licensed 3.1.0 → 3.2.0

data/lib/licensed/reporters/status_reporter.rb

@@ -3,80 +3,82 @@
 module Licensed
   module Reporters
     class StatusReporter < Reporter
-      # Generate a report for a licensed status command run
-      # Shows the errors found when checking status, as well as
-      # overall number of dependencies checked
+      # Reports any errors encountered at the command level
       #
-      # Returns the result of the yielded method
-      def report_app(app)
-        super do |report|
-          shell.info "Checking cached dependency records for #{app["name"]}"
+      # command - The command being run
+      # report - A report object containing information about the command run
+      def end_report_command(command, report)
+        if report.errors.any?
+          shell.newline
+          report.errors.each { |e| shell.error e }
+        end
+      end
 
-          result = yield report
+      # Reports the start of checking records for an app
+      #
+      # app - An application configuration
+      # report - A report containing information about the app evaluation
+      def begin_report_app(app, report)
+          shell.info "Checking cached dependency records for #{app["name"]}"
+      end
 
-          all_reports = report.all_reports
+      # Reports any errors found when checking status, as well as
+      # overall number of dependencies checked
+      #
+      # app - An application configuration
+      # report - A report containing information about the app evaluation
+      def end_report_app(app, report)
+        all_reports = report.all_reports
 
-          warning_reports = all_reports.select { |r| r.warnings.any? }.to_a
-          if warning_reports.any?
-            shell.newline
-            shell.warn "Warnings:"
-            warning_reports.each do |r|
-              display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
+        warning_reports = all_reports.select { |r| r.warnings.any? }.to_a
+        if warning_reports.any?
+          shell.newline
+          shell.warn "Warnings:"
+          warning_reports.each do |r|
+            display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
 
-              shell.warn "* #{r.name}"
-              shell.warn "  #{display_metadata}" unless display_metadata.empty?
-              r.warnings.each do |warning|
-                shell.warn "    - #{warning}"
-              end
-              shell.newline
+            shell.warn "* #{r.name}"
+            shell.warn "  #{display_metadata}" unless display_metadata.empty?
+            r.warnings.each do |warning|
+              shell.warn "    - #{warning}"
             end
+            shell.newline
           end
+        end
 
-          errored_reports = all_reports.select { |r| r.errors.any? }.to_a
+        errored_reports = all_reports.select { |r| r.errors.any? }.to_a
 
-          dependency_count = all_reports.select { |r| r.target.is_a?(Licensed::Dependency) }.size
-          error_count = errored_reports.sum { |r| r.errors.size }
+        dependency_count = all_reports.select { |r| r.target.is_a?(Licensed::Dependency) }.size
+        error_count = errored_reports.sum { |r| r.errors.size }
 
-          if error_count > 0
-            shell.newline
-            shell.error "Errors:"
-            errored_reports.each do |r|
-              display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
+        if error_count > 0
+          shell.newline
+          shell.error "Errors:"
+          errored_reports.each do |r|
+            display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
 
-              shell.error "* #{r.name}"
-              shell.error "  #{display_metadata}" unless display_metadata.empty?
-              r.errors.each do |error|
-                shell.error "    - #{error}"
-              end
-              shell.newline
+            shell.error "* #{r.name}"
+            shell.error "  #{display_metadata}" unless display_metadata.empty?
+            r.errors.each do |error|
+              shell.error "    - #{error}"
             end
+            shell.newline
           end
-
-          shell.newline
-          shell.info "#{dependency_count} dependencies checked, #{error_count} errors found."
-
-          result
         end
+
+        shell.newline
+        shell.info "#{dependency_count} dependencies checked, #{error_count} errors found."
       end
 
-      # Reports on a dependency in a status command run.
-      # Shows whether the dependency's status is valid in dot format
+      # Reports whether the dependency's status is valid in dot format
       #
       # dependency - An application dependency
-      #
-      # Returns the result of the yielded method
-      # Note - must be called from inside the `report_run` scope
-      def report_dependency(dependency)
-        super do |report|
-          result = yield report
-
-          if report.errors.empty?
-            shell.confirm(".", false)
-          else
-            shell.error("F", false)
-          end
-
-          result
+      # report - A report containing information about the dependency evaluation
+      def end_report_dependency(dependency, report)
+        if report.errors.empty?
+          shell.confirm(".", false)
+        else
+          shell.error("F", false)
         end
       end
     end

data/lib/licensed/reporters/yaml_reporter.rb

@@ -2,31 +2,29 @@
 module Licensed
   module Reporters
     class YamlReporter < Reporter
-      def report_run(command)
-        super do |report|
-          result = yield report
-
-          report["apps"] = report.reports.map(&:to_h) if report.reports.any?
-          shell.info sanitize(report.to_h).to_yaml
-
-          result
-        end
+      # Report all information from the command run to the shell as a YAML object
+      #
+      # command - The command being run
+      # report - A report object containing information about the command run
+      def end_report_command(command, report)
+        report["apps"] = report.reports.map(&:to_h) if report.reports.any?
+        shell.info sanitize(report.to_h).to_yaml
       end
 
