licensed 3.0.0 → 3.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +19 -0
- data/.github/workflows/release.yml +4 -4
- data/.github/workflows/test.yml +180 -47
- data/.ruby-version +1 -1
- data/CHANGELOG.md +60 -1
- data/README.md +25 -79
- data/docker/Dockerfile.build-linux +1 -1
- data/docs/adding_a_new_source.md +11 -8
- data/docs/commands/README.md +59 -0
- data/docs/commands/cache.md +35 -0
- data/docs/commands/env.md +10 -0
- data/docs/commands/list.md +23 -0
- data/docs/commands/migrate.md +10 -0
- data/docs/commands/notices.md +12 -0
- data/docs/commands/status.md +74 -0
- data/docs/commands/version.md +3 -0
- data/docs/configuration/README.md +11 -0
- data/docs/configuration/allowed_licenses.md +17 -0
- data/docs/configuration/application_name.md +63 -0
- data/docs/configuration/application_source.md +64 -0
- data/docs/configuration/configuration_root.md +27 -0
- data/docs/configuration/configuring_multiple_apps.md +58 -0
- data/docs/configuration/dependency_source_enumerators.md +28 -0
- data/docs/configuration/ignoring_dependencies.md +19 -0
- data/docs/configuration/metadata_cache.md +106 -0
- data/docs/configuration/reviewing_dependencies.md +18 -0
- data/docs/configuration.md +9 -161
- data/docs/sources/swift.md +4 -0
- data/lib/licensed/cli.rb +2 -2
- data/lib/licensed/commands/cache.rb +19 -20
- data/lib/licensed/commands/command.rb +104 -72
- data/lib/licensed/commands/environment.rb +12 -11
- data/lib/licensed/commands/list.rb +0 -19
- data/lib/licensed/commands/notices.rb +0 -19
- data/lib/licensed/commands/status.rb +13 -15
- data/lib/licensed/configuration.rb +105 -12
- data/lib/licensed/report.rb +44 -0
- data/lib/licensed/reporters/cache_reporter.rb +48 -64
- data/lib/licensed/reporters/json_reporter.rb +19 -21
- data/lib/licensed/reporters/list_reporter.rb +45 -58
- data/lib/licensed/reporters/notices_reporter.rb +33 -46
- data/lib/licensed/reporters/reporter.rb +37 -104
- data/lib/licensed/reporters/status_reporter.rb +58 -56
- data/lib/licensed/reporters/yaml_reporter.rb +19 -21
- data/lib/licensed/sources/bundler/definition.rb +36 -0
- data/lib/licensed/sources/bundler/missing_specification.rb +1 -1
- data/lib/licensed/sources/bundler.rb +38 -86
- data/lib/licensed/sources/dep.rb +2 -2
- data/lib/licensed/sources/go.rb +3 -3
- data/lib/licensed/sources/gradle.rb +2 -2
- data/lib/licensed/sources/helpers/content_versioning.rb +2 -1
- data/lib/licensed/sources/npm.rb +4 -3
- data/lib/licensed/sources/nuget.rb +56 -27
- data/lib/licensed/sources/swift.rb +69 -0
- data/lib/licensed/sources.rb +1 -0
- data/lib/licensed/version.rb +1 -1
- data/lib/licensed.rb +1 -0
- data/licensed.gemspec +4 -4
- data/script/source-setup/go +1 -1
- data/script/source-setup/swift +22 -0
- metadata +48 -13
- data/docs/commands.md +0 -95
@@ -125,10 +125,10 @@ module Licensed
|
|
125
125
|
def self.add_gradle_license_report_plugins_block(gradle_build_file)
|
126
126
|
|
127
127
|
if gradle_build_file.include? "plugins"
|
128
|
-
gradle_build_file.gsub(/(?<=plugins)\s+{/, " { id 'com.github.jk1.dependency-license-report' version '1.
