licensed 3.2.2 → 3.4.0

data/lib/licensed/sources/yarn/v1.rb

@@ -0,0 +1,146 @@
+# frozen_string_literal: true
+require "json"
+
+module Licensed
+  module Sources
+    class Yarn::V1 < Source
+      include Licensed::Sources::Yarn
+
+      # `yarn licenses list --json` returns data in a table format with header
+      # ordering specified in the output.  Look for these specific headers and use
+      # their indices to get data from the table body
+      YARN_NAME_HEAD = "Name".freeze
+      YARN_VERSION_HEAD = "Version".freeze
+      YARN_URL_HEAD = "URL".freeze
+
+      def self.version_requirement
+        Gem::Requirement.new("< 2.0")
+      end
+
+      def enumerate_dependencies
+        packages.map do |name, package|
+          Dependency.new(
+            name: name,
+            version: package["version"],
+            path: package["path"],
+            metadata: {
+              "type"     => self.class.type,
+              "name"     => package["name"],
+              "homepage" => dependency_urls[package["id"]]
+            }
+          )
+        end
+      end
+
+      # Finds packages that the current project relies on
+      def packages
+        return [] if yarn_package_tree.nil?
+        all_dependencies = {}
+        recursive_dependencies(yarn_package_tree).each do |name, results|
+          results.uniq! { |package| package["version"] }
+          if results.size == 1
+            # if there is only one package for a name, reference it by name
+            all_dependencies[name] = results[0]
+          else
+            # if there is more than one package for a name, reference each by
+            # "<name>-<version>"
+            results.each do |package|
+              all_dependencies["#{name}-#{package["version"]}"] = package
+            end
+          end
+        end
+
+        all_dependencies
+      end
+
+      # Recursively parse dependency JSON data.  Returns a hash mapping the
+      # package name to it's metadata
+      def recursive_dependencies(dependencies, result = {})
+        dependencies.each do |dependency|
+          # "shadow" indicate a dependency requirement only, not a
+          # resolved package identifier
+          next if dependency["shadow"]
+          name, _, version = dependency["name"].rpartition("@")
+
+          (result[name] ||= []) << {
+            "id" => dependency["name"],
+            "name" => name,
+            "version" => version,
+            "path" => dependency_paths[dependency["name"]]
+          }
+          recursive_dependencies(dependency["children"], result)
+        end
+        result
+      end
+
+      # Returns a hash that maps all dependency names to their location on disk
+      # by parsing every package.json file under node_modules.
+      def dependency_paths
+        @dependency_paths ||= Dir.glob(config.pwd.join("node_modules/**/package.json")).each_with_object({}) do |file, hsh|
+          dirname = File.dirname(file)
+          json = JSON.parse(File.read(file))
+          hsh["#{json["name"]}@#{json["version"]}"] = dirname
+        end
+      end
+
+      # Finds and returns the yarn package tree listing from `yarn list` output
+      def yarn_package_tree
+        return @yarn_package_tree if defined?(@yarn_package_tree)
+        @yarn_package_tree = begin
+          # parse all lines of output to json and find one that is "type": "tree"
+          tree = yarn_list_command.lines
+                                  .map(&:strip)
+                                  .map(&JSON.method(:parse))
+                                  .find { |json| json["type"] == "tree" }
+          tree&.dig("data", "trees")
+        end
+      end
+
+      # Returns a mapping of unique dependency identifiers to urls
+      def dependency_urls
+        @dependency_urls ||= begin
+          table = yarn_licenses_command.lines
+                                       .map(&:strip)
+                                       .map(&JSON.method(:parse))
+                                       .find { |json| json["type"] == "table" }
+          return {} if table.nil?
+
+          head = table.dig("data", "head")
+          return {} if head.nil?
+
+          name_index = head.index YARN_NAME_HEAD
+          version_index = head.index YARN_VERSION_HEAD
+          url_index = head.index YARN_URL_HEAD
+          return {} if name_index.nil? || version_index.nil? || url_index.nil?
+
+          body = table.dig("data", "body")
+          return {} if body.nil?
+
+          body.each_with_object({}) do |row, hsh|
+            id = "#{row[name_index]}@#{row[version_index]}"
+            hsh[id] = row[url_index]
+          end
+        end
+      end
+
+      # Returns the output from running `yarn list` to get project dependencies
+      def yarn_list_command
+        args = %w(--json -s --no-progress)
+        args << "--production" unless include_non_production?
+        Licensed::Shell.execute("yarn", "list", *args, allow_failure: true)
+      end
+
+      # Returns the output from running `yarn licenses list` to get project urls
+      def yarn_licenses_command
+        args = %w(--json -s --no-progress)
+        args << "--production" unless include_non_production?
+        Licensed::Shell.execute("yarn", "licenses", "list", *args, allow_failure: true)
+      end
+
+      # Returns whether to include non production dependencies based on the licensed configuration settings
+      def include_non_production?
+        config.dig("yarn", "production_only") == false
+      end
+    end
+  end
+end

