licensed 3.0.0 → 3.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (63) hide show
  1. checksums.yaml +4 -4
  2. data/.github/dependabot.yml +19 -0
  3. data/.github/workflows/release.yml +4 -4
  4. data/.github/workflows/test.yml +180 -47
  5. data/.ruby-version +1 -1
  6. data/CHANGELOG.md +60 -1
  7. data/README.md +25 -79
  8. data/docker/Dockerfile.build-linux +1 -1
  9. data/docs/adding_a_new_source.md +11 -8
  10. data/docs/commands/README.md +59 -0
  11. data/docs/commands/cache.md +35 -0
  12. data/docs/commands/env.md +10 -0
  13. data/docs/commands/list.md +23 -0
  14. data/docs/commands/migrate.md +10 -0
  15. data/docs/commands/notices.md +12 -0
  16. data/docs/commands/status.md +74 -0
  17. data/docs/commands/version.md +3 -0
  18. data/docs/configuration/README.md +11 -0
  19. data/docs/configuration/allowed_licenses.md +17 -0
  20. data/docs/configuration/application_name.md +63 -0
  21. data/docs/configuration/application_source.md +64 -0
  22. data/docs/configuration/configuration_root.md +27 -0
  23. data/docs/configuration/configuring_multiple_apps.md +58 -0
  24. data/docs/configuration/dependency_source_enumerators.md +28 -0
  25. data/docs/configuration/ignoring_dependencies.md +19 -0
  26. data/docs/configuration/metadata_cache.md +106 -0
  27. data/docs/configuration/reviewing_dependencies.md +18 -0
  28. data/docs/configuration.md +9 -161
  29. data/docs/sources/swift.md +4 -0
  30. data/lib/licensed/cli.rb +2 -2
  31. data/lib/licensed/commands/cache.rb +19 -20
  32. data/lib/licensed/commands/command.rb +104 -72
  33. data/lib/licensed/commands/environment.rb +12 -11
  34. data/lib/licensed/commands/list.rb +0 -19
  35. data/lib/licensed/commands/notices.rb +0 -19
  36. data/lib/licensed/commands/status.rb +13 -15
  37. data/lib/licensed/configuration.rb +105 -12
  38. data/lib/licensed/report.rb +44 -0
  39. data/lib/licensed/reporters/cache_reporter.rb +48 -64
  40. data/lib/licensed/reporters/json_reporter.rb +19 -21
  41. data/lib/licensed/reporters/list_reporter.rb +45 -58
  42. data/lib/licensed/reporters/notices_reporter.rb +33 -46
  43. data/lib/licensed/reporters/reporter.rb +37 -104
  44. data/lib/licensed/reporters/status_reporter.rb +58 -56
  45. data/lib/licensed/reporters/yaml_reporter.rb +19 -21
  46. data/lib/licensed/sources/bundler/definition.rb +36 -0
  47. data/lib/licensed/sources/bundler/missing_specification.rb +1 -1
  48. data/lib/licensed/sources/bundler.rb +38 -86
  49. data/lib/licensed/sources/dep.rb +2 -2
  50. data/lib/licensed/sources/go.rb +3 -3
  51. data/lib/licensed/sources/gradle.rb +2 -2
  52. data/lib/licensed/sources/helpers/content_versioning.rb +2 -1
  53. data/lib/licensed/sources/npm.rb +4 -3
  54. data/lib/licensed/sources/nuget.rb +56 -27
  55. data/lib/licensed/sources/swift.rb +69 -0
  56. data/lib/licensed/sources.rb +1 -0
  57. data/lib/licensed/version.rb +1 -1
  58. data/lib/licensed.rb +1 -0
  59. data/licensed.gemspec +4 -4
  60. data/script/source-setup/go +1 -1
  61. data/script/source-setup/swift +22 -0
  62. metadata +48 -13
  63. data/docs/commands.md +0 -95
@@ -125,10 +125,10 @@ module Licensed
125
125
  def self.add_gradle_license_report_plugins_block(gradle_build_file)
126
126
 
127
127
  if gradle_build_file.include? "plugins"
128
- gradle_build_file.gsub(/(?<=plugins)\s+{/, " { id 'com.github.jk1.dependency-license-report' version '1.6'")
128
+ gradle_build_file.gsub(/(?<=plugins)\s+{/, " { id 'com.github.jk1.dependency-license-report' version '1.16'")
129
129
  else
130
130
 
