licensed 3.0.0 → 3.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/dependabot.yml +19 -0
- data/.github/workflows/release.yml +4 -4
- data/.github/workflows/test.yml +180 -47
- data/.ruby-version +1 -1
- data/CHANGELOG.md +60 -1
- data/README.md +25 -79
- data/docker/Dockerfile.build-linux +1 -1
- data/docs/adding_a_new_source.md +11 -8
- data/docs/commands/README.md +59 -0
- data/docs/commands/cache.md +35 -0
- data/docs/commands/env.md +10 -0
- data/docs/commands/list.md +23 -0
- data/docs/commands/migrate.md +10 -0
- data/docs/commands/notices.md +12 -0
- data/docs/commands/status.md +74 -0
- data/docs/commands/version.md +3 -0
- data/docs/configuration/README.md +11 -0
- data/docs/configuration/allowed_licenses.md +17 -0
- data/docs/configuration/application_name.md +63 -0
- data/docs/configuration/application_source.md +64 -0
- data/docs/configuration/configuration_root.md +27 -0
- data/docs/configuration/configuring_multiple_apps.md +58 -0
- data/docs/configuration/dependency_source_enumerators.md +28 -0
- data/docs/configuration/ignoring_dependencies.md +19 -0
- data/docs/configuration/metadata_cache.md +106 -0
- data/docs/configuration/reviewing_dependencies.md +18 -0
- data/docs/configuration.md +9 -161
- data/docs/sources/swift.md +4 -0
- data/lib/licensed/cli.rb +2 -2
- data/lib/licensed/commands/cache.rb +19 -20
- data/lib/licensed/commands/command.rb +104 -72
- data/lib/licensed/commands/environment.rb +12 -11
- data/lib/licensed/commands/list.rb +0 -19
- data/lib/licensed/commands/notices.rb +0 -19
- data/lib/licensed/commands/status.rb +13 -15
- data/lib/licensed/configuration.rb +105 -12
- data/lib/licensed/report.rb +44 -0
- data/lib/licensed/reporters/cache_reporter.rb +48 -64
- data/lib/licensed/reporters/json_reporter.rb +19 -21
- data/lib/licensed/reporters/list_reporter.rb +45 -58
- data/lib/licensed/reporters/notices_reporter.rb +33 -46
- data/lib/licensed/reporters/reporter.rb +37 -104
- data/lib/licensed/reporters/status_reporter.rb +58 -56
- data/lib/licensed/reporters/yaml_reporter.rb +19 -21
- data/lib/licensed/sources/bundler/definition.rb +36 -0
- data/lib/licensed/sources/bundler/missing_specification.rb +1 -1
- data/lib/licensed/sources/bundler.rb +38 -86
- data/lib/licensed/sources/dep.rb +2 -2
- data/lib/licensed/sources/go.rb +3 -3
- data/lib/licensed/sources/gradle.rb +2 -2
- data/lib/licensed/sources/helpers/content_versioning.rb +2 -1
- data/lib/licensed/sources/npm.rb +4 -3
- data/lib/licensed/sources/nuget.rb +56 -27
- data/lib/licensed/sources/swift.rb +69 -0
- data/lib/licensed/sources.rb +1 -0
- data/lib/licensed/version.rb +1 -1
- data/lib/licensed.rb +1 -0
- data/licensed.gemspec +4 -4
- data/script/source-setup/go +1 -1
- data/script/source-setup/swift +22 -0
- metadata +48 -13
- data/docs/commands.md +0 -95
data/docs/commands.md
DELETED
@@ -1,95 +0,0 @@
|
|
1
|
-
# Commands
|
2
|
-
|
3
|
-
Run `licensed -h` to see help content for running licensed commands.
|
4
|
-
|
5
|
-
## `list`
|
6
|
-
|
7
|
-
Running the list command finds the dependencies for all sources in all configured applications. No additional actions are taken on each dependency.
|
8
|
-
|
9
|
-
An optional `--sources` flag can be given to limit which dependency sources are run. This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
|
10
|
-
|
11
|
-
## `cache`
|
12
|
-
|
13
|
-
The cache command finds all dependencies and ensures that each dependency has an up-to-date cached record.
|
14
|
-
|
15
|
-
An optional `--sources` flag can be given to limit which dependency sources are run. This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
|
16
|
-
|
17
|
-
Dependency records will be saved if:
|
18
|
-
1. The `force` option is set
|
19
|
-
2. No cached record is found
|
20
|
-
3. The cached record's version is different than the current dependency's version
|
21
|
-
- If the cached record's license text contents matches the current dependency's license text then the `license` metadata from the cached record is retained for the new saved record.