|
128
|
+
gradle_build_file.gsub(/(?<=plugins)\s+{/, " { id 'com.github.jk1.dependency-license-report' version '1.16'")
|
129
129
|
else
|
130
130
|
|
131
|
-
gradle_build_file = " plugins { id 'com.github.jk1.dependency-license-report' version '1.
|
131
|
+
gradle_build_file = " plugins { id 'com.github.jk1.dependency-license-report' version '1.16' }" + gradle_build_file
|
132
132
|
end
|
133
133
|
end
|
134
134
|
|
@@ -61,11 +61,12 @@ module Licensed
|
|
61
61
|
|
62
62
|
paths = paths.compact.select { |path| File.file?(path) }
|
63
63
|
return if paths.empty?
|
64
|
-
|
64
|
+
# rubocop:disable GitHub/InsecureHashAlgorithm
|
65
65
|
paths.sort
|
66
66
|
.reduce(Digest::XXHash64.new, :file)
|
67
67
|
.digest
|
68
68
|
.to_s(16) # convert to hex
|
69
|
+
# rubocop:enable GitHub/InsecureHashAlgorithm
|
69
70
|
end
|
70
71
|
end
|
71
72
|
end
|
data/lib/licensed/sources/npm.rb
CHANGED
@@ -33,11 +33,12 @@ module Licensed
|
|
33
33
|
|
34
34
|
def enumerate_dependencies
|
35
35
|
packages.map do |name, package|
|
36
|
-
|
36
|
+
errors = package["problems"] unless package["path"]
|
37
37
|
Dependency.new(
|
38
38
|
name: name,
|
39
|
-
version: package["version"],
|
40
|
-
path: path,
|
39
|
+
version: package["version"] || package["required"],
|
40
|
+
path: package["path"],
|
41
|
+
errors: Array(errors),
|
41
42
|
metadata: {
|
42
43
|
"type" => NPM.type,
|
43
44
|
"name" => package["name"],
|
@@ -164,7 +164,7 @@ module Licensed
|
|
164
164
|
end
|
165
165
|
|
166
166
|
def project_assets_file_path
|
167
|
-
File.join(config.pwd, "project.assets.json")
|
167
|
+
File.join(config.pwd, nuget_obj_path, "project.assets.json")
|
168
168
|
end
|
169
169
|
|
170
170
|
def project_assets_file
|
@@ -172,6 +172,17 @@ module Licensed
|
|
172
172
|
@project_assets_file = File.read(project_assets_file_path)
|
173
173
|
end
|
174
174
|
|
175
|
+
def project_assets_json
|
176
|
+
@project_assets_json ||= JSON.parse(project_assets_file)
|
177
|
+
rescue JSON::ParserError => e
|
178
|
+
message = "Licensed was unable to read the project.assets.json file. Error: #{e.message}"
|
179
|
+
raise Licensed::Sources::Source::Error, message
|
180
|
+
end
|
181
|
+
|
182
|
+
def nuget_obj_path
|
183
|
+
config.dig("nuget", "obj_path") || ""
|
184
|
+
end
|
185
|
+
|
175
186
|
def enabled?
|
176
187
|
File.exist?(project_assets_file_path)
|
177
188
|
end
|
@@ -180,32 +191,50 @@ module Licensed
|
|
180
191
|
# Ideally we'd use `dotnet list package` instead, but its output isn't
|
181
192
|
# easily machine readable and doesn't contain everything we need.
|
182
193
|
def enumerate_dependencies
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
name
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
194
|
+
reference_keys.map do |reference_key|
|
195
|
+
package_id_parts = reference_key.partition("/")
|
196
|
+
name = package_id_parts[0]
|
197
|
+
version = package_id_parts[-1]
|
198
|
+
id = "#{name}-#{version}"
|
199
|
+
|
200
|
+
path = full_dependency_path(reference_key)
|
201
|
+
error = "Package #{id} path was not found in project.assets.json, or does not exist on disk at any project package folder" if path.nil?