131
- gradle_build_file = " plugins { id 'com.github.jk1.dependency-license-report' version '1.6' }" + gradle_build_file
131
+ gradle_build_file = " plugins { id 'com.github.jk1.dependency-license-report' version '1.16' }" + gradle_build_file
132
132
  end
133
133
  end
134
134
 
@@ -61,11 +61,12 @@ module Licensed
61
61
 
62
62
  paths = paths.compact.select { |path| File.file?(path) }
63
63
  return if paths.empty?
64
-
64
+ # rubocop:disable GitHub/InsecureHashAlgorithm
65
65
  paths.sort
66
66
  .reduce(Digest::XXHash64.new, :file)
67
67
  .digest
68
68
  .to_s(16) # convert to hex
69
+ # rubocop:enable GitHub/InsecureHashAlgorithm
69
70
  end
70
71
  end
71
72
  end
@@ -33,11 +33,12 @@ module Licensed
33
33
 
34
34
  def enumerate_dependencies
35
35
  packages.map do |name, package|
36
- path = package["path"]
36
+ errors = package["problems"] unless package["path"]
37
37
  Dependency.new(
38
38
  name: name,
39
- version: package["version"],
40
- path: path,
39
+ version: package["version"] || package["required"],
40
+ path: package["path"],
41
+ errors: Array(errors),
41
42
  metadata: {
42
43
  "type" => NPM.type,
43
44
  "name" => package["name"],
@@ -164,7 +164,7 @@ module Licensed
164
164
  end
165
165
 
166
166
  def project_assets_file_path
167
- File.join(config.pwd, "project.assets.json")
167
+ File.join(config.pwd, nuget_obj_path, "project.assets.json")
168
168
  end
169
169
 
170
170
  def project_assets_file
@@ -172,6 +172,17 @@ module Licensed
172
172
  @project_assets_file = File.read(project_assets_file_path)
173
173
  end
174
174
 