data/lib/licensed/sources/yarn.rb

@@ -1,146 +1,31 @@
 # frozen_string_literal: true
-require "json"
 
 module Licensed
   module Sources
-    class Yarn < Source
-      # `yarn licenses list --json` returns data in a table format with header
-      # ordering specified in the output.  Look for these specific headers and use
-      # their indices to get data from the table body
-      YARN_NAME_HEAD = "Name".freeze
-      YARN_VERSION_HEAD = "Version".freeze
-      YARN_URL_HEAD = "URL".freeze
-
-      def enabled?
-        return unless Licensed::Shell.tool_available?("yarn")
-
-        config.pwd.join("package.json").exist? && config.pwd.join("yarn.lock").exist?
-      end
-
-      def enumerate_dependencies
-        packages.map do |name, package|
-          Dependency.new(
-            name: name,
-            version: package["version"],
-            path: package["path"],
-            metadata: {
-              "type"     => Yarn.type,
-              "name"     => package["name"],
-              "homepage" => dependency_urls[package["id"]]
-            }
-          )
-        end
-      end
-
-      # Finds packages that the current project relies on
-      def packages
-        return [] if yarn_package_tree.nil?
-        all_dependencies = {}
-        recursive_dependencies(yarn_package_tree).each do |name, results|
-          results.uniq! { |package| package["version"] }
-          if results.size == 1
-            # if there is only one package for a name, reference it by name
-            all_dependencies[name] = results[0]
-          else
-            # if there is more than one package for a name, reference each by
-            # "<name>-<version>"
-            results.each do |package|
-              all_dependencies["#{name}-#{package["version"]}"] = package
-            end
-          end
-        end
-
-        all_dependencies
-      end
-
-      # Recursively parse dependency JSON data.  Returns a hash mapping the
-      # package name to it's metadata
-      def recursive_dependencies(dependencies, result = {})
-        dependencies.each do |dependency|
-          # "shadow" indicate a dependency requirement only, not a
-          # resolved package identifier
-          next if dependency["shadow"]
-          name, _, version = dependency["name"].rpartition("@")
-
-          (result[name] ||= []) << {
-            "id" => dependency["name"],
-            "name" => name,
-            "version" => version,
-            "path" => dependency_paths[dependency["name"]]
-          }
-          recursive_dependencies(dependency["children"], result)
+    module Yarn
+      module ClassMethods
+        def type
+          "yarn"
         end
-        result
       end
 
-      # Returns a hash that maps all dependency names to their location on disk
-      # by parsing every package.json file under node_modules.
-      def dependency_paths
-        @dependency_paths ||= Dir.glob(config.pwd.join("node_modules/**/package.json")).each_with_object({}) do |file, hsh|
-          dirname = File.dirname(file)
-          json = JSON.parse(File.read(file))
-          hsh["#{json["name"]}@#{json["version"]}"] = dirname
-        end
+      def self.included(klass)
+        klass.extend ClassMethods
       end
 