|
202
|
+
|
203
|
+
NuGetDependency.new(
|
204
|
+
name: id,
|
205
|
+
version: version,
|
206
|
+
path: path,
|
207
|
+
errors: Array(error),
|
208
|
+
metadata: {
|
209
|
+
"type" => NuGet.type,
|
210
|
+
"name" => name
|
211
|
+
}
|
212
|
+
)
|
213
|
+
end
|
214
|
+
end
|
215
|
+
|
216
|
+
# Returns a unique set of the package reference keys used across all target groups
|
217
|
+
def reference_keys
|
218
|
+
all_reference_keys = project_assets_json["targets"].flat_map do |_, references|
|
219
|
+
references.select { |key, reference| reference["type"] == "package" }
|
220
|
+
.keys
|
221
|
+
end
|
222
|
+
|
223
|
+
Set.new(all_reference_keys)
|
224
|
+
end
|
225
|
+
|
226
|
+
# Returns a dependency's path, if it exists, in one of the project's global or fallback package folders
|
227
|
+
def full_dependency_path(reference_key)
|
228
|
+
dependency_path = project_assets_json.dig("libraries", reference_key, "path")
|
229
|
+
return unless dependency_path
|
230
|
+
|
231
|
+
nuget_package_dirs = [
|
232
|
+
project_assets_json.dig("project", "restore", "packagesPath"),
|
233
|
+
*Array(project_assets_json.dig("project", "restore", "fallbackFolders"))
|
234
|
+
].compact
|
235
|
+
|
236
|
+
nuget_package_dirs.map { |dir| File.join(dir, dependency_path) }
|
237
|
+
.find { |path| File.directory?(path) }
|
209
238
|
end
|
210
239
|
end
|
211
240
|
end
|
@@ -0,0 +1,69 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
require "json"
|
3
|
+
require "pathname"
|
4
|
+
require "uri"
|
5
|
+
|
6
|
+
module Licensed
|
7
|
+
module Sources
|
8
|
+
class Swift < Source
|
9
|
+
def enabled?
|
10
|
+
return unless Licensed::Shell.tool_available?("swift") && swift_package?
|
11
|
+
File.exist?(package_resolved_file_path)
|
12
|
+
end
|
13
|
+
|
14
|
+
def enumerate_dependencies
|
15
|
+
pins.map { |pin|
|
16
|
+
name = pin["package"]
|
17
|
+
version = pin.dig("state", "version")
|
18
|
+
path = dependency_path_for_url(pin["repositoryURL"])
|
19
|
+
error = "Unable to determine project path from #{url}" unless path
|
20
|
+
|
21
|
+
Dependency.new(
|
22
|
+
name: name,
|
23
|
+
path: path,
|
24
|
+
version: version,
|
25
|
+
errors: Array(error),
|
26
|
+
metadata: {
|
27
|
+
"type" => Swift.type,
|
28
|
+
"homepage" => homepage_for_url(pin["repositoryURL"])
|
29
|
+
}
|
30
|
+
)
|
31
|
+
}
|
32
|
+
end
|
33
|
+
|
34
|
+
private
|
35
|
+
|
36
|
+
def pins
|
37
|
+
return @pins if defined?(@pins)
|
38
|
+
|
39
|
+
@pins = begin
|
40
|
+
json = JSON.parse(File.read(package_resolved_file_path))
|
41
|
+
json.dig("object", "pins")
|
42
|
+
rescue => e
|
43
|
+
message = "Licensed was unable to read the Package.resolved file. Error: #{e.message}"
|
44
|
+
raise Licensed::Sources::Source::Error, message
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
def dependency_path_for_url(url)
|
49
|
+
last_path_component = URI(url).path.split("/").last.sub(/\.git$/, "")
|
50
|
+
File.join(config.pwd, ".build", "checkouts", last_path_component)
|
51
|
+
rescue URI::InvalidURIError
|
52
|
+
end
|
53
|
+
|
54
|
+
def homepage_for_url(url)
|
55
|
+
return unless %w{http https}.include?(URI(url).scheme)
|
56
|
+
url.sub(/\.git$/, "")
|
57
|
+
rescue URI::InvalidURIError
|
58
|
+
end
|
59
|
+
|
60
|
+
def package_resolved_file_path
|
61
|
+
File.join(config.pwd, "Package.resolved")
|
62
|
+
end
|
63
|
+
|
64
|
+
def swift_package?
