+2019-11-03
+
+### Changed
+- A number of improvements to the go dependency enumerator
+  - use `go env GOPATH` as a default if no other GOPATH is found
+  - better compatibility with go modules when finding license content
+  - better compatibility with vendored go modules
+  - use a packages godoc.org page as it's homepage
+  - better checks for standard packages, reducing the amount of cached content
+
 ## 2.6.1
 2019-10-26
 
@@ -235,4 +246,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/2.6.1...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/2.6.2...HEAD

data/README.md

@@ -65,8 +65,17 @@ See the [commands documentation](./docs/commands.md) for additional documentatio
 
 ### Automation
 
+#### Bundler
+
 The [bundler-licensed plugin](https://github.com/sergey-alekseev/bundler-licensed) runs `licensed cache` automatically when using `bundler`.  See the linked repo for usage and details.
 
+#### GitHub Actions
+
+The [licensed-ci](https://github.com/marketplace/actions/licensed-ci) GitHub Action runs `licensed` as part of an opinionated CI workflow and can be configured to run on any GitHub Action event.  See the linked actions for usage and details.
+
+The [setup-licensed](https://github.com/marketplace/actions/setup-github-licensed) GitHub Action installs `licensed` to the workflow environment.  See the linked actions for usage and details.
+   - This action is intended for projects that don't have a ruby installation setup.  If your workflow has ruby setup please install `licensed` via `Gemfile` + `bundle install` or with `gem install`.
+
 ### Configuration
 
 All commands, except `version`, accept a `-c|--config` option to specify a path to a configuration file or directory.

data/docs/sources/go.md

@@ -40,3 +40,13 @@ The go source supports multiple versioning strategies to determine if cached dep
    ```yaml
    version_strategy: contents
    ```
+
+#### Go modules support
+
+The go source fully supports go modules, provided that the calling environment has been configured to use go modules.
+
+The go source can be configured to support vendored go modules
+```yaml
+go:
+  mod: vendor
+```

data/lib/licensed/sources/dep.rb

@@ -20,7 +20,7 @@ module Licensed
             search_root: search_root.to_s,
             metadata: {
               "type"        => Dep.type,
-              "homepage"    => "https://#{package[:name]}"
+              "homepage"    => homepage(package[:name])
             }
           )
         end
@@ -40,10 +40,17 @@ module Licensed
         end
       end
 
+      # Returns the godoc.org page for a package.
+      def homepage(import_path)
+        return unless import_path
+        "https://godoc.org/#{import_path}"
+      end
+
       # Returns whether the package is part of the go std list.  Replaces
       # "golang.org" with "golang_org" to match packages listed in `go list std`
       # as "vendor/golang_org/*" but are vendored as "vendor/golang.org/*"
       def go_std_package?(import_path)
+        return true if go_std_packages.include? "vendor/#{import_path}"
         go_std_packages.include? "vendor/#{import_path.sub(/^golang.org/, "golang_org")}"
       end
 

data/lib/licensed/sources/go.rb

@@ -17,13 +17,12 @@ module Licensed
           packages.map do |package|
             import_path = non_vendored_import_path(package["ImportPath"])
             error = package.dig("Error", "Err") if package["Error"]
-            package_dir = package["Dir"]
 
             Dependency.new(
               name: import_path,
               version: package_version(package),
-              path: package_dir,
-              search_root: search_root(package_dir),
+              path: package["Dir"],
+              search_root: search_root(package),
               errors: Array(error),
               metadata: {
                 "type"        => Go.type,
@@ -60,11 +59,14 @@ module Licensed
       # Returns the list of dependencies as returned by "go list -json -deps"
       # available in go 1.11
       def go_list_deps
+        args = ["-deps"]
+        args << "-mod=vendor" if config.dig("go", "mod") == "vendor"
+
         # the CLI command returns packages in a pretty-printed JSON format but
         # not separated by commas. this gsub adds commas after all non-indented
         # "}" that close root level objects.
         # (?!\z) uses negative lookahead to not match the final "}"
-        deps = package_info_command("-deps").gsub(/^}(?!\z)$/m, "},")
+        deps = package_info_command(*args).gsub(/^}(?!\z)$/m, "},")
         JSON.parse("[#{deps}]")
       end
 