-      # Finds and returns the yarn package tree listing from `yarn list` output
-      def yarn_package_tree
-        return @yarn_package_tree if defined?(@yarn_package_tree)
-        @yarn_package_tree = begin
-          # parse all lines of output to json and find one that is "type": "tree"
-          tree = yarn_list_command.lines
-                                  .map(&:strip)
-                                  .map(&JSON.method(:parse))
-                                  .find { |json| json["type"] == "tree" }
-          tree&.dig("data", "trees")
-        end
-      end
-
-      # Returns a mapping of unique dependency identifiers to urls
-      def dependency_urls
-        @dependency_urls ||= begin
-          table = yarn_licenses_command.lines
-                                       .map(&:strip)
-                                       .map(&JSON.method(:parse))
-                                       .find { |json| json["type"] == "table" }
-          return [] if table.nil?
-
-          head = table.dig("data", "head")
-          return [] if head.nil?
-
-          name_index = head.index YARN_NAME_HEAD
-          version_index = head.index YARN_VERSION_HEAD
-          url_index = head.index YARN_URL_HEAD
-          return [] if name_index.nil? || version_index.nil? || url_index.nil?
-
-          body = table.dig("data", "body")
-          return [] if body.nil?
-
-          body.each_with_object({}) do |row, hsh|
-            id = "#{row[name_index]}@#{row[version_index]}"
-            hsh[id] = row[url_index]
-          end
-        end
-      end
-
-      # Returns the output from running `yarn list` to get project dependencies
-      def yarn_list_command
-        args = %w(--json -s --no-progress)
-        args << "--production" unless include_non_production?
-        Licensed::Shell.execute("yarn", "list", *args, allow_failure: true)
-      end
+      def enabled?
+        return unless Licensed::Shell.tool_available?("yarn")
+        return unless self.class.version_requirement.satisfied_by?(yarn_version)
 
-      # Returns the output from running `yarn licenses list` to get project urls
-      def yarn_licenses_command
-        args = %w(--json -s --no-progress)
-        args << "--production" unless include_non_production?
-        Licensed::Shell.execute("yarn", "licenses", "list", *args, allow_failure: true)
+        config.pwd.join("package.json").exist? && config.pwd.join("yarn.lock").exist?
       end
 
-      # Returns whether to include non production dependencies based on the licensed configuration settings
-      def include_non_production?
-        config.dig("yarn", "production_only") == false
+      def yarn_version
+        Gem::Version.new(Licensed::Shell.execute("yarn", "-v"))
       end
     end
   end
 end
+
+require "licensed/sources/yarn/v1"
+require "licensed/sources/yarn/berry"

data/lib/licensed/sources.rb

@@ -5,6 +5,7 @@ module Licensed
     require "licensed/sources/bower"
     require "licensed/sources/bundler"
     require "licensed/sources/cabal"
+    require "licensed/sources/cargo"
     require "licensed/sources/composer"
     require "licensed/sources/dep"
     require "licensed/sources/git_submodule"

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "3.2.2".freeze
+  VERSION = "3.4.0".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

data/licensed.gemspec

@@ -16,7 +16,7 @@ Gem::Specification.new do |spec|
   spec.homepage      = "https://github.com/github/licensed"
   spec.license       = "MIT"
 