|
65
|
+
Licensed::Shell.success?("swift", "package", "describe")
|
66
|
+
end
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
data/lib/licensed/sources.rb
CHANGED
@@ -14,6 +14,7 @@ module Licensed
|
|
14
14
|
require "licensed/sources/nuget"
|
15
15
|
require "licensed/sources/pip"
|
16
16
|
require "licensed/sources/pipenv"
|
17
|
+
require "licensed/sources/swift"
|
17
18
|
require "licensed/sources/gradle"
|
18
19
|
require "licensed/sources/mix"
|
19
20
|
require "licensed/sources/yarn"
|
data/lib/licensed/version.rb
CHANGED
data/lib/licensed.rb
CHANGED
data/licensed.gemspec
CHANGED
@@ -26,16 +26,16 @@ Gem::Specification.new do |spec|
|
|
26
26
|
spec.add_dependency "licensee", ">= 9.14.0", "< 10.0.0"
|
27
27
|
spec.add_dependency "thor", ">= 0.19"
|
28
28
|
spec.add_dependency "pathname-common_prefix", "~> 0.0.1"
|
29
|
-
spec.add_dependency "tomlrb", "
|
29
|
+
spec.add_dependency "tomlrb", ">= 1.2", "< 3.0"
|
30
30
|
spec.add_dependency "bundler", ">= 1.10"
|
31
31
|
spec.add_dependency "ruby-xxHash", "~> 0.4"
|
32
32
|
spec.add_dependency "parallel", ">= 0.18.0"
|
33
|
-
spec.add_dependency "reverse_markdown", "
|
33
|
+
spec.add_dependency "reverse_markdown", ">= 1", "< 3"
|
34
34
|
|
35
35
|
spec.add_development_dependency "rake", ">= 12.3.3"
|
36
36
|
spec.add_development_dependency "minitest", "~> 5.8"
|
37
37
|
spec.add_development_dependency "mocha", "~> 1.0"
|
38
|
-
spec.add_development_dependency "rubocop", "~> 0.49", "<
|
38
|
+
spec.add_development_dependency "rubocop", "~> 0.49", "< 1.20"
|
39
39
|
spec.add_development_dependency "rubocop-github", "~> 0.6"
|
40
|
-
spec.add_development_dependency "byebug", "~>
|
40
|
+
spec.add_development_dependency "byebug", "~> 11.0.1"
|
41
41
|
end
|
data/script/source-setup/go
CHANGED
@@ -0,0 +1,22 @@
|
|
1
|
+
#!/bin/bash
|
2
|
+
set -e
|
3
|
+
|
4
|
+
if [ -z "$(which swift)" ]; then
|
5
|
+
echo "A local swift installation is required for swift development." >&2
|
6
|
+
exit 127
|
7
|
+
fi
|
8
|
+
|
9
|
+
swift --version
|
10
|
+
|
11
|
+
BASE_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
|
12
|
+
cd $BASE_PATH/test/fixtures/swift
|
13
|
+
|
14
|
+
if [ "$1" == "-f" ]; then
|
15
|
+
find . -not -regex "\.*" \
|
16
|
+
-and -not -path "*/Package.swift" \
|
17
|
+
-and -not -path "*/Sources*" \
|
18
|
+
-and -not -path "*/Tests*" \
|
19
|
+
-print0 | xargs -0 rm -rf
|
20
|
+
fi
|
21
|
+
|
22
|
+
swift package resolve
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: licensed
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- GitHub
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-09-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: licensee
|
