licensed 3.1.0 → 3.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/test.yml +28 -11
- data/CHANGELOG.md +19 -0
- data/README.md +25 -80
- data/docs/adding_a_new_source.md +11 -8
- data/docs/commands/README.md +59 -0
- data/docs/commands/cache.md +35 -0
- data/docs/commands/env.md +10 -0
- data/docs/commands/list.md +23 -0
- data/docs/commands/migrate.md +10 -0
- data/docs/commands/notices.md +12 -0
- data/docs/commands/status.md +73 -0
- data/docs/commands/version.md +3 -0
- data/docs/configuration.md +9 -173
- data/docs/configuration/README.md +11 -0
- data/docs/configuration/allowed_licenses.md +17 -0
- data/docs/configuration/application_name.md +63 -0
- data/docs/configuration/application_source.md +64 -0
- data/docs/configuration/configuration_root.md +27 -0
- data/docs/configuration/configuring_multiple_apps.md +58 -0
- data/docs/configuration/dependency_source_enumerators.md +28 -0
- data/docs/configuration/ignoring_dependencies.md +19 -0
- data/docs/configuration/metadata_cache.md +106 -0
- data/docs/configuration/reviewing_dependencies.md +18 -0
- data/lib/licensed.rb +1 -0
- data/lib/licensed/cli.rb +2 -2
- data/lib/licensed/commands/cache.rb +19 -20
- data/lib/licensed/commands/command.rb +104 -72
- data/lib/licensed/commands/environment.rb +12 -11
- data/lib/licensed/commands/list.rb +0 -19
- data/lib/licensed/commands/notices.rb +0 -19
- data/lib/licensed/commands/status.rb +13 -15
- data/lib/licensed/configuration.rb +77 -7
- data/lib/licensed/report.rb +44 -0
- data/lib/licensed/reporters/cache_reporter.rb +48 -64
- data/lib/licensed/reporters/json_reporter.rb +19 -21
- data/lib/licensed/reporters/list_reporter.rb +45 -58
- data/lib/licensed/reporters/notices_reporter.rb +33 -46
- data/lib/licensed/reporters/reporter.rb +37 -104
- data/lib/licensed/reporters/status_reporter.rb +58 -56
- data/lib/licensed/reporters/yaml_reporter.rb +19 -21
- data/lib/licensed/sources/bundler.rb +1 -1
- data/lib/licensed/sources/gradle.rb +2 -2
- data/lib/licensed/sources/npm.rb +4 -3
- data/lib/licensed/version.rb +1 -1
- data/script/source-setup/go +1 -1
- metadata +21 -3
- data/docs/commands.md +0 -95
@@ -3,80 +3,82 @@
|
|
3
3
|
module Licensed
|
4
4
|
module Reporters
|
5
5
|
class StatusReporter < Reporter
|
6
|
-
#
|
7
|
-
# Shows the errors found when checking status, as well as
|
8
|
-
# overall number of dependencies checked
|
6
|
+
# Reports any errors encountered at the command level
|
9
7
|
#
|
10
|
-
#
|
11
|
-
|
12
|
-
|
13
|
-
|
8
|
+
# command - The command being run
|
9
|
+
# report - A report object containing information about the command run
|
10
|
+
def end_report_command(command, report)
|
11
|
+
if report.errors.any?
|
12
|
+
shell.newline
|
13
|
+
report.errors.each { |e| shell.error e }
|
14
|
+
end
|
15
|
+
end
|
14
16
|
|
15
|
-
|
17
|
+
# Reports the start of checking records for an app
|
18
|
+
#
|
19
|
+
# app - An application configuration
|
20
|
+
# report - A report containing information about the app evaluation
|
21
|
+
def begin_report_app(app, report)
|
22
|
+
shell.info "Checking cached dependency records for #{app["name"]}"
|
23
|
+
end
|
16
24
|
|
17
|
-
|
25
|
+
# Reports any errors found when checking status, as well as
|
26
|
+
# overall number of dependencies checked
|
27
|
+
#
|
28
|
+
# app - An application configuration
|
29
|
+
# report - A report containing information about the app evaluation
|
30
|
+
def end_report_app(app, report)
|
31
|
+
all_reports = report.all_reports
|
18
32
|
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
33
|
+
warning_reports = all_reports.select { |r| r.warnings.any? }.to_a
|
34
|
+
if warning_reports.any?
|
35
|
+
shell.newline
|
36
|
+
shell.warn "Warnings:"
|
37
|
+
warning_reports.each do |r|
|
38
|
+
display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
|
25
39
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
end
|
31
|
-
shell.newline
|
40
|
+
shell.warn "* #{r.name}"
|
41
|
+
shell.warn " #{display_metadata}" unless display_metadata.empty?