@@ -74,14 +76,23 @@ module Licensed
       # package - package to check as part of the go standard library
       def go_std_package?(package)
         return false unless package
+
+        # return true if package self-identifies
         return true if package["Standard"]
 
         import_path = package["ImportPath"]
         return false unless import_path
 
+        # true if go standard packages includes the import path as given
+        return true if go_std_packages.include?(import_path)
+
+        # additional checks are only for vendored dependencies - return false
+        # if package isn't vendored
+        return false unless vendored_path?(import_path)
+
         # modify the import path to look like the import path `go list` returns for vendored std packages
-        std_vendor_import_path = import_path.sub(%r{^#{root_package["ImportPath"]}/vendor/golang.org}, "vendor/golang_org")
-        go_std_packages.include?(import_path) || go_std_packages.include?(std_vendor_import_path)
+        vendor_path = import_path.sub("#{root_package["ImportPath"]}/", "")
+        go_std_packages.include?(vendor_path) || go_std_packages.include?(vendor_path.sub("golang.org", "golang_org"))
       end
 
       # Returns whether the package is local to the current project
@@ -121,28 +132,29 @@ module Licensed
         end
       end
 
-      # Returns the homepage for a package import_path.  Assumes that the
-      # import path itself is a url domain and path
+      # Returns the godoc.org page for a package.
       def homepage(import_path)
         return unless import_path
-
-        # hacky but generally works due to go packages looking like
-        # "github.com/..." or "golang.org/..."
-        "https://#{import_path}"
+        "https://godoc.org/#{import_path}"
       end
 
       # Returns the root directory to search for a package license
       #
       # package - package object obtained from package_info
-      def search_root(package_dir)
-        return nil if package_dir.nil? || package_dir.empty?
+      def search_root(package)
+        return if package.nil?
 
         # search root choices:
-        # 1. vendor folder if package is vendored
-        # 2. GOPATH
-        # 3. nil (no search up directory hierarchy)
-        return package_dir.match("^(.*/vendor)/.*$")[1] if vendored_path?(package_dir)
-        gopath
+        # 1. module directory if using go modules
+        # 2. vendor folder if package is vendored
+        # 3. package root value if available
+        # 4. GOPATH if the package directory is under the gopath
+        # 5. nil
+        return package.dig("Module", "Dir") if package["Module"]
+        return package["Dir"].match("^(.*/vendor)/.*$")[1] if vendored_path?(package["Dir"])
+        return package["Root"] if package["Root"]
+        return gopath if package["Dir"]&.start_with?(gopath)
+        nil
       end
 
       # Returns whether a package is vendored or not based on the package
@@ -150,7 +162,8 @@ module Licensed
       #
       # path - Package path to test
       def vendored_path?(path)
-        path && path.include?("vendor/")
+        return false if path.nil?
+        path.start_with?(root_package["ImportPath"]) && path.include?("vendor/")
       end
 
       # Returns the import path parameter without the vendor component
@@ -196,17 +209,12 @@ module Licensed
       def gopath
         return @gopath if defined?(@gopath)
 
-        path = config.dig("go", "GOPATH")
-        @gopath = if path.nil? || path.empty?
-                    ENV["GOPATH"]
-                  else
-                    root = begin
-                             config.root
-                           rescue Licensed::Shell::Error
-                             Pathname.pwd
-                           end
-                    File.expand_path(path, root)
-                  end
+        @gopath = begin
+          path = config.dig("go", "GOPATH")
+          return File.expand_path(path, config.root) unless path.to_s.empty?
+          return ENV["GOPATH"] if ENV["GOPATH"]
+          Licensed::Shell.execute("go", "env", "GOPATH")
+        end
       end
 
       # Returns the current version of go available, as a Gem::Version

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "2.6.1".freeze
+  VERSION = "2.6.2".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 2.6.1
+  version: 2.6.2
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-10-26 00:00:00.000000000 Z
+date: 2019-11-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee