licensed 3.1.0 → 3.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/test.yml +28 -11
  3. data/CHANGELOG.md +19 -0
  4. data/README.md +25 -80
  5. data/docs/adding_a_new_source.md +11 -8
  6. data/docs/commands/README.md +59 -0
  7. data/docs/commands/cache.md +35 -0
  8. data/docs/commands/env.md +10 -0
  9. data/docs/commands/list.md +23 -0
  10. data/docs/commands/migrate.md +10 -0
  11. data/docs/commands/notices.md +12 -0
  12. data/docs/commands/status.md +73 -0
  13. data/docs/commands/version.md +3 -0
  14. data/docs/configuration.md +9 -173
  15. data/docs/configuration/README.md +11 -0
  16. data/docs/configuration/allowed_licenses.md +17 -0
  17. data/docs/configuration/application_name.md +63 -0
  18. data/docs/configuration/application_source.md +64 -0
  19. data/docs/configuration/configuration_root.md +27 -0
  20. data/docs/configuration/configuring_multiple_apps.md +58 -0
  21. data/docs/configuration/dependency_source_enumerators.md +28 -0
  22. data/docs/configuration/ignoring_dependencies.md +19 -0
  23. data/docs/configuration/metadata_cache.md +106 -0
  24. data/docs/configuration/reviewing_dependencies.md +18 -0
  25. data/lib/licensed.rb +1 -0
  26. data/lib/licensed/cli.rb +2 -2
  27. data/lib/licensed/commands/cache.rb +19 -20
  28. data/lib/licensed/commands/command.rb +104 -72
  29. data/lib/licensed/commands/environment.rb +12 -11
  30. data/lib/licensed/commands/list.rb +0 -19
  31. data/lib/licensed/commands/notices.rb +0 -19
  32. data/lib/licensed/commands/status.rb +13 -15
  33. data/lib/licensed/configuration.rb +77 -7
  34. data/lib/licensed/report.rb +44 -0
  35. data/lib/licensed/reporters/cache_reporter.rb +48 -64
  36. data/lib/licensed/reporters/json_reporter.rb +19 -21
  37. data/lib/licensed/reporters/list_reporter.rb +45 -58
  38. data/lib/licensed/reporters/notices_reporter.rb +33 -46
  39. data/lib/licensed/reporters/reporter.rb +37 -104
  40. data/lib/licensed/reporters/status_reporter.rb +58 -56
  41. data/lib/licensed/reporters/yaml_reporter.rb +19 -21
  42. data/lib/licensed/sources/bundler.rb +1 -1
  43. data/lib/licensed/sources/gradle.rb +2 -2
  44. data/lib/licensed/sources/npm.rb +4 -3
  45. data/lib/licensed/version.rb +1 -1
  46. data/script/source-setup/go +1 -1
  47. metadata +21 -3
  48. data/docs/commands.md +0 -95
@@ -3,80 +3,82 @@
3
3
  module Licensed
4
4
  module Reporters
5
5
  class StatusReporter < Reporter
6
- # Generate a report for a licensed status command run
7
- # Shows the errors found when checking status, as well as
8
- # overall number of dependencies checked
6
+ # Reports any errors encountered at the command level
9
7
  #
10
- # Returns the result of the yielded method
11
- def report_app(app)
12
- super do |report|
13
- shell.info "Checking cached dependency records for #{app["name"]}"
8
+ # command - The command being run
9
+ # report - A report object containing information about the command run
10
+ def end_report_command(command, report)
11
+ if report.errors.any?
12
+ shell.newline
13
+ report.errors.each { |e| shell.error e }
14
+ end
15
+ end
14
16
 
15
- result = yield report
17
+ # Reports the start of checking records for an app
18
+ #
19
+ # app - An application configuration
20
+ # report - A report containing information about the app evaluation
21
+ def begin_report_app(app, report)
22
+ shell.info "Checking cached dependency records for #{app["name"]}"
23
+ end
16
24
 
17
- all_reports = report.all_reports
25
+ # Reports any errors found when checking status, as well as
26
+ # overall number of dependencies checked
27
+ #
28
+ # app - An application configuration
29
+ # report - A report containing information about the app evaluation
30
+ def end_report_app(app, report)
31
+ all_reports = report.all_reports
18
32
 
19
- warning_reports = all_reports.select { |r| r.warnings.any? }.to_a
20
- if warning_reports.any?
21
- shell.newline
22
- shell.warn "Warnings:"
23
- warning_reports.each do |r|
24
- display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
33
+ warning_reports = all_reports.select { |r| r.warnings.any? }.to_a
34
+ if warning_reports.any?
35
+ shell.newline
36
+ shell.warn "Warnings:"
37
+ warning_reports.each do |r|
38
+ display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
25
39
 