|
42
|
+
r.warnings.each do |warning|
|
43
|
+
shell.warn " - #{warning}"
|
32
44
|
end
|
45
|
+
shell.newline
|
33
46
|
end
|
47
|
+
end
|
34
48
|
|
35
|
-
|
49
|
+
errored_reports = all_reports.select { |r| r.errors.any? }.to_a
|
36
50
|
|
37
|
-
|
38
|
-
|
51
|
+
dependency_count = all_reports.select { |r| r.target.is_a?(Licensed::Dependency) }.size
|
52
|
+
error_count = errored_reports.sum { |r| r.errors.size }
|
39
53
|
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
54
|
+
if error_count > 0
|
55
|
+
shell.newline
|
56
|
+
shell.error "Errors:"
|
57
|
+
errored_reports.each do |r|
|
58
|
+
display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
|
45
59
|
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
end
|
51
|
-
shell.newline
|
60
|
+
shell.error "* #{r.name}"
|
61
|
+
shell.error " #{display_metadata}" unless display_metadata.empty?
|
62
|
+
r.errors.each do |error|
|
63
|
+
shell.error " - #{error}"
|
52
64
|
end
|
65
|
+
shell.newline
|
53
66
|
end
|
54
|
-
|
55
|
-
shell.newline
|
56
|
-
shell.info "#{dependency_count} dependencies checked, #{error_count} errors found."
|
57
|
-
|
58
|
-
result
|
59
67
|
end
|
68
|
+
|
69
|
+
shell.newline
|
70
|
+
shell.info "#{dependency_count} dependencies checked, #{error_count} errors found."
|
60
71
|
end
|
61
72
|
|
62
|
-
# Reports
|
63
|
-
# Shows whether the dependency's status is valid in dot format
|
73
|
+
# Reports whether the dependency's status is valid in dot format
|
64
74
|
#
|
65
75
|
# dependency - An application dependency
|
66
|
-
#
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
if report.errors.empty?
|
74
|
-
shell.confirm(".", false)
|
75
|
-
else
|
76
|
-
shell.error("F", false)
|
77
|
-
end
|
78
|
-
|
79
|
-
result
|
76
|
+
# report - A report containing information about the dependency evaluation
|
77
|
+
def end_report_dependency(dependency, report)
|
78
|
+
if report.errors.empty?
|
79
|
+
shell.confirm(".", false)
|
80
|
+
else
|
81
|
+
shell.error("F", false)
|
80
82
|
end
|
81
83
|
end
|
82
84
|
end
|
@@ -2,31 +2,29 @@
|
|
2
2
|
module Licensed
|
3
3
|
module Reporters
|
4
4
|
class YamlReporter < Reporter
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
result
|
13
|
-
end
|
5
|
+
# Report all information from the command run to the shell as a YAML object
|
6
|
+
#
|
7
|
+
# command - The command being run
|
8
|
+
# report - A report object containing information about the command run
|
9
|
+
def end_report_command(command, report)
|
10
|
+
report["apps"] = report.reports.map(&:to_h) if report.reports.any?
|
11
|
+
shell.info sanitize(report.to_h).to_yaml
|
14
12
|
end
|
15
13
|
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
14
|
+
# Add source report information to the app report hash
|
15
|
+
#
|
16
|
+
# app - An application configuration
|
17
|
+
# report - A report object containing information about the app evaluation
|
18
|
+
def end_report_app(app, report)
|
19
|
+
report["sources"] = report.reports.map(&:to_h) if report.reports.any?
|
22
20
|
end
|
23
21
|
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
22
|
+
# Add dependency report information to the source report hash
|
23
|
+
#
|
24
|
+
# source - A dependency source enumerator
|
25
|
+
# report - A report object containing information about the source evaluation
|
26
|
+
def end_report_source(source, report)
|
27
|
+
report["dependencies"] = report.reports.map(&:to_h) if report.reports.any?
|
30
28
|
end
|
31
29
|
|
32
30
|
def sanitize(object)
|
@@ -29,7 +29,7 @@ module Licensed
|
|
29
29
|
# `loaded_from` if available.
|
30
30
|
def spec_file
|
31
31
|
return @spec_file if defined?(@spec_file)
|
32
|
-
return @spec_file = nil unless loaded_from && File.