-      def report_app(app)
-        super do |report|
-          result = yield report
-          report["sources"] = report.reports.map(&:to_h) if report.reports.any?
-          result
-        end
+      # Add source report information to the app report hash
+      #
+      # app - An application configuration
+      # report - A report object containing information about the app evaluation
+      def end_report_app(app, report)
+        report["sources"] = report.reports.map(&:to_h) if report.reports.any?
       end
 
-      def report_source(source)
-        super do |report|
-          result = yield report
-          report["dependencies"] = report.reports.map(&:to_h) if report.reports.any?
-          result
-        end
+      # Add dependency report information to the source report hash
+      #
+      # source - A dependency source enumerator
+      # report - A report object containing information about the source evaluation
+      def end_report_source(source, report)
+        report["dependencies"] = report.reports.map(&:to_h) if report.reports.any?
       end
 
       def sanitize(object)

data/lib/licensed/sources/bundler.rb

@@ -29,7 +29,7 @@ module Licensed
         # `loaded_from` if available.
         def spec_file
           return @spec_file if defined?(@spec_file)
-          return @spec_file = nil unless loaded_from && File.exist?(loaded_from)
+          return @spec_file = nil unless loaded_from && File.file?(loaded_from)
           @spec_file = begin
             file = { name: File.basename(loaded_from), dir: File.dirname(loaded_from) }
             Licensee::ProjectFiles::PackageManagerFile.new(File.read(loaded_from), file)

data/lib/licensed/sources/gradle.rb

@@ -125,10 +125,10 @@ module Licensed
       def self.add_gradle_license_report_plugins_block(gradle_build_file)
 
         if gradle_build_file.include? "plugins"
-          gradle_build_file.gsub(/(?<=plugins)\s+{/, " { id 'com.github.jk1.dependency-license-report' version '1.6'")
+          gradle_build_file.gsub(/(?<=plugins)\s+{/, " { id 'com.github.jk1.dependency-license-report' version '1.16'")
         else
 
-          gradle_build_file = " plugins { id 'com.github.jk1.dependency-license-report' version '1.6' }" + gradle_build_file
+          gradle_build_file = " plugins { id 'com.github.jk1.dependency-license-report' version '1.16' }" + gradle_build_file
         end
       end
 

data/lib/licensed/sources/npm.rb

@@ -33,11 +33,12 @@ module Licensed
 
       def enumerate_dependencies
         packages.map do |name, package|
-          path = package["path"]
+          errors = package["problems"] unless package["path"]
           Dependency.new(
             name: name,
-            version: package["version"],
-            path: path,
+            version: package["version"] || package["required"],
+            path: package["path"],
+            errors: Array(errors),
             metadata: {
               "type"     => NPM.type,
               "name"     => package["name"],

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "3.1.0".freeze
+  VERSION = "3.2.0".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

data/script/source-setup/go

@@ -25,7 +25,7 @@ if [ "$1" == "-f" ]; then
   fi
 fi
 
-(cd src/test && go get)
+(export GO111MODULE=off && cd src/test && go get)
 if go help mod >/dev/null; then
   (cd src/modules_test && GO111MODULE=on go mod download)
 fi

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 3.2.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-06-16 00:00:00.000000000 Z
+date: 2021-08-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -241,8 +241,25 @@ files:
 - Rakefile
 - docker/Dockerfile.build-linux
 - docs/adding_a_new_source.md
-- docs/commands.md
+- docs/commands/README.md
+- docs/commands/cache.md
+- docs/commands/env.md
+- docs/commands/list.md
+- docs/commands/migrate.md
+- docs/commands/notices.md
+- docs/commands/status.md
+- docs/commands/version.md
 - docs/configuration.md
+- docs/configuration/README.md
+- docs/configuration/allowed_licenses.md
+- docs/configuration/application_name.md
+- docs/configuration/application_source.md
+- docs/configuration/configuration_root.md
+- docs/configuration/configuring_multiple_apps.md
+- docs/configuration/dependency_source_enumerators.md
+- docs/configuration/ignoring_dependencies.md
+- docs/configuration/metadata_cache.md
+- docs/configuration/reviewing_dependencies.md
 - docs/migrations/v2.md
 - docs/migrations/v3.md
 - docs/packaging.md
@@ -280,6 +297,7 @@ files:
 - lib/licensed/git.rb
 - lib/licensed/migrations.rb
 - lib/licensed/migrations/v2.rb
+- lib/licensed/report.rb
 - lib/licensed/reporters.rb
 - lib/licensed/reporters/cache_reporter.rb
 - lib/licensed/reporters/json_reporter.rb