-  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test/|script/|docker/|\..+)}) }
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 3.2.2
+  version: 3.4.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-09-10 00:00:00.000000000 Z
+date: 2021-12-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -238,13 +238,6 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- ".github/dependabot.yml"
-- ".github/workflows/release.yml"
-- ".github/workflows/test.yml"
-- ".gitignore"
-- ".licensed.yml"
-- ".rubocop.yml"
-- ".ruby-version"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
@@ -252,7 +245,6 @@ files:
 - LICENSE
 - README.md
 - Rakefile
-- docker/Dockerfile.build-linux
 - docs/adding_a_new_source.md
 - docs/commands/README.md
 - docs/commands/cache.md
@@ -280,6 +272,7 @@ files:
 - docs/sources/bower.md
 - docs/sources/bundler.md
 - docs/sources/cabal.md
+- docs/sources/cargo.md
 - docs/sources/composer.md
 - docs/sources/dep.md
 - docs/sources/git_submodule.md
@@ -326,6 +319,7 @@ files:
 - lib/licensed/sources/bundler/definition.rb
 - lib/licensed/sources/bundler/missing_specification.rb
 - lib/licensed/sources/cabal.rb
+- lib/licensed/sources/cargo.rb
 - lib/licensed/sources/composer.rb
 - lib/licensed/sources/dep.rb
 - lib/licensed/sources/git_submodule.rb
@@ -341,31 +335,11 @@ files:
 - lib/licensed/sources/source.rb
 - lib/licensed/sources/swift.rb
 - lib/licensed/sources/yarn.rb
+- lib/licensed/sources/yarn/berry.rb
+- lib/licensed/sources/yarn/v1.rb
 - lib/licensed/ui/shell.rb
 - lib/licensed/version.rb
 - licensed.gemspec
-- script/bootstrap
-- script/cibuild
-- script/console
-- script/package
-- script/packages/build
-- script/packages/linux
-- script/packages/mac
-- script/setup
-- script/source-setup/bower
-- script/source-setup/bundler
-- script/source-setup/cabal
-- script/source-setup/composer
-- script/source-setup/git_submodule
-- script/source-setup/go
-- script/source-setup/mix
-- script/source-setup/npm
-- script/source-setup/nuget
-- script/source-setup/pip
-- script/source-setup/pipenv
-- script/source-setup/swift
-- script/source-setup/yarn
-- script/test
 homepage: https://github.com/github/licensed
 licenses:
 - MIT

data/.github/dependabot.yml

@@ -1,19 +0,0 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
-version: 2
-updates:
-  - package-ecosystem: github-actions
-    directory: /
-    schedule:
-      interval: daily
-  - package-ecosystem: bundler
-    directory: /
-    schedule:
-      interval: weekly
-  - package-ecosystem: docker
-    directory: docker
-    schedule:
-      interval: weekly