26
- shell.warn "* #{r.name}"
27
- shell.warn " #{display_metadata}" unless display_metadata.empty?
28
- r.warnings.each do |warning|
29
- shell.warn " - #{warning}"
30
- end
31
- shell.newline
40
+ shell.warn "* #{r.name}"
41
+ shell.warn " #{display_metadata}" unless display_metadata.empty?
42
+ r.warnings.each do |warning|
43
+ shell.warn " - #{warning}"
32
44
  end
45
+ shell.newline
33
46
  end
47
+ end
34
48
 
35
- errored_reports = all_reports.select { |r| r.errors.any? }.to_a
49
+ errored_reports = all_reports.select { |r| r.errors.any? }.to_a
36
50
 
37
- dependency_count = all_reports.select { |r| r.target.is_a?(Licensed::Dependency) }.size
38
- error_count = errored_reports.sum { |r| r.errors.size }
51
+ dependency_count = all_reports.select { |r| r.target.is_a?(Licensed::Dependency) }.size
52
+ error_count = errored_reports.sum { |r| r.errors.size }
39
53
 
40
- if error_count > 0
41
- shell.newline
42
- shell.error "Errors:"
43
- errored_reports.each do |r|
44
- display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
54
+ if error_count > 0
55
+ shell.newline
56
+ shell.error "Errors:"
57
+ errored_reports.each do |r|
58
+ display_metadata = r.map { |k, v| "#{k}: #{v}" }.join(", ")
45
59
 
46
- shell.error "* #{r.name}"
47
- shell.error " #{display_metadata}" unless display_metadata.empty?
48
- r.errors.each do |error|
49
- shell.error " - #{error}"
50
- end
51
- shell.newline
60
+ shell.error "* #{r.name}"
61
+ shell.error " #{display_metadata}" unless display_metadata.empty?
62
+ r.errors.each do |error|
63
+ shell.error " - #{error}"
52
64
  end
65
+ shell.newline
53
66
  end
54
-
55
- shell.newline
56
- shell.info "#{dependency_count} dependencies checked, #{error_count} errors found."
57
-
58
- result
59
67
  end
68
+
69
+ shell.newline
70
+ shell.info "#{dependency_count} dependencies checked, #{error_count} errors found."
60
71
  end
61
72
 
62
- # Reports on a dependency in a status command run.
63
- # Shows whether the dependency's status is valid in dot format
73
+ # Reports whether the dependency's status is valid in dot format
64
74
  #
65
75
  # dependency - An application dependency
66
- #
67
- # Returns the result of the yielded method
68
- # Note - must be called from inside the `report_run` scope
69
- def report_dependency(dependency)
70
- super do |report|
71
- result = yield report
72
-
73
- if report.errors.empty?
74
- shell.confirm(".", false)
75
- else
76
- shell.error("F", false)
77
- end
78
-
79
- result
76
+ # report - A report containing information about the dependency evaluation
77
+ def end_report_dependency(dependency, report)
78
+ if report.errors.empty?
79
+ shell.confirm(".", false)
80
+ else
81
+ shell.error("F", false)
80
82
  end
81
83
  end
82
84
  end
@@ -2,31 +2,29 @@
2
2
  module Licensed
3
3
  module Reporters
4
4
  class YamlReporter < Reporter
5
- def report_run(command)
6
- super do |report|
7
- result = yield report
8
-
9
- report["apps"] = report.reports.map(&:to_h) if report.reports.any?
10
- shell.info sanitize(report.to_h).to_yaml
11
-
12
- result
13
- end
5
+ # Report all information from the command run to the shell as a YAML object
6
+ #
7
+ # command - The command being run
8
+ # report - A report object containing information about the command run
9
+ def end_report_command(command, report)
10
+ report["apps"] = report.reports.map(&:to_h) if report.reports.any?
11
+ shell.info sanitize(report.to_h).to_yaml
14
12
  end
15
13
 
16
- def report_app(app)
17
- super do |report|
18
- result = yield report
19
- report["sources"] = report.reports.map(&:to_h) if report.reports.any?
20
- result
21
- end
14
+ # Add source report information to the app report hash
15
+ #
16
+ # app - An application configuration
17
+ # report - A report object containing information about the app evaluation
18
+ def end_report_app(app, report)
19
+ report["sources"] = report.reports.map(&:to_h) if report.reports.any?
22
20
  end
23
21
 
