licensed 3.0.0 → 3.2.1

data/lib/licensed/sources/gradle.rb

@@ -125,10 +125,10 @@ module Licensed
       def self.add_gradle_license_report_plugins_block(gradle_build_file)
 
         if gradle_build_file.include? "plugins"
-          gradle_build_file.gsub(/(?<=plugins)\s+{/, " { id 'com.github.jk1.dependency-license-report' version '1.6'")
+          gradle_build_file.gsub(/(?<=plugins)\s+{/, " { id 'com.github.jk1.dependency-license-report' version '1.16'")
         else
 
-          gradle_build_file = " plugins { id 'com.github.jk1.dependency-license-report' version '1.6' }" + gradle_build_file
+          gradle_build_file = " plugins { id 'com.github.jk1.dependency-license-report' version '1.16' }" + gradle_build_file
         end
       end
 

data/lib/licensed/sources/helpers/content_versioning.rb

@@ -61,11 +61,12 @@ module Licensed
 
         paths = paths.compact.select { |path| File.file?(path) }
         return if paths.empty?
-
+        # rubocop:disable GitHub/InsecureHashAlgorithm
         paths.sort
              .reduce(Digest::XXHash64.new, :file)
              .digest
              .to_s(16) # convert to hex
+        # rubocop:enable GitHub/InsecureHashAlgorithm
       end
     end
   end

data/lib/licensed/sources/npm.rb

@@ -33,11 +33,12 @@ module Licensed
 
       def enumerate_dependencies
         packages.map do |name, package|
-          path = package["path"]
+          errors = package["problems"] unless package["path"]
           Dependency.new(
             name: name,
-            version: package["version"],
-            path: path,
+            version: package["version"] || package["required"],
+            path: package["path"],
+            errors: Array(errors),
             metadata: {
               "type"     => NPM.type,
               "name"     => package["name"],

data/lib/licensed/sources/nuget.rb

@@ -164,7 +164,7 @@ module Licensed
       end
 
       def project_assets_file_path
-        File.join(config.pwd, "project.assets.json")
+        File.join(config.pwd, nuget_obj_path, "project.assets.json")
       end
 
       def project_assets_file
@@ -172,6 +172,17 @@ module Licensed
         @project_assets_file = File.read(project_assets_file_path)
       end
 
+      def project_assets_json
+        @project_assets_json ||= JSON.parse(project_assets_file)
+      rescue JSON::ParserError => e
+        message = "Licensed was unable to read the project.assets.json file. Error: #{e.message}"
+        raise Licensed::Sources::Source::Error, message
+      end
+
+      def nuget_obj_path
+        config.dig("nuget", "obj_path") || ""
+      end
+
       def enabled?
         File.exist?(project_assets_file_path)
       end
@@ -180,32 +191,50 @@ module Licensed
       # Ideally we'd use `dotnet list package` instead, but its output isn't
       # easily machine readable and doesn't contain everything we need.
       def enumerate_dependencies
-        json = JSON.parse(project_assets_file)
-        nuget_packages_dir = json["project"]["restore"]["packagesPath"]
-        json["targets"].each_with_object({}) do |(_, target), dependencies|
-          target.each do |reference_key, reference|
-            # Ignore project references
-            next unless reference["type"] == "package"
-            package_id_parts = reference_key.partition("/")
-            name = package_id_parts[0]
-            version = package_id_parts[-1]
-            id = "#{name}-#{version}"
-
-            # Already know this package from another target
-            next if dependencies.key?(id)
-
-            path = File.join(nuget_packages_dir, json["libraries"][reference_key]["path"])
-            dependencies[id] = NuGetDependency.new(
-              name: id,
-              version: version,
-              path: path,
-              metadata: {
-                "type" => NuGet.type,
-                "name" => name
-              }
-            )
-          end
-        end.values
+        reference_keys.map do |reference_key|
+          package_id_parts = reference_key.partition("/")
+          name = package_id_parts[0]
+          version = package_id_parts[-1]
+          id = "#{name}-#{version}"
+
+          path = full_dependency_path(reference_key)
+          error = "Package #{id} path was not found in project.assets.json, or does not exist on disk at any project package folder" if path.nil?
+
+          NuGetDependency.new(
+            name: id,
+            version: version,
+            path: path,
+            errors: Array(error),
+            metadata: {
+              "type" => NuGet.type,
+              "name" => name
+            }
+          )
+        end
+      end
+
+      # Returns a unique set of the package reference keys used across all target groups
+      def reference_keys
+        all_reference_keys = project_assets_json["targets"].flat_map do |_, references|
+          references.select { |key, reference| reference["type"] == "package" }
+                    .keys
+        end
+
+        Set.new(all_reference_keys)
+      end
+
+      # Returns a dependency's path, if it exists, in one of the project's global or fallback package folders
+      def full_dependency_path(reference_key)
+        dependency_path = project_assets_json.dig("libraries", reference_key, "path")
+        return unless dependency_path
+
+        nuget_package_dirs = [
+          project_assets_json.dig("project", "restore", "packagesPath"),
+          *Array(project_assets_json.dig("project", "restore", "fallbackFolders"))
+        ].compact
+
+        nuget_package_dirs.map { |dir| File.join(dir, dependency_path) }
+                          .find { |path| File.directory?(path) }
       end
     end
   end