data/.github/workflows/release.yml

@@ -1,213 +0,0 @@
-name: Build and publish release assets
-
-on:
-  release:
-    types: [created]
-  workflow_dispatch:
-    inputs:
-      version:
-        description: 'Commit-like version of github/licensed to build package at'
-        required: true
-      release_tag:
-        description: 'Release tag to upload built packages to'
-        required: false
-
-jobs:
-  vars:
-    name: "Gather values for remainder of steps"
-    runs-on: ubuntu-latest
-    outputs:
-      version: ${{ steps.get_version.outputs.result }}
-      upload_url: ${{ steps.get_url.outputs.result }}
-      ref: ${{ steps.get_ref.outputs.result }}
-    steps:
-      - id: get_version
-        name: Get package version
-        uses: actions/github-script@v4.1
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          result-encoding: string
-          script: |
-            let version = "${{ github.event.release.tag_name }}"
-            if (!version) {
-              version = "${{ github.event.inputs.version }}"
-            }
-
-            if (!version) {
-              throw new Error("unable to find package build version")
-            }
-
-            return version
-
-      - id: get_url
-        name: Get release upload url
-        uses: actions/github-script@v4.1
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          result-encoding: string
-          script: |
-            let uploadUrl = "${{ github.event.release.upload_url}}"
-            const tag = "${{ github.event.inputs.release_tag }}"
-            if (!uploadUrl && tag) {
-              const { data: release } = await github.repos.getReleaseByTag({
-                ...context.repo,
-                tag
-              })
-
-              if (!release.upload_url) {
-                throw new Error("unable to find a release upload url")
-              }
-
-              uploadUrl = release.upload_url
-            }
-
-            return uploadUrl
-
-      - id: get_ref
-        name: Get checkout ref for custom build scripts
-        uses: actions/github-script@v4.1
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          result-encoding: string
-          script: |
-            let ref = "${{ github.event.release.tag_name }}"
-            if (!ref) {
-              ref = "${{ github.event.ref }}".replace(/refs\/[^\/]+\//, '')
-            }
-
-            if (!ref) {
-              throw new Error("unable to find a ref for action")
-            }
-
-            return ref
-
-  package_linux:
-    needs: vars
-    runs-on: ubuntu-18.04
-    steps:
-    - uses: actions/checkout@v2
-      with:
-        # checkout at the ref for the action, separate from the target build version
-        # this allows running build scripts independent of the target version
-        ref: ${{needs.vars.outputs.ref}}
-        fetch-depth: 0
-
-    - name: Set up Ruby 2.6
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 2.6
-
-    - name: Build package
-      run: script/packages/linux
-      env:
-        VERSION: ${{needs.vars.outputs.version}}
-
-    - uses: actions/upload-artifact@v2
-      with:
-        name: ${{needs.vars.outputs.version}}-linux
-        path: pkg/${{needs.vars.outputs.version}}/licensed-${{needs.vars.outputs.version}}-linux-x64.tar.gz
-
-  package_mac:
-    needs: vars
-    runs-on: macOS-latest
-    steps:
-    - uses: actions/checkout@v2
-      with:
-        # checkout at the ref for the action, separate from the target build version
-        # this allows running build scripts independent of the target version
-        ref: ${{needs.vars.outputs.ref}}
-        fetch-depth: 0
-
-    - name: Set up Ruby 2.6
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 2.6
-
-    - name: Build package
-      run: script/packages/mac
-      env:
-        VERSION: ${{needs.vars.outputs.version}}
-
-    - uses: actions/upload-artifact@v2
-      with:
-        name: ${{needs.vars.outputs.version}}-darwin
-        path: pkg/${{needs.vars.outputs.version}}/licensed-${{needs.vars.outputs.version}}-darwin-x64.tar.gz
-
-  build_gem:
-    needs: vars
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-      with:
-        # building a gem doesn't use a different ref from the version input
-        ref: ${{needs.vars.outputs.version}}
-
-    - name: Set up Ruby 2.6
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 2.6
-
-    - name: Build gem
-      run: gem build licensed.gemspec -o licensed-${{needs.vars.outputs.version}}.gem
-
-    - uses: actions/upload-artifact@v2
-      with:
-        name: ${{needs.vars.outputs.version}}-gem
-        path: licensed-${{needs.vars.outputs.version}}.gem
-
-  upload_packages:
-    if: ${{ needs.vars.outputs.upload_url != '' }}
-    runs-on: ubuntu-latest
-    needs: [vars, package_linux, package_mac, build_gem]
-
-    steps:
-    - name: Set up Ruby 2.6
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 2.6
-
-    - name: Download linux package
-      uses: actions/download-artifact@v2
-      with:
-        name: ${{needs.vars.outputs.version}}-linux
-
-    - name: Download macOS package
-      uses: actions/download-artifact@v2
-      with:
-        name: ${{needs.vars.outputs.version}}-darwin
-
-    - name: Download gem
-      uses: actions/download-artifact@v2
-      with:
-        name: ${{needs.vars.outputs.version}}-gem
-
-    - name: Publish linux package
-      uses: actions/upload-release-asset@v1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ needs.vars.outputs.upload_url }}
-        asset_path: ./licensed-${{needs.vars.outputs.version}}-linux-x64.tar.gz
-        asset_name: licensed-${{needs.vars.outputs.version}}-linux-x64.tar.gz
-        asset_content_type: application/gzip
-
-    - name: Publish mac package
-      uses: actions/upload-release-asset@v1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ needs.vars.outputs.upload_url }}
-        asset_path: ./licensed-${{needs.vars.outputs.version}}-darwin-x64.tar.gz
-        asset_name: licensed-${{needs.vars.outputs.version}}-darwin-x64.tar.gz
-        asset_content_type: application/gzip
-
-    - name: Publish gem to RubyGems
-      run: |
-        mkdir -p $HOME/.gem
-        touch $HOME/.gem/credentials
-        chmod 0600 $HOME/.gem/credentials
-        printf -- "---\n:rubygems_api_key: ${RUBYGEMS_API_KEY}\n" > $HOME/.gem/credentials
-        gem push $GEM
-      env:
-        RUBYGEMS_API_KEY: ${{secrets.RUBYGEMS_AUTH_TOKEN}}
-        GEM: licensed-${{needs.vars.outputs.version}}.gem