24
- def report_source(source)
25
- super do |report|
26
- result = yield report
27
- report["dependencies"] = report.reports.map(&:to_h) if report.reports.any?
28
- result
29
- end
22
+ # Add dependency report information to the source report hash
23
+ #
24
+ # source - A dependency source enumerator
25
+ # report - A report object containing information about the source evaluation
26
+ def end_report_source(source, report)
27
+ report["dependencies"] = report.reports.map(&:to_h) if report.reports.any?
30
28
  end
31
29
 
32
30
  def sanitize(object)
@@ -29,7 +29,7 @@ module Licensed
29
29
  # `loaded_from` if available.
30
30
  def spec_file
31
31
  return @spec_file if defined?(@spec_file)
32
- return @spec_file = nil unless loaded_from && File.exist?(loaded_from)
32
+ return @spec_file = nil unless loaded_from && File.file?(loaded_from)
33
33
  @spec_file = begin
34
34
  file = { name: File.basename(loaded_from), dir: File.dirname(loaded_from) }
35
35
  Licensee::ProjectFiles::PackageManagerFile.new(File.read(loaded_from), file)
@@ -125,10 +125,10 @@ module Licensed
125
125
  def self.add_gradle_license_report_plugins_block(gradle_build_file)
126
126
 
127
127
  if gradle_build_file.include? "plugins"
128
- gradle_build_file.gsub(/(?<=plugins)\s+{/, " { id 'com.github.jk1.dependency-license-report' version '1.6'")
128
+ gradle_build_file.gsub(/(?<=plugins)\s+{/, " { id 'com.github.jk1.dependency-license-report' version '1.16'")
129
129
  else
130
130
 
131
- gradle_build_file = " plugins { id 'com.github.jk1.dependency-license-report' version '1.6' }" + gradle_build_file
131
+ gradle_build_file = " plugins { id 'com.github.jk1.dependency-license-report' version '1.16' }" + gradle_build_file
132
132
  end
133
133
  end
134
134
 
@@ -33,11 +33,12 @@ module Licensed
33
33
 
34
34
  def enumerate_dependencies
35
35
  packages.map do |name, package|
36
- path = package["path"]
36
+ errors = package["problems"] unless package["path"]
37
37
  Dependency.new(
38
38
  name: name,
39
- version: package["version"],
40
- path: path,
39
+ version: package["version"] || package["required"],
40
+ path: package["path"],
41
+ errors: Array(errors),
41
42
  metadata: {
42
43
  "type" => NPM.type,
43
44
  "name" => package["name"],
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
  module Licensed
3
- VERSION = "3.1.0".freeze
3
+ VERSION = "3.2.0".freeze
4
4
 
5
5
  def self.previous_major_versions
6
6
  major_version = Gem::Version.new(Licensed::VERSION).segments.first
@@ -25,7 +25,7 @@ if [ "$1" == "-f" ]; then
25
25
  fi
26
26
  fi
27
27
 
