licensed 3.6.0 → 3.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a328b5551bdf77593f4bf97f4a846b7792898b6f749c25f5c5f39e68669f2164
4
- data.tar.gz: ac9b2013cf25d9dab94aadd2122a41bfa2790d741bd9e1588a270cd122dfaddb
3
+ metadata.gz: 2b28b00b1b23f91bc89a99928d3ae07396afe29700e06c4e22debe1e4f3b2d45
4
+ data.tar.gz: 5e8ccfb04df77cb4802bc51825562ec52a5f8368718e66434460b61e425a864f
5
5
  SHA512:
6
- metadata.gz: 846cadb01c2045ea258a785767ebfc8df3cee9d3a05648c93291c94cc21b7e84fb83146476c4afb64f9bc137a530cb84ba523ec41e2c4938396629b5b8901795
7
- data.tar.gz: 4aa7028294894b9f0c1781b558032d80f87669e959e71aa1b635c7a8687f77b4cf11be6431f280cfcbc06ea25f605da061a9af2fb480ea134a4172f989060451
6
+ metadata.gz: 2b71b2fd45dcd9e61b425a08f0b2148ecd568ae4f3a0ffacd15213850fba8c313362783945cb3828592ef397f4d2ced750f890f6bf18447e6a32c02cbbb47795
7
+ data.tar.gz: aa587ef6d6e420761098ab2364aa485a36885cfdd6b09f9eec5ad838dbd108f759a91447818bc0279992b489513efad8a2381966dbbcf3f6fea3f3946069e676
data/CHANGELOG.md CHANGED
@@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
6
6
 
7
7
  ## [Unreleased]
8
8
 
9
+ ## 3.7.0
10
+
11
+ ### Changed
12
+
13
+ - Pip and pipenv sources will find dependency licenses under `dist-info/license_files` when available (https://github.com/github/licensed/pull/504)
14
+
9
15
  ## 3.6.0
10
16
 
11
17
  2022-03-17
@@ -597,4 +603,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
597
603
 
598
604
  Initial release :tada:
599
605
 
600
- [Unreleased]: https://github.com/github/licensed/compare/3.6.0...HEAD
606
+ [Unreleased]: https://github.com/github/licensed/compare/3.7.0...HEAD
@@ -10,18 +10,17 @@ module Licensed
10
10
  PACKAGE_INFO_SEPARATOR = "\n---\n"
11
11
 
12
12
  def enabled?
13
- virtual_env_pip && Licensed::Shell.tool_available?(virtual_env_pip)
13
+ !pip_command.empty? && Licensed::Shell.tool_available?(pip_command.join(""))
14
14
  end
15
15
 
16
16
  def enumerate_dependencies
17
17
  packages.map do |package|
18
- location = File.join(package["Location"], package["Name"].gsub("-", "_") + "-" + package["Version"] + ".dist-info")
19
18
  Dependency.new(
20
19
  name: package["Name"],
21
20
  version: package["Version"],
22
- path: location,
21
+ path: package_license_location(package),
23
22
  metadata: {
24
- "type" => Pip.type,
23
+ "type" => self.class.type,
25
24
  "summary" => package["Summary"],
26
25
  "homepage" => package["Home-page"]
27
26
  }
@@ -29,8 +28,24 @@ module Licensed
29
28
  end
30
29
  end
31
30
 
31
+ protected
32
+
33
+ # Returns the command to run pip
34
+ def pip_command
35
+ return [] unless virtual_env_dir
36
+ Array(File.join(virtual_env_dir, "bin", "pip"))
37
+ end
38
+
32
39
  private
33
40
 
41
+ # Returns the location of license files in the package, checking for the inclusion of a new `license_files`
42
+ # folder per https://peps.python.org/pep-0639/
43
+ def package_license_location(package)
44
+ dist_info = File.join(package["Location"], package["Name"].gsub("-", "_") + "-" + package["Version"] + ".dist-info")
45
+ license_files = File.join(dist_info, "license_files")
46
+ return File.exist?(license_files) ? license_files : dist_info
47
+ end
48
+
34
49
  # Returns parsed information for all packages used by the project,
35
50
  # using `pip list` to determine what packages are used and `pip show`
36
51
  # to gather package information
@@ -64,17 +79,12 @@ module Licensed
64
79
 
65
80
  # Returns the output from `pip list --format=json`
66
81
  def pip_list_command
67
- Licensed::Shell.execute(virtual_env_pip, "--disable-pip-version-check", "list", "--format=json")
82
+ Licensed::Shell.execute(*pip_command, "--disable-pip-version-check", "list", "--format=json")
68
83
  end
69
84
 
70
85
  # Returns the output from `pip show <package> <package> ...`
71
86
  def pip_show_command(packages)
72
- Licensed::Shell.execute(virtual_env_pip, "--disable-pip-version-check", "show", *packages)
73
- end
74
-
75
- def virtual_env_pip
76
- return unless virtual_env_dir
77
- File.join(virtual_env_dir, "bin", "pip")
87
+ Licensed::Shell.execute(*pip_command, "--disable-pip-version-check", "show", *packages)
78
88
  end
79
89
 