|
22
|
-
|
23
|
-
After the cache command is run, any cached records that don't match up to a current application dependency will be deleted.
|
24
|
-
|
25
|
-
## `status`
|
26
|
-
|
27
|
-
The status command finds all dependencies and checks whether each dependency has a valid cached record.
|
28
|
-
|
29
|
-
An optional `--sources` flag can be given to limit which dependency sources are run. This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
|
30
|
-
|
31
|
-
A dependency will fail the status checks if:
|
32
|
-
1. No cached record is found
|
33
|
-
2. The cached record's version is different than the current dependency's version
|
34
|
-
3. The cached record's `licenses` data is empty
|
35
|
-
4. The cached record's `license` metadata doesn't match an `allowed` license from the dependency's application configuration.
|
36
|
-
- If `license: other` is specified and all of the `licenses` entries match an `allowed` license a failure will not be logged
|
37
|
-
5. The cached record is flagged for re-review.
|
38
|
-
- This occurs when the record's license text has changed since the record was reviewed.
|
39
|
-
|
40
|
-
## `notices`
|
41
|
-
|
42
|
-
Outputs license and notice text for all dependencies in each app into a `NOTICE` file in the app's `cache_path`. If an app uses a shared cache path, the file name will contain the app name as well, e.g. `NOTICE.my_app`.
|
43
|
-
|
44
|
-
An optional `--sources` flag can be given to limit which dependency sources are run. This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
|
45
|
-
|
46
|
-
The `NOTICE` file contents are retrieved from cached records, with the assumption that cached records have already been reviewed in a compliance workflow.
|
47
|
-
|
48
|
-
## `env`
|
49
|
-
|
50
|
-
Prints the runtime environment used by licensed after loading a configuration file. By default the output is in YAML format, but can be output in JSON using the `--json` flag.
|
51
|
-
|
52
|
-
The output will not be equivalent to configuration input. For example, all paths will be
|
53
|
-
|
54
|
-
## `version`
|
55
|
-
|
56
|
-
Displays the current licensed version.
|
57
|
-
|
58
|
-
# Adding a new command
|
59
|
-
|
60
|
-
## Implement new `Command` class
|
61
|
-
|
62
|
-
Licensed commands inherit and override the [`Licensed::Sources::Command`](../lib/licensed/commands/command.rb) class.
|
63
|
-
|
64
|
-
#### Required method overrides
|
65
|
-
1. `Licensed::Commands::Command#evaluate_dependency`
|
66
|
-
- Runs a command execution on an application dependency.
|
67
|
-
|
68
|
-
The `evaluate_dependency` method should contain the specific command logic. This method has access to the application configuration, dependency source enumerator and dependency currently being evaluated as well as a reporting hash to contain information about the command execution.
|
69
|
-
|
70
|
-
#### Optional method overrides
|
71
|
-
|
72
|
-
The following methods break apart the different levels of command execution. Each method wraps lower levels of command execution in a corresponding reporter method.
|
73
|
-
|
74
|
-
1. `Licensed::Commands::Command#run`
|
75
|
-
- Runs `run_app` for each application configuration found. Wraps the execution of all applications in `Reporter#report_run`.
|
76
|
-
2. `Licensed::Commands::Command#run_app`
|
77
|
-
- Runs `run_source` for each dependency source enumerator enabled for the application configuration. Wraps the execution of all sources in `Reporter#report_app`.
|
78
|
-
3. `Licensed::Commands::Command#run_source`
|
79
|
-
- Runs `run_dependency` for each dependency found in the source. Wraps the execution of all dependencies in `Reporter#report_source`.
|
80
|
-
4. `Licensed::Commands::Command#run_dependency`
|
81
|
-
- Runs `evaluate_dependency` for the dependency. Wraps the execution of all dependencies in `Reporter#report_dependency`.
|
82
|
-
|
83
|
-
As an example, `Licensed::Commands::Command#run_app` calls `Reporter#report_app` to wrap every call to `Licensed::Commands::Command#run_source`.
|
84
|
-
|
85
|
-
##### Specifying additional report data
|
86
|
-
|
87
|
-
The `run` methods can be overridden and pass a block to `super` to provide additional reporting data or functionality.
|
88
|
-
|
89
|
-
```ruby
|
90
|
-
def run_app(app)
|
91
|
-
super do |report|
|
92
|
-
report["my_app_data"] = true
|
93
|
-
end
|
94
|
-
end
|
95
|
-
```
|