data/lib/licensed/sources/swift.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+require "json"
+require "pathname"
+require "uri"
+
+module Licensed
+  module Sources
+    class Swift < Source
+      def enabled?
+        return unless Licensed::Shell.tool_available?("swift") && swift_package?
+        File.exist?(package_resolved_file_path)
+      end
+
+      def enumerate_dependencies
+        pins.map { |pin|
+          name = pin["package"]
+          version = pin.dig("state", "version")
+          path = dependency_path_for_url(pin["repositoryURL"])
+          error = "Unable to determine project path from #{url}" unless path
+
+          Dependency.new(
+            name: name,
+            path: path,
+            version: version,
+            errors: Array(error),
+            metadata: {
+              "type"      => Swift.type,
+              "homepage"  => homepage_for_url(pin["repositoryURL"])
+            }
+          )
+        }
+      end
+
+      private
+
+      def pins
+        return @pins if defined?(@pins)
+
+        @pins = begin
+          json = JSON.parse(File.read(package_resolved_file_path))
+          json.dig("object", "pins")
+        rescue => e
+          message = "Licensed was unable to read the Package.resolved file. Error: #{e.message}"
+          raise Licensed::Sources::Source::Error, message
+        end
+      end
+
+      def dependency_path_for_url(url)
+        last_path_component = URI(url).path.split("/").last.sub(/\.git$/, "")
+        File.join(config.pwd, ".build", "checkouts", last_path_component)
+      rescue URI::InvalidURIError
+      end
+
+      def homepage_for_url(url)
+        return unless %w{http https}.include?(URI(url).scheme)
+        url.sub(/\.git$/, "")
+      rescue URI::InvalidURIError
+      end
+
+      def package_resolved_file_path
+        File.join(config.pwd, "Package.resolved")
+      end
+
+      def swift_package?
+        Licensed::Shell.success?("swift", "package", "describe")
+      end
+    end
+  end
+end

data/lib/licensed/sources.rb

@@ -14,6 +14,7 @@ module Licensed
     require "licensed/sources/nuget"
     require "licensed/sources/pip"
     require "licensed/sources/pipenv"
+    require "licensed/sources/swift"
     require "licensed/sources/gradle"
     require "licensed/sources/mix"
     require "licensed/sources/yarn"

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "3.0.0".freeze
+  VERSION = "3.2.1".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

data/lib/licensed.rb

@@ -6,6 +6,7 @@ require "licensed/dependency"
 require "licensed/git"
 require "licensed/sources"
 require "licensed/configuration"
+require "licensed/report"
 require "licensed/reporters"
 require "licensed/commands"
 require "licensed/ui/shell"

data/licensed.gemspec

@@ -26,16 +26,16 @@ Gem::Specification.new do |spec|
   spec.add_dependency "licensee", ">= 9.14.0", "< 10.0.0"
   spec.add_dependency "thor", ">= 0.19"
   spec.add_dependency "pathname-common_prefix", "~> 0.0.1"
-  spec.add_dependency "tomlrb", "~> 1.2"
+  spec.add_dependency "tomlrb", ">= 1.2", "< 3.0"
   spec.add_dependency "bundler", ">= 1.10"
   spec.add_dependency "ruby-xxHash", "~> 0.4"
   spec.add_dependency "parallel", ">= 0.18.0"
-  spec.add_dependency "reverse_markdown", "~> 1.0"
+  spec.add_dependency "reverse_markdown", ">= 1", "< 3"
 
   spec.add_development_dependency "rake", ">= 12.3.3"
   spec.add_development_dependency "minitest", "~> 5.8"
   spec.add_development_dependency "mocha", "~> 1.0"
-  spec.add_development_dependency "rubocop", "~> 0.49", "< 0.67"
+  spec.add_development_dependency "rubocop", "~> 0.49", "< 1.20"
   spec.add_development_dependency "rubocop-github", "~> 0.6"
-  spec.add_development_dependency "byebug", "~> 10.0.0"
+  spec.add_development_dependency "byebug", "~> 11.0.1"
 end