80
90
  def virtual_env_dir
@@ -4,44 +4,16 @@ require "parallel"
4
4
 
5
5
  module Licensed
6
6
  module Sources
7
- class Pipenv < Source
7
+ class Pipenv < Pip
8
8
  def enabled?
9
9
  Licensed::Shell.tool_available?("pipenv") && File.exist?(config.pwd.join("Pipfile.lock"))
10
10
  end
11
11
 
12
- def enumerate_dependencies
13
- Parallel.map(pakages_from_pipfile_lock, in_threads: Parallel.processor_count) do |package_name|
14
- package = package_info(package_name)
15
- location = File.join(package["Location"], package["Name"].gsub("-", "_") + "-" + package["Version"] + ".dist-info")
16
- Dependency.new(
17
- name: package["Name"],
18
- version: package["Version"],
19
- path: location,
20
- metadata: {
21
- "type" => Pipenv.type,
22
- "summary" => package["Summary"],
23
- "homepage" => package["Home-page"]
24
- }
25
- )
26
- end
27
- end
28
-
29
- private
30
-
31
- def pakages_from_pipfile_lock
32
- Licensed::Shell.execute("pipenv", "run", "pip", "list")
33
- .lines
34
- .drop(2) # Header
35
- .map { |line| line.strip.split.first.strip }
36
- end
12
+ protected
37
13
 
38
- def package_info(package_name)
39
- p_info = Licensed::Shell.execute("pipenv", "run", "pip", "--disable-pip-version-check", "show", package_name).lines
40
- p_info.each_with_object(Hash.new(0)) { |pkg, a|
41
- k, v = pkg.split(":", 2)
42
- next if k.nil? || k.empty?
43
- a[k.strip] = v&.strip
44
- }
14
+ # Returns the command to run pip
15
+ def pip_command
16
+ %w(pipenv run pip)
45
17
  end
46
18
  end
47
19
  end
@@ -14,8 +14,13 @@ module Licensed
14
14
  class << self
15
15
  attr_reader :sources
16
16
  def inherited(klass)
17
- # add child source classes are defined,
18
- # add them to the known sources list
17
+ # register the inherited class as a source on the Licensed::Sources::Source class
18
+ Licensed::Sources::Source.register_source(klass)
19
+ end
20
+
21
+ def register_source(klass)
22
+ # add the source class to the known sources list
23
+ return unless klass < Licensed::Sources::Source
19
24
  (@sources ||= []) << klass
20
25
  end
21
26
 
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
  module Licensed
3
- VERSION = "3.6.0".freeze
3
+ VERSION = "3.7.0".freeze
4
4
 
5
5
  def self.previous_major_versions
6
6
  major_version = Gem::Version.new(Licensed::VERSION).segments.first
data/licensed.gemspec CHANGED
@@ -35,7 +35,7 @@ Gem::Specification.new do |spec|
35
35
  spec.add_development_dependency "rake", ">= 12.3.3"
36
36
  spec.add_development_dependency "minitest", "~> 5.8"
37
37
  spec.add_development_dependency "mocha", "~> 1.0"
38
- spec.add_development_dependency "rubocop", "~> 0.49", "< 1.20"
38
+ spec.add_development_dependency "rubocop", "~> 1.26", "< 1.27"
39
39
  spec.add_development_dependency "rubocop-github", "~> 0.6"
40
- spec.add_development_dependency "byebug", "~> 11.0.1"
40
+ spec.add_development_dependency "byebug", "~> 11.1.3"
41
41
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: licensed
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.6.0
4
+ version: 3.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - GitHub
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-03-17 00:00:00.000000000 Z
11
+ date: 2022-04-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: licensee
@@ -188,20 +188,20 @@ dependencies:
188
188
  requirements:
189
189
  - - "~>"
190
190
  - !ruby/object:Gem::Version
191
- version: '0.49'
191
+ version: '1.26'
192
192
  - - "<"
193
193
  - !ruby/object:Gem::Version
194
- version: '1.20'
194
+ version: '1.27'
195
195
  type: :development
196
196
  prerelease: false
197
197
  version_requirements: !ruby/object:Gem::Requirement
198
198
  requirements:
199
199
  - - "~>"
200
200
  - !ruby/object:Gem::Version
201
- version: '0.49'
201
+ version: '1.26'
202
202
  - - "<"
203
203
  - !ruby/object:Gem::Version
204
- version: '1.20'
204
+ version: '1.27'
205
205
  - !ruby/object:Gem::Dependency
206
206
  name: rubocop-github
207
207
  requirement: !ruby/object:Gem::Requirement
@@ -222,14 +222,14 @@ dependencies:
222
222
  requirements:
223
223
  - - "~>"
224
224
  - !ruby/object:Gem::Version
225
- version: 11.0.1
225
+ version: 11.1.3
226
226
  type: :development
227
227
  prerelease: false
228
228
  version_requirements: !ruby/object:Gem::Requirement
229
229
  requirements:
230
230
  - - "~>"
231
231
  - !ruby/object:Gem::Version
232
- version: 11.0.1
232
+ version: 11.1.3
233
233
  description: Licensed automates extracting and validating the licenses of dependencies.
234
234
  email:
235
235
  - opensource+licensed@github.com