28
- (cd src/test && go get)
28
+ (export GO111MODULE=off && cd src/test && go get)
29
29
  if go help mod >/dev/null; then
30
30
  (cd src/modules_test && GO111MODULE=on go mod download)
31
31
  fi
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: licensed
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.1.0
4
+ version: 3.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - GitHub
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-06-16 00:00:00.000000000 Z
11
+ date: 2021-08-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: licensee
@@ -241,8 +241,25 @@ files:
241
241
  - Rakefile
242
242
  - docker/Dockerfile.build-linux
243
243
  - docs/adding_a_new_source.md
244
- - docs/commands.md
244
+ - docs/commands/README.md
245
+ - docs/commands/cache.md
246
+ - docs/commands/env.md
247
+ - docs/commands/list.md
248
+ - docs/commands/migrate.md
249
+ - docs/commands/notices.md
250
+ - docs/commands/status.md
251
+ - docs/commands/version.md
245
252
  - docs/configuration.md
253
+ - docs/configuration/README.md
254
+ - docs/configuration/allowed_licenses.md
255
+ - docs/configuration/application_name.md
256
+ - docs/configuration/application_source.md
257
+ - docs/configuration/configuration_root.md
258
+ - docs/configuration/configuring_multiple_apps.md
259
+ - docs/configuration/dependency_source_enumerators.md
260
+ - docs/configuration/ignoring_dependencies.md
261
+ - docs/configuration/metadata_cache.md
262
+ - docs/configuration/reviewing_dependencies.md
246
263
  - docs/migrations/v2.md
247
264
  - docs/migrations/v3.md
248
265
  - docs/packaging.md
@@ -280,6 +297,7 @@ files:
280
297
  - lib/licensed/git.rb
281
298
  - lib/licensed/migrations.rb
282
299
  - lib/licensed/migrations/v2.rb
300
+ - lib/licensed/report.rb
283
301
  - lib/licensed/reporters.rb
284
302
  - lib/licensed/reporters/cache_reporter.rb
285
303
  - lib/licensed/reporters/json_reporter.rb
data/docs/commands.md DELETED
@@ -1,95 +0,0 @@
1
- # Commands
2
-
3
- Run `licensed -h` to see help content for running licensed commands.
4
-
5
- ## `list`
6
-
7
- Running the list command finds the dependencies for all sources in all configured applications. No additional actions are taken on each dependency.
8
-
9
- An optional `--sources` flag can be given to limit which dependency sources are run. This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
10
-
11
- ## `cache`
12
-
13
- The cache command finds all dependencies and ensures that each dependency has an up-to-date cached record.
14
-
15
- An optional `--sources` flag can be given to limit which dependency sources are run. This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
16
-
17
- Dependency records will be saved if:
18
- 1. The `force` option is set
19
- 2. No cached record is found
20
- 3. The cached record's version is different than the current dependency's version
21
- - If the cached record's license text contents matches the current dependency's license text then the `license` metadata from the cached record is retained for the new saved record.
22
-
23
- After the cache command is run, any cached records that don't match up to a current application dependency will be deleted.
24
-
25
- ## `status`
26
-
27
- The status command finds all dependencies and checks whether each dependency has a valid cached record.
28
-
29
- An optional `--sources` flag can be given to limit which dependency sources are run. This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
30
-
31
- A dependency will fail the status checks if:
32
- 1. No cached record is found
33
- 2. The cached record's version is different than the current dependency's version
34
- 3. The cached record's `licenses` data is empty
35
- 4. The cached record's `license` metadata doesn't match an `allowed` license from the dependency's application configuration.
36
- - If `license: other` is specified and all of the `licenses` entries match an `allowed` license a failure will not be logged
37
- 5. The cached record is flagged for re-review.
38
- - This occurs when the record's license text has changed since the record was reviewed.
39
-
40
- ## `notices`
41
-
42
- Outputs license and notice text for all dependencies in each app into a `NOTICE` file in the app's `cache_path`. If an app uses a shared cache path, the file name will contain the app name as well, e.g. `NOTICE.my_app`.
43
-
44
- An optional `--sources` flag can be given to limit which dependency sources are run. This is a filter over sources that are enabled via the licensed configuration file and cannot be used to run licensed with a disabled source.
45
-
46
- The `NOTICE` file contents are retrieved from cached records, with the assumption that cached records have already been reviewed in a compliance workflow.
47
-
48
- ## `env`
49
-
50
- Prints the runtime environment used by licensed after loading a configuration file. By default the output is in YAML format, but can be output in JSON using the `--json` flag.
51
-
52
- The output will not be equivalent to configuration input. For example, all paths will be
53
-
54
- ## `version`
55
-
56
- Displays the current licensed version.
57
-
58
- # Adding a new command
59
-
60
- ## Implement new `Command` class
61
-
62
- Licensed commands inherit and override the [`Licensed::Sources::Command`](../lib/licensed/commands/command.rb) class.
63
-
64
- #### Required method overrides
65
- 1. `Licensed::Commands::Command#evaluate_dependency`
66
- - Runs a command execution on an application dependency.
67
-
68
- The `evaluate_dependency` method should contain the specific command logic. This method has access to the application configuration, dependency source enumerator and dependency currently being evaluated as well as a reporting hash to contain information about the command execution.
69
-
70
- #### Optional method overrides
71
-
72
- The following methods break apart the different levels of command execution. Each method wraps lower levels of command execution in a corresponding reporter method.
73
-
74
- 1. `Licensed::Commands::Command#run`
75
- - Runs `run_app` for each application configuration found. Wraps the execution of all applications in `Reporter#report_run`.
76
- 2. `Licensed::Commands::Command#run_app`
77
- - Runs `run_source` for each dependency source enumerator enabled for the application configuration. Wraps the execution of all sources in `Reporter#report_app`.
78
- 3. `Licensed::Commands::Command#run_source`
79
- - Runs `run_dependency` for each dependency found in the source. Wraps the execution of all dependencies in `Reporter#report_source`.
80
- 4. `Licensed::Commands::Command#run_dependency`
81
- - Runs `evaluate_dependency` for the dependency. Wraps the execution of all dependencies in `Reporter#report_dependency`.
82
-
83
- As an example, `Licensed::Commands::Command#run_app` calls `Reporter#report_app` to wrap every call to `Licensed::Commands::Command#run_source`.
84
-
85
- ##### Specifying additional report data
86
-
87
- The `run` methods can be overridden and pass a block to `super` to provide additional reporting data or functionality.
88
-
89
- ```ruby
90
- def run_app(app)
91
- super do |report|
92
- report["my_app_data"] = true
93
- end
94
- end
95
- ```