data/docs/commands.md

@@ -1,95 +0,0 @@
-# Commands
-
-Run `licensed -h` to see help content for running licensed commands.
-
-## `list`
-
-Running the list command finds the dependencies for all sources in all configured applications.  No additional actions are taken on each dependency.
-
-An optional `--sources` flag can be given to limit which dependency sources are run.  This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
-
-## `cache`
-
-The cache command finds all dependencies and ensures that each dependency has an up-to-date cached record.
-
-An optional `--sources` flag can be given to limit which dependency sources are run.  This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
-
-Dependency records will be saved if:
-1. The `force` option is set
-2. No cached record is found
-3. The cached record's version is different than the current dependency's version
-   - If the cached record's license text contents matches the current dependency's license text then the `license` metadata from the cached record is retained for the new saved record.
-
-After the cache command is run, any cached records that don't match up to a current application dependency will be deleted.
-
-## `status`
-
-The status command finds all dependencies and checks whether each dependency has a valid cached record.
-
-An optional `--sources` flag can be given to limit which dependency sources are run.  This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
-
-A dependency will fail the status checks if:
-1. No cached record is found
-2. The cached record's version is different than the current dependency's version
-3. The cached record's `licenses` data is empty
-4. The cached record's `license` metadata doesn't match an `allowed` license from the dependency's application configuration.
-   - If `license: other` is specified and all of the `licenses` entries match an `allowed` license a failure will not be logged
-5. The cached record is flagged for re-review.
-   - This occurs when the record's license text has changed since the record was reviewed.
-
-## `notices`
-
-Outputs license and notice text for all dependencies in each app into a `NOTICE` file in the app's `cache_path`.  If an app uses a shared cache path, the file name will contain the app name as well, e.g. `NOTICE.my_app`.
-
-An optional `--sources` flag can be given to limit which dependency sources are run.  This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
-
-The `NOTICE` file contents are retrieved from cached records, with the assumption that cached records have already been reviewed in a compliance workflow.
-
-## `env`
-
-Prints the runtime environment used by licensed after loading a configuration file.  By default the output is in YAML format, but can be output in JSON using the `--json` flag.
-
-The output will not be equivalent to configuration input.  For example, all paths will be
-
-## `version`
-
-Displays the current licensed version.
-
-# Adding a new command
-
-## Implement new `Command` class
-
-Licensed commands inherit and override the [`Licensed::Sources::Command`](../lib/licensed/commands/command.rb) class.
-
-#### Required method overrides
-1. `Licensed::Commands::Command#evaluate_dependency`
-   - Runs a command execution on an application dependency.
-
-The `evaluate_dependency` method should contain the specific command logic.  This method has access to the application configuration, dependency source enumerator and dependency currently being evaluated as well as a reporting hash to contain information about the command execution.
-
-#### Optional method overrides
-
-The following methods break apart the different levels of command execution.  Each method wraps lower levels of command execution in a corresponding reporter method.
-
-1. `Licensed::Commands::Command#run`
-   - Runs `run_app` for each application configuration found.  Wraps the execution of all applications in `Reporter#report_run`.
-2. `Licensed::Commands::Command#run_app`
-   - Runs `run_source` for each dependency source enumerator enabled for the application configuration.  Wraps the execution of all sources in `Reporter#report_app`.
-3. `Licensed::Commands::Command#run_source`
-   - Runs `run_dependency` for each dependency found in the source.  Wraps the execution of all dependencies in `Reporter#report_source`.
-4. `Licensed::Commands::Command#run_dependency`
-   - Runs `evaluate_dependency` for the dependency.  Wraps the execution of all dependencies in `Reporter#report_dependency`.
-
-As an example, `Licensed::Commands::Command#run_app` calls `Reporter#report_app` to wrap every call to `Licensed::Commands::Command#run_source`.
-
-##### Specifying additional report data
-
-The `run` methods can be overridden and pass a block to `super` to provide additional reporting data or functionality.
-
-```ruby
-def run_app(app)
-  super do |report|
-    report["my_app_data"] = true
-  end
-end
-```