@@ -62,16 +62,22 @@ dependencies:
|
|
62
62
|
name: tomlrb
|
63
63
|
requirement: !ruby/object:Gem::Requirement
|
64
64
|
requirements:
|
65
|
-
- - "
|
65
|
+
- - ">="
|
66
66
|
- !ruby/object:Gem::Version
|
67
67
|
version: '1.2'
|
68
|
+
- - "<"
|
69
|
+
- !ruby/object:Gem::Version
|
70
|
+
version: '3.0'
|
68
71
|
type: :runtime
|
69
72
|
prerelease: false
|
70
73
|
version_requirements: !ruby/object:Gem::Requirement
|
71
74
|
requirements:
|
72
|
-
- - "
|
75
|
+
- - ">="
|
73
76
|
- !ruby/object:Gem::Version
|
74
77
|
version: '1.2'
|
78
|
+
- - "<"
|
79
|
+
- !ruby/object:Gem::Version
|
80
|
+
version: '3.0'
|
75
81
|
- !ruby/object:Gem::Dependency
|
76
82
|
name: bundler
|
77
83
|
requirement: !ruby/object:Gem::Requirement
|
@@ -118,16 +124,22 @@ dependencies:
|
|
118
124
|
name: reverse_markdown
|
119
125
|
requirement: !ruby/object:Gem::Requirement
|
120
126
|
requirements:
|
121
|
-
- - "
|
127
|
+
- - ">="
|
122
128
|
- !ruby/object:Gem::Version
|
123
|
-
version: '1
|
129
|
+
version: '1'
|
130
|
+
- - "<"
|
131
|
+
- !ruby/object:Gem::Version
|
132
|
+
version: '3'
|
124
133
|
type: :runtime
|
125
134
|
prerelease: false
|
126
135
|
version_requirements: !ruby/object:Gem::Requirement
|
127
136
|
requirements:
|
128
|
-
- - "
|
137
|
+
- - ">="
|
129
138
|
- !ruby/object:Gem::Version
|
130
|
-
version: '1
|
139
|
+
version: '1'
|
140
|
+
- - "<"
|
141
|
+
- !ruby/object:Gem::Version
|
142
|
+
version: '3'
|
131
143
|
- !ruby/object:Gem::Dependency
|
132
144
|
name: rake
|
133
145
|
requirement: !ruby/object:Gem::Requirement
|
@@ -179,7 +191,7 @@ dependencies:
|
|
179
191
|
version: '0.49'
|
180
192
|
- - "<"
|
181
193
|
- !ruby/object:Gem::Version
|
182
|
-
version: '
|
194
|
+
version: '1.20'
|
183
195
|
type: :development
|
184
196
|
prerelease: false
|
185
197
|
version_requirements: !ruby/object:Gem::Requirement
|
@@ -189,7 +201,7 @@ dependencies:
|
|
189
201
|
version: '0.49'
|
190
202
|
- - "<"
|
191
203
|
- !ruby/object:Gem::Version
|
192
|
-
version: '
|
204
|
+
version: '1.20'
|
193
205
|
- !ruby/object:Gem::Dependency
|
194
206
|
name: rubocop-github
|
195
207
|
requirement: !ruby/object:Gem::Requirement
|
@@ -210,14 +222,14 @@ dependencies:
|
|
210
222
|
requirements:
|
211
223
|
- - "~>"
|
212
224
|
- !ruby/object:Gem::Version
|
213
|
-
version:
|
225
|
+
version: 11.0.1
|
214
226
|
type: :development
|
215
227
|
prerelease: false
|
216
228
|
version_requirements: !ruby/object:Gem::Requirement
|
217
229
|
requirements:
|
218
230
|
- - "~>"
|
219
231
|
- !ruby/object:Gem::Version
|
220
|
-
version:
|
232
|
+
version: 11.0.1
|
221
233
|
description: Licensed automates extracting and validating the licenses of dependencies.