175
+ def project_assets_json
176
+ @project_assets_json ||= JSON.parse(project_assets_file)
177
+ rescue JSON::ParserError => e
178
+ message = "Licensed was unable to read the project.assets.json file. Error: #{e.message}"
179
+ raise Licensed::Sources::Source::Error, message
180
+ end
181
+
182
+ def nuget_obj_path
183
+ config.dig("nuget", "obj_path") || ""
184
+ end
185
+
175
186
  def enabled?
176
187
  File.exist?(project_assets_file_path)
177
188
  end
@@ -180,32 +191,50 @@ module Licensed
180
191
  # Ideally we'd use `dotnet list package` instead, but its output isn't
181
192
  # easily machine readable and doesn't contain everything we need.
182
193
  def enumerate_dependencies
183
- json = JSON.parse(project_assets_file)
184
- nuget_packages_dir = json["project"]["restore"]["packagesPath"]
185
- json["targets"].each_with_object({}) do |(_, target), dependencies|
186
- target.each do |reference_key, reference|
187
- # Ignore project references
188
- next unless reference["type"] == "package"
189
- package_id_parts = reference_key.partition("/")
190
- name = package_id_parts[0]
191
- version = package_id_parts[-1]
192
- id = "#{name}-#{version}"
193
-
194
- # Already know this package from another target
195
- next if dependencies.key?(id)
196
-
197
- path = File.join(nuget_packages_dir, json["libraries"][reference_key]["path"])
198
- dependencies[id] = NuGetDependency.new(
199
- name: id,
200
- version: version,
201
- path: path,
202
- metadata: {
203
- "type" => NuGet.type,
204
- "name" => name
205
- }
206
- )
207
- end
208
- end.values
194
+ reference_keys.map do |reference_key|
195
+ package_id_parts = reference_key.partition("/")
196
+ name = package_id_parts[0]
197
+ version = package_id_parts[-1]
198
+ id = "#{name}-#{version}"
199
+
200
+ path = full_dependency_path(reference_key)
201
+ error = "Package #{id} path was not found in project.assets.json, or does not exist on disk at any project package folder" if path.nil?
202
+
203
+ NuGetDependency.new(
204
+ name: id,
205
+ version: version,
206
+ path: path,
207
+ errors: Array(error),
208
+ metadata: {
209
+ "type" => NuGet.type,
210
+ "name" => name
211
+ }
212
+ )
213
+ end
214
+ end
215
+
216
+ # Returns a unique set of the package reference keys used across all target groups
217
+ def reference_keys
218
+ all_reference_keys = project_assets_json["targets"].flat_map do |_, references|
219
+ references.select { |key, reference| reference["type"] == "package" }
220
+ .keys
221
+ end
222
+
223
+ Set.new(all_reference_keys)
224
+ end
225
+
226
+ # Returns a dependency's path, if it exists, in one of the project's global or fallback package folders
227
+ def full_dependency_path(reference_key)
228
+ dependency_path = project_assets_json.dig("libraries", reference_key, "path")
229
+ return unless dependency_path
230
+
231
+ nuget_package_dirs = [
232
+ project_assets_json.dig("project", "restore", "packagesPath"),
233
+ *Array(project_assets_json.dig("project", "restore", "fallbackFolders"))
234
+ ].compact
235
+
236
+ nuget_package_dirs.map { |dir| File.join(dir, dependency_path) }
237
+ .find { |path| File.directory?(path) }
209
238
  end
210
239
  end
211
240
  end
@@ -0,0 +1,69 @@
1
+ # frozen_string_literal: true
2
+ require "json"
3
+ require "pathname"
4
+ require "uri"
5
+
6
+ module Licensed
7
+ module Sources
8
+ class Swift < Source
9
+ def enabled?
10
+ return unless Licensed::Shell.tool_available?("swift") && swift_package?
11
+ File.exist?(package_resolved_file_path)
12
+ end
13
+
14
+ def enumerate_dependencies
15
+ pins.map { |pin|
16
+ name = pin["package"]
17
+ version = pin.dig("state", "version")
18
+ path = dependency_path_for_url(pin["repositoryURL"])
19
+ error = "Unable to determine project path from #{url}" unless path
20
+
21
+ Dependency.new(
22
+ name: name,
23
+ path: path,
24
+ version: version,
25
+ errors: Array(error),
26
+ metadata: {
27
+ "type" => Swift.type,
28
+ "homepage" => homepage_for_url(pin["repositoryURL"])
29
+ }
30
+ )
31
+ }
32
+ end
33
+
34
+ private
35
+
36
+ def pins
37
+ return @pins if defined?(@pins)
38
+
39
+ @pins = begin
40
+ json = JSON.parse(File.read(package_resolved_file_path))
41
+ json.dig("object", "pins")
42
+ rescue => e
43
+ message = "Licensed was unable to read the Package.resolved file. Error: #{e.message}"
44
+ raise Licensed::Sources::Source::Error, message
45
+ end
46
+ end
47
+
48
+ def dependency_path_for_url(url)
49
+ last_path_component = URI(url).path.split("/").last.sub(/\.git$/, "")
50
+ File.join(config.pwd, ".build", "checkouts", last_path_component)
51
+ rescue URI::InvalidURIError
52
+ end
53
+
54
+ def homepage_for_url(url)
55
+ return unless %w{http https}.include?(URI(url).scheme)
56
+ url.sub(/\.git$/, "")
57
+ rescue URI::InvalidURIError
58
+ end
59
+
60
+ def package_resolved_file_path
61
+ File.join(config.pwd, "Package.resolved")
62
+ end
63
+
64
+ def swift_package?
65
+ Licensed::Shell.success?("swift", "package", "describe")
66
+ end
67
+ end
68
+ end
69
+ end
@@ -14,6 +14,7 @@ module Licensed
14
14
  require "licensed/sources/nuget"
15
15
  require "licensed/sources/pip"
16
16
  require "licensed/sources/pipenv"
17
+ require "licensed/sources/swift"
17
18
  require "licensed/sources/gradle"
18
19
  require "licensed/sources/mix"
19
20
  require "licensed/sources/yarn"
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
  module Licensed
3
- VERSION = "3.0.0".freeze
3
+ VERSION = "3.2.1".freeze
4
4
 
5
5
  def self.previous_major_versions
6
6
  major_version = Gem::Version.new(Licensed::VERSION).segments.first
data/lib/licensed.rb CHANGED
@@ -6,6 +6,7 @@ require "licensed/dependency"
6
6
  require "licensed/git"
7
7
  require "licensed/sources"
8
8
  require "licensed/configuration"
9
+ require "licensed/report"
9
10
  require "licensed/reporters"
10
11
  require "licensed/commands"
11
12
  require "licensed/ui/shell"
data/licensed.gemspec CHANGED
@@ -26,16 +26,16 @@ Gem::Specification.new do |spec|
26
26
  spec.add_dependency "licensee", ">= 9.14.0", "< 10.0.0"
27
27
  spec.add_dependency "thor", ">= 0.19"
28
28
  spec.add_dependency "pathname-common_prefix", "~> 0.0.1"
29
- spec.add_dependency "tomlrb", "~> 1.2"
29
+ spec.add_dependency "tomlrb", ">= 1.2", "< 3.0"
30
30
  spec.add_dependency "bundler", ">= 1.10"
31
31
  spec.add_dependency "ruby-xxHash", "~> 0.4"
32
32
  spec.add_dependency "parallel", ">= 0.18.0"
33
- spec.add_dependency "reverse_markdown", "~> 1.0"
33
+ spec.add_dependency "reverse_markdown", ">= 1", "< 3"
34
34
 