|
32
|
+
return @spec_file = nil unless loaded_from && File.file?(loaded_from)
|
33
33
|
@spec_file = begin
|
34
34
|
file = { name: File.basename(loaded_from), dir: File.dirname(loaded_from) }
|
35
35
|
Licensee::ProjectFiles::PackageManagerFile.new(File.read(loaded_from), file)
|
@@ -125,10 +125,10 @@ module Licensed
|
|
125
125
|
def self.add_gradle_license_report_plugins_block(gradle_build_file)
|
126
126
|
|
127
127
|
if gradle_build_file.include? "plugins"
|
128
|
-
gradle_build_file.gsub(/(?<=plugins)\s+{/, " { id 'com.github.jk1.dependency-license-report' version '1.
|
128
|
+
gradle_build_file.gsub(/(?<=plugins)\s+{/, " { id 'com.github.jk1.dependency-license-report' version '1.16'")
|
129
129
|
else
|
130
130
|
|
131
|
-
gradle_build_file = " plugins { id 'com.github.jk1.dependency-license-report' version '1.
|
131
|
+
gradle_build_file = " plugins { id 'com.github.jk1.dependency-license-report' version '1.16' }" + gradle_build_file
|
132
132
|
end
|
133
133
|
end
|
134
134
|
|
data/lib/licensed/sources/npm.rb
CHANGED
@@ -33,11 +33,12 @@ module Licensed
|
|
33
33
|
|
34
34
|
def enumerate_dependencies
|
35
35
|
packages.map do |name, package|
|
36
|
-
|
36
|
+
errors = package["problems"] unless package["path"]
|
37
37
|
Dependency.new(
|
38
38
|
name: name,
|
39
|
-
version: package["version"],
|
40
|
-
path: path,
|
39
|
+
version: package["version"] || package["required"],
|
40
|
+
path: package["path"],
|
41
|
+
errors: Array(errors),
|
41
42
|
metadata: {
|
42
43
|
"type" => NPM.type,
|
43
44
|
"name" => package["name"],
|
data/lib/licensed/version.rb
CHANGED
data/script/source-setup/go
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: licensed
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- GitHub
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-08-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: licensee
|
@@ -241,8 +241,25 @@ files:
|
|
241
241
|
- Rakefile
|
242
242
|
- docker/Dockerfile.build-linux
|
243
243
|
- docs/adding_a_new_source.md
|
244
|
-
- docs/commands.md
|
244
|
+
- docs/commands/README.md
|
245
|
+
- docs/commands/cache.md
|
246
|
+
- docs/commands/env.md
|
247
|
+
- docs/commands/list.md
|
248
|
+
- docs/commands/migrate.md
|
249
|
+
- docs/commands/notices.md
|
250
|
+
- docs/commands/status.md
|
251
|
+
- docs/commands/version.md
|
245
252
|
- docs/configuration.md
|
253
|
+
- docs/configuration/README.md
|
254
|
+
- docs/configuration/allowed_licenses.md
|
255
|
+
- docs/configuration/application_name.md
|
256
|
+
- docs/configuration/application_source.md
|
257
|
+
- docs/configuration/configuration_root.md
|
258
|
+
- docs/configuration/configuring_multiple_apps.md
|
259
|
+
- docs/configuration/dependency_source_enumerators.md
|
260
|
+
- docs/configuration/ignoring_dependencies.md
|
261
|
+
- docs/configuration/metadata_cache.md
|
262
|
+
- docs/configuration/reviewing_dependencies.md
|
246
263
|
- docs/migrations/v2.md
|
247
264
|
- docs/migrations/v3.md
|
248
265
|
- docs/packaging.md
|
@@ -280,6 +297,7 @@ files:
|
|
280
297
|
- lib/licensed/git.rb
|
281
298
|
- lib/licensed/migrations.rb
|
282
299
|
- lib/licensed/migrations/v2.rb
|
300
|
+
- lib/licensed/report.rb
|
283
301
|
- lib/licensed/reporters.rb
|
284
302
|
- lib/licensed/reporters/cache_reporter.rb
|
285
303
|
- lib/licensed/reporters/json_reporter.rb
|
data/docs/commands.md
DELETED
@@ -1,95 +0,0 @@
|
|
1
|
-
# Commands
|
2
|
-
|
3
|
-
Run `licensed -h` to see help content for running licensed commands.
|
4
|
-
|
5
|
-
## `list`
|
6
|
-
|
7
|
-
Running the list command finds the dependencies for all sources in all configured applications. No additional actions are taken on each dependency.
|
8
|
-
|
9
|
-
An optional `--sources` flag can be given to limit which dependency sources are run. This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
|
10
|
-
|
11
|
-
## `cache`
|
12
|
-
|
13
|
-
The cache command finds all dependencies and ensures that each dependency has an up-to-date cached record.