|
222
234
|
email:
|
223
235
|
- opensource+licensed@github.com
|
@@ -226,6 +238,7 @@ executables:
|
|
226
238
|
extensions: []
|
227
239
|
extra_rdoc_files: []
|
228
240
|
files:
|
241
|
+
- ".github/dependabot.yml"
|
229
242
|
- ".github/workflows/release.yml"
|
230
243
|
- ".github/workflows/test.yml"
|
231
244
|
- ".gitignore"
|
@@ -241,8 +254,25 @@ files:
|
|
241
254
|
- Rakefile
|
242
255
|
- docker/Dockerfile.build-linux
|
243
256
|
- docs/adding_a_new_source.md
|
244
|
-
- docs/commands.md
|
257
|
+
- docs/commands/README.md
|
258
|
+
- docs/commands/cache.md
|
259
|
+
- docs/commands/env.md
|
260
|
+
- docs/commands/list.md
|
261
|
+
- docs/commands/migrate.md
|
262
|
+
- docs/commands/notices.md
|
263
|
+
- docs/commands/status.md
|
264
|
+
- docs/commands/version.md
|
245
265
|
- docs/configuration.md
|
266
|
+
- docs/configuration/README.md
|
267
|
+
- docs/configuration/allowed_licenses.md
|
268
|
+
- docs/configuration/application_name.md
|
269
|
+
- docs/configuration/application_source.md
|
270
|
+
- docs/configuration/configuration_root.md
|
271
|
+
- docs/configuration/configuring_multiple_apps.md
|
272
|
+
- docs/configuration/dependency_source_enumerators.md
|
273
|
+
- docs/configuration/ignoring_dependencies.md
|
274
|
+
- docs/configuration/metadata_cache.md
|
275
|
+
- docs/configuration/reviewing_dependencies.md
|
246
276
|
- docs/migrations/v2.md
|
247
277
|
- docs/migrations/v3.md
|
248
278
|
- docs/packaging.md
|
@@ -262,6 +292,7 @@ files:
|
|
262
292
|
- docs/sources/pip.md
|
263
293
|
- docs/sources/pipenv.md
|
264
294
|
- docs/sources/stack.md
|
295
|
+
- docs/sources/swift.md
|
265
296
|
- docs/sources/yarn.md
|
266
297
|
- exe/licensed
|
267
298
|
- lib/licensed.rb
|
@@ -279,6 +310,7 @@ files:
|
|
279
310
|
- lib/licensed/git.rb
|
280
311
|
- lib/licensed/migrations.rb
|
281
312
|
- lib/licensed/migrations/v2.rb
|
313
|
+
- lib/licensed/report.rb
|
282
314
|
- lib/licensed/reporters.rb
|
283
315
|
- lib/licensed/reporters/cache_reporter.rb
|
284
316
|
- lib/licensed/reporters/json_reporter.rb
|
@@ -291,6 +323,7 @@ files:
|
|
291
323
|
- lib/licensed/sources.rb
|
292
324
|
- lib/licensed/sources/bower.rb
|
293
325
|
- lib/licensed/sources/bundler.rb
|
326
|
+
- lib/licensed/sources/bundler/definition.rb
|
294
327
|
- lib/licensed/sources/bundler/missing_specification.rb
|
295
328
|
- lib/licensed/sources/cabal.rb
|
296
329
|
- lib/licensed/sources/composer.rb
|
@@ -306,6 +339,7 @@ files:
|
|
306
339
|
- lib/licensed/sources/pip.rb
|
307
340
|
- lib/licensed/sources/pipenv.rb
|
308
341
|
- lib/licensed/sources/source.rb
|
342
|
+
- lib/licensed/sources/swift.rb
|
309
343
|
- lib/licensed/sources/yarn.rb
|
310
344
|
- lib/licensed/ui/shell.rb
|
311
345
|
- lib/licensed/version.rb
|
@@ -329,6 +363,7 @@ files:
|
|
329
363
|
- script/source-setup/nuget
|
330
364
|
- script/source-setup/pip
|
331
365
|
- script/source-setup/pipenv
|
366
|
+
- script/source-setup/swift
|
332
367
|
- script/source-setup/yarn
|
333
368
|
- script/test
|
334
369
|
homepage: https://github.com/github/licensed
|