35
35
  spec.add_development_dependency "rake", ">= 12.3.3"
36
36
  spec.add_development_dependency "minitest", "~> 5.8"
37
37
  spec.add_development_dependency "mocha", "~> 1.0"
38
- spec.add_development_dependency "rubocop", "~> 0.49", "< 0.67"
38
+ spec.add_development_dependency "rubocop", "~> 0.49", "< 1.20"
39
39
  spec.add_development_dependency "rubocop-github", "~> 0.6"
40
- spec.add_development_dependency "byebug", "~> 10.0.0"
40
+ spec.add_development_dependency "byebug", "~> 11.0.1"
41
41
  end
@@ -25,7 +25,7 @@ if [ "$1" == "-f" ]; then
25
25
  fi
26
26
  fi
27
27
 
28
- (cd src/test && go get)
28
+ (export GO111MODULE=off && cd src/test && go get)
29
29
  if go help mod >/dev/null; then
30
30
  (cd src/modules_test && GO111MODULE=on go mod download)
31
31
  fi
@@ -0,0 +1,22 @@
1
+ #!/bin/bash
2
+ set -e
3
+
4
+ if [ -z "$(which swift)" ]; then
5
+ echo "A local swift installation is required for swift development." >&2
6
+ exit 127
7
+ fi
8
+
9
+ swift --version
10
+
11
+ BASE_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
12
+ cd $BASE_PATH/test/fixtures/swift
13
+
14
+ if [ "$1" == "-f" ]; then
15
+ find . -not -regex "\.*" \
16
+ -and -not -path "*/Package.swift" \
17
+ -and -not -path "*/Sources*" \
18
+ -and -not -path "*/Tests*" \
19
+ -print0 | xargs -0 rm -rf
20
+ fi
21
+
22
+ swift package resolve
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: licensed
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.0
4
+ version: 3.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - GitHub
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-04-29 00:00:00.000000000 Z
11
+ date: 2021-09-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: licensee
@@ -62,16 +62,22 @@ dependencies:
62
62
  name: tomlrb
63
63
  requirement: !ruby/object:Gem::Requirement
64
64
  requirements:
65
- - - "~>"
65
+ - - ">="
66
66
  - !ruby/object:Gem::Version
67
67
  version: '1.2'
68
+ - - "<"
69
+ - !ruby/object:Gem::Version
70
+ version: '3.0'
68
71
  type: :runtime
69
72
  prerelease: false
70
73
  version_requirements: !ruby/object:Gem::Requirement
71
74
  requirements:
72
- - - "~>"
75
+ - - ">="
73
76
  - !ruby/object:Gem::Version
74
77
  version: '1.2'
78
+ - - "<"
79
+ - !ruby/object:Gem::Version
80
+ version: '3.0'
75
81
  - !ruby/object:Gem::Dependency
76
82
  name: bundler
77
83
  requirement: !ruby/object:Gem::Requirement
@@ -118,16 +124,22 @@ dependencies:
118
124
  name: reverse_markdown
119
125
  requirement: !ruby/object:Gem::Requirement
120
126
  requirements:
121
- - - "~>"
127
+ - - ">="
122
128
  - !ruby/object:Gem::Version
123
- version: '1.0'
129
+ version: '1'
130
+ - - "<"
131
+ - !ruby/object:Gem::Version
132
+ version: '3'
124
133
  type: :runtime
125
134
  prerelease: false
126
135
  version_requirements: !ruby/object:Gem::Requirement
127
136
  requirements:
128
- - - "~>"
137
+ - - ">="
129
138
  - !ruby/object:Gem::Version
130
- version: '1.0'
139
+ version: '1'
140
+ - - "<"
141
+ - !ruby/object:Gem::Version
142
+ version: '3'
131
143
  - !ruby/object:Gem::Dependency
132
144
  name: rake
133
145
  requirement: !ruby/object:Gem::Requirement
@@ -179,7 +191,7 @@ dependencies:
179
191
  version: '0.49'
180
192
  - - "<"
181
193
  - !ruby/object:Gem::Version
182
- version: '0.67'
194
+ version: '1.20'
183
195
  type: :development
184
196
  prerelease: false
185
197
  version_requirements: !ruby/object:Gem::Requirement
@@ -189,7 +201,7 @@ dependencies:
189
201
  version: '0.49'
190
202
  - - "<"
191
203
  - !ruby/object:Gem::Version