data/script/source-setup/go

@@ -25,7 +25,7 @@ if [ "$1" == "-f" ]; then
   fi
 fi
 
-(cd src/test && go get)
+(export GO111MODULE=off && cd src/test && go get)
 if go help mod >/dev/null; then
   (cd src/modules_test && GO111MODULE=on go mod download)
 fi

data/script/source-setup/swift

@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+
+if [ -z "$(which swift)" ]; then
+  echo "A local swift installation is required for swift development." >&2
+  exit 127
+fi
+
+swift --version
+
+BASE_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+cd $BASE_PATH/test/fixtures/swift
+
+if [ "$1" == "-f" ]; then
+  find . -not -regex "\.*" \
+    -and -not -path "*/Package.swift" \
+    -and -not -path "*/Sources*" \
+    -and -not -path "*/Tests*" \
+    -print0 | xargs -0 rm -rf
+fi
+
+swift package resolve

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 3.0.0
+  version: 3.2.1
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-04-29 00:00:00.000000000 Z
+date: 2021-09-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -62,16 +62,22 @@ dependencies:
   name: tomlrb
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.2'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -118,16 +124,22 @@ dependencies:
   name: reverse_markdown
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -179,7 +191,7 @@ dependencies:
         version: '0.49'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '0.67'
+        version: '1.20'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -189,7 +201,7 @@ dependencies:
         version: '0.49'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '0.67'
+        version: '1.20'
 - !ruby/object:Gem::Dependency
   name: rubocop-github
   requirement: !ruby/object:Gem::Requirement
@@ -210,14 +222,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 10.0.0
+        version: 11.0.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 10.0.0
+        version: 11.0.1
 description: Licensed automates extracting and validating the licenses of dependencies.
 email:
 - opensource+licensed@github.com
@@ -226,6 +238,7 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/dependabot.yml"
 - ".github/workflows/release.yml"
 - ".github/workflows/test.yml"
 - ".gitignore"
@@ -241,8 +254,25 @@ files:
 - Rakefile
 - docker/Dockerfile.build-linux
 - docs/adding_a_new_source.md
-- docs/commands.md
+- docs/commands/README.md
+- docs/commands/cache.md
+- docs/commands/env.md
+- docs/commands/list.md
+- docs/commands/migrate.md
+- docs/commands/notices.md
+- docs/commands/status.md
+- docs/commands/version.md
 - docs/configuration.md
+- docs/configuration/README.md
+- docs/configuration/allowed_licenses.md
+- docs/configuration/application_name.md
+- docs/configuration/application_source.md
+- docs/configuration/configuration_root.md
+- docs/configuration/configuring_multiple_apps.md
+- docs/configuration/dependency_source_enumerators.md
+- docs/configuration/ignoring_dependencies.md
+- docs/configuration/metadata_cache.md
+- docs/configuration/reviewing_dependencies.md
 - docs/migrations/v2.md
 - docs/migrations/v3.md
 - docs/packaging.md
@@ -262,6 +292,7 @@ files:
 - docs/sources/pip.md
 - docs/sources/pipenv.md
 - docs/sources/stack.md
+- docs/sources/swift.md
 - docs/sources/yarn.md
 - exe/licensed
 - lib/licensed.rb
@@ -279,6 +310,7 @@ files:
 - lib/licensed/git.rb
 - lib/licensed/migrations.rb
 - lib/licensed/migrations/v2.rb
+- lib/licensed/report.rb
 - lib/licensed/reporters.rb
 - lib/licensed/reporters/cache_reporter.rb
 - lib/licensed/reporters/json_reporter.rb
@@ -291,6 +323,7 @@ files:
 - lib/licensed/sources.rb
 - lib/licensed/sources/bower.rb
 - lib/licensed/sources/bundler.rb
+- lib/licensed/sources/bundler/definition.rb
 - lib/licensed/sources/bundler/missing_specification.rb
 - lib/licensed/sources/cabal.rb
 - lib/licensed/sources/composer.rb
@@ -306,6 +339,7 @@ files:
 - lib/licensed/sources/pip.rb
 - lib/licensed/sources/pipenv.rb
 - lib/licensed/sources/source.rb
+- lib/licensed/sources/swift.rb
 - lib/licensed/sources/yarn.rb
 - lib/licensed/ui/shell.rb
 - lib/licensed/version.rb
@@ -329,6 +363,7 @@ files:
 - script/source-setup/nuget
 - script/source-setup/pip
 - script/source-setup/pipenv
+- script/source-setup/swift
 - script/source-setup/yarn
 - script/test
 homepage: https://github.com/github/licensed