|
14
|
-
|
15
|
-
An optional `--sources` flag can be given to limit which dependency sources are run. This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
|
16
|
-
|
17
|
-
Dependency records will be saved if:
|
18
|
-
1. The `force` option is set
|
19
|
-
2. No cached record is found
|
20
|
-
3. The cached record's version is different than the current dependency's version
|
21
|
-
- If the cached record's license text contents matches the current dependency's license text then the `license` metadata from the cached record is retained for the new saved record.
|
22
|
-
|
23
|
-
After the cache command is run, any cached records that don't match up to a current application dependency will be deleted.
|
24
|
-
|
25
|
-
## `status`
|
26
|
-
|
27
|
-
The status command finds all dependencies and checks whether each dependency has a valid cached record.
|
28
|
-
|
29
|
-
An optional `--sources` flag can be given to limit which dependency sources are run. This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
|
30
|
-
|
31
|
-
A dependency will fail the status checks if:
|
32
|
-
1. No cached record is found
|
33
|
-
2. The cached record's version is different than the current dependency's version
|
34
|
-
3. The cached record's `licenses` data is empty
|
35
|
-
4. The cached record's `license` metadata doesn't match an `allowed` license from the dependency's application configuration.
|
36
|
-
- If `license: other` is specified and all of the `licenses` entries match an `allowed` license a failure will not be logged
|
37
|
-
5. The cached record is flagged for re-review.
|
38
|
-
- This occurs when the record's license text has changed since the record was reviewed.
|
39
|
-
|
40
|
-
## `notices`
|
41
|
-
|
42
|
-
Outputs license and notice text for all dependencies in each app into a `NOTICE` file in the app's `cache_path`. If an app uses a shared cache path, the file name will contain the app name as well, e.g. `NOTICE.my_app`.
|
43
|
-
|
44
|
-
An optional `--sources` flag can be given to limit which dependency sources are run. This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
|
45
|
-
|
46
|
-
The `NOTICE` file contents are retrieved from cached records, with the assumption that cached records have already been reviewed in a compliance workflow.
|
47
|
-
|
48
|
-
## `env`
|
49
|
-
|
50
|
-
Prints the runtime environment used by licensed after loading a configuration file. By default the output is in YAML format, but can be output in JSON using the `--json` flag.
|
51
|
-
|
52
|
-
The output will not be equivalent to configuration input. For example, all paths will be
|
53
|
-
|
54
|
-
## `version`
|
55
|
-
|
56
|
-
Displays the current licensed version.
|
57
|
-
|
58
|
-
# Adding a new command
|
59
|
-
|
60
|
-
## Implement new `Command` class
|
61
|
-
|
62
|
-
Licensed commands inherit and override the [`Licensed::Sources::Command`](../lib/licensed/commands/command.rb) class.
|
63
|
-
|
64
|
-
#### Required method overrides
|
65
|
-
1. `Licensed::Commands::Command#evaluate_dependency`
|
66
|
-
- Runs a command execution on an application dependency.
|
67
|
-
|
68
|
-
The `evaluate_dependency` method should contain the specific command logic. This method has access to the application configuration, dependency source enumerator and dependency currently being evaluated as well as a reporting hash to contain information about the command execution.
|
69
|
-
|
70
|
-
#### Optional method overrides
|
71
|
-
|
72
|
-
The following methods break apart the different levels of command execution. Each method wraps lower levels of command execution in a corresponding reporter method.
|
73
|
-
|
74
|
-
1. `Licensed::Commands::Command#run`
|
75
|
-
- Runs `run_app` for each application configuration found. Wraps the execution of all applications in `Reporter#report_run`.
|
76
|
-
2. `Licensed::Commands::Command#run_app`
|
77
|
-
- Runs `run_source` for each dependency source enumerator enabled for the application configuration. Wraps the execution of all sources in `Reporter#report_app`.
|
78
|
-
3. `Licensed::Commands::Command#run_source`
|
79
|
-
- Runs `run_dependency` for each dependency found in the source. Wraps the execution of all dependencies in `Reporter#report_source`.
|
80
|
-
4. `Licensed::Commands::Command#run_dependency`
|
81
|
-
- Runs `evaluate_dependency` for the dependency. Wraps the execution of all dependencies in `Reporter#report_dependency`.
|
82
|
-
|
83
|
-
As an example, `Licensed::Commands::Command#run_app` calls `Reporter#report_app` to wrap every call to `Licensed::Commands::Command#run_source`.
|
84
|
-
|
85
|
-
##### Specifying additional report data
|
86
|
-
|
87
|
-
The `run` methods can be overridden and pass a block to `super` to provide additional reporting data or functionality.
|
88
|
-
|
89
|
-
```ruby
|
90
|
-
def run_app(app)
|
91
|
-
super do |report|
|
92
|
-
report["my_app_data"] = true
|
93
|
-
end
|
94
|
-
end
|
95
|
-
```
|