192
- version: '0.67'
204
+ version: '1.20'
193
205
  - !ruby/object:Gem::Dependency
194
206
  name: rubocop-github
195
207
  requirement: !ruby/object:Gem::Requirement
@@ -210,14 +222,14 @@ dependencies:
210
222
  requirements:
211
223
  - - "~>"
212
224
  - !ruby/object:Gem::Version
213
- version: 10.0.0
225
+ version: 11.0.1
214
226
  type: :development
215
227
  prerelease: false
216
228
  version_requirements: !ruby/object:Gem::Requirement
217
229
  requirements:
218
230
  - - "~>"
219
231
  - !ruby/object:Gem::Version
220
- version: 10.0.0
232
+ version: 11.0.1
221
233
  description: Licensed automates extracting and validating the licenses of dependencies.
222
234
  email:
223
235
  - opensource+licensed@github.com
@@ -226,6 +238,7 @@ executables:
226
238
  extensions: []
227
239
  extra_rdoc_files: []
228
240
  files:
241
+ - ".github/dependabot.yml"
229
242
  - ".github/workflows/release.yml"
230
243
  - ".github/workflows/test.yml"
231
244
  - ".gitignore"
@@ -241,8 +254,25 @@ files:
241
254
  - Rakefile
242
255
  - docker/Dockerfile.build-linux
243
256
  - docs/adding_a_new_source.md
244
- - docs/commands.md
257
+ - docs/commands/README.md
258
+ - docs/commands/cache.md
259
+ - docs/commands/env.md
260
+ - docs/commands/list.md
261
+ - docs/commands/migrate.md
262
+ - docs/commands/notices.md
263
+ - docs/commands/status.md
264
+ - docs/commands/version.md
245
265
  - docs/configuration.md
266
+ - docs/configuration/README.md
267
+ - docs/configuration/allowed_licenses.md
268
+ - docs/configuration/application_name.md
269
+ - docs/configuration/application_source.md
270
+ - docs/configuration/configuration_root.md
271
+ - docs/configuration/configuring_multiple_apps.md
272
+ - docs/configuration/dependency_source_enumerators.md
273
+ - docs/configuration/ignoring_dependencies.md
274
+ - docs/configuration/metadata_cache.md
275
+ - docs/configuration/reviewing_dependencies.md
246
276
  - docs/migrations/v2.md
247
277
  - docs/migrations/v3.md
248
278
  - docs/packaging.md
@@ -262,6 +292,7 @@ files:
262
292
  - docs/sources/pip.md
263
293
  - docs/sources/pipenv.md
264
294
  - docs/sources/stack.md
295
+ - docs/sources/swift.md
265
296
  - docs/sources/yarn.md
266
297
  - exe/licensed
267
298
  - lib/licensed.rb
@@ -279,6 +310,7 @@ files:
279
310
  - lib/licensed/git.rb
280
311
  - lib/licensed/migrations.rb
281
312
  - lib/licensed/migrations/v2.rb
313
+ - lib/licensed/report.rb
282
314
  - lib/licensed/reporters.rb
283
315
  - lib/licensed/reporters/cache_reporter.rb
284
316
  - lib/licensed/reporters/json_reporter.rb
@@ -291,6 +323,7 @@ files:
291
323
  - lib/licensed/sources.rb
292
324
  - lib/licensed/sources/bower.rb
293
325
  - lib/licensed/sources/bundler.rb
326
+ - lib/licensed/sources/bundler/definition.rb
294
327
  - lib/licensed/sources/bundler/missing_specification.rb
295
328
  - lib/licensed/sources/cabal.rb
296
329
  - lib/licensed/sources/composer.rb
@@ -306,6 +339,7 @@ files:
306
339
  - lib/licensed/sources/pip.rb
307
340
  - lib/licensed/sources/pipenv.rb
308
341
  - lib/licensed/sources/source.rb
342
+ - lib/licensed/sources/swift.rb
309
343
  - lib/licensed/sources/yarn.rb
310
344
  - lib/licensed/ui/shell.rb
311
345
  - lib/licensed/version.rb
@@ -329,6 +363,7 @@ files:
329
363
  - script/source-setup/nuget
330
364
  - script/source-setup/pip
331
365
  - script/source-setup/pipenv
366
+ - script/source-setup/swift
332
367
  - script/source-setup/yarn
333
368
  - script/test
334
369
  homepage: https://github.com/github/licensed