licensed 3.8.0 → 3.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -1
- data/docs/commands/notices.md +3 -1
- data/lib/licensed/cli.rb +4 -2
- data/lib/licensed/commands/notices.rb +27 -4
- data/lib/licensed/dependency_record.rb +1 -1
- data/lib/licensed/reporters/notices_reporter.rb +5 -5
- data/lib/licensed/version.rb +1 -1
- data/licensed.gemspec +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8fc5dda597e72ea3231515620aa042c3daaa07ae652d78328000048fb476386e
|
|
4
|
+
data.tar.gz: a772502d860cefdd4a6710432a3a5406abc2c81bd99dd82307b9ddbaf47d40cd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f5dd491826706986ac7503340ab6dddd122653f394b313e96f3cf0652502cedfc0e201b660ac657591e3e4fde507e6c60237680118e90ca053ab27effa35b0f6
|
|
7
|
+
data.tar.gz: aed36ca1cf19673579fa8ffdf0e196e3e8edff5111515dcd0b3c0afcdf90d1b2e79ba558366f548ede7d6a86bdc1f37218967ed28943f9c05151d5a5450fbefb
|
data/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,18 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
6
6
|
|
|
7
7
|
## [Unreleased]
|
|
8
8
|
|
|
9
|
+
## 3.9.1
|
|
10
|
+
|
|
11
|
+
### Fixed
|
|
12
|
+
|
|
13
|
+
- Updating cached dependency records will more accurately apply `review_changed_license` flag (https://github.com/github/licensed/pull/578)
|
|
14
|
+
|
|
15
|
+
## 3.9.0
|
|
16
|
+
|
|
17
|
+
### Added
|
|
18
|
+
|
|
19
|
+
- `NOTICE` files can now be generated without cached files in a repository (https://github.com/github/licensed/pull/572)
|
|
20
|
+
|
|
9
21
|
## 3.8.0
|
|
10
22
|
|
|
11
23
|
### Added
|
|
@@ -649,4 +661,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
649
661
|
|
|
650
662
|
Initial release :tada:
|
|
651
663
|
|
|
652
|
-
[Unreleased]: https://github.com/github/licensed/compare/3.
|
|
664
|
+
[Unreleased]: https://github.com/github/licensed/compare/3.9.1...HEAD
|
data/docs/commands/notices.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
Outputs license and notice text for all dependencies in each app into a `NOTICE` file in the app's `cache_path`. If an app uses a shared cache path, the file name will contain the app name as well, e.g. `NOTICE.my_app`.
|
|
4
4
|
|
|
5
|
-
`NOTICE` file contents are retrieved from cached records, with the assumption that cached records have already been reviewed in a compliance workflow.
|
|
5
|
+
`NOTICE` file contents are retrieved from cached records when the `--computed`/`-l` option is not set, with the assumption that cached records have already been reviewed in a compliance workflow. When the `--computed`/`-l` option is set and a dependency's license is not found, that dependency's license text will be empty in the `NOTICE` file.
|
|
6
6
|
|
|
7
7
|
## Options
|
|
8
8
|
|
|
@@ -10,3 +10,5 @@ Outputs license and notice text for all dependencies in each app into a `NOTICE`
|
|
|
10
10
|
- default value: `./.licensed.yml`
|
|
11
11
|
- `--sources`/`-s`: runtime filter on which dependency sources are run. Sources must also be enabled in the licensed configuration file.
|
|
12
12
|
- default value: not set, all configured sources
|
|
13
|
+
- `--computed`/`-l`: use live computed when generating a `NOTICE` file
|
|
14
|
+
- default value: not set, `NOTICE` file generated from cached records
|
data/lib/licensed/cli.rb
CHANGED
|
@@ -46,13 +46,15 @@ module Licensed
|
|
|
46
46
|
run Licensed::Commands::List.new(config: config), sources: options[:sources], reporter: options[:format], licenses: options[:licenses]
|
|
47
47
|
end
|
|
48
48
|
|
|
49
|
-
desc "notices", "Generate a NOTICE file
|
|
49
|
+
desc "notices", "Generate a NOTICE file with dependency data"
|
|
50
50
|
method_option :config, aliases: "-c", type: :string,
|
|
51
51
|
desc: "Path to licensed configuration file"
|
|
52
52
|
method_option :sources, aliases: "-s", type: :array,
|
|
53
53
|
desc: "Individual source(s) to evaluate. Must also be enabled via configuration."
|
|
54
|
+
method_option :computed, aliases: "-l", type: :boolean,
|
|
55
|
+
desc: "Whether to generate a NOTICE file using computed data or cached records"
|
|
54
56
|
def notices
|
|
55
|
-
run Licensed::Commands::Notices.new(config: config), sources: options[:sources]
|
|
57
|
+
run Licensed::Commands::Notices.new(config: config), sources: options[:sources], computed: options[:computed]
|
|
56
58
|
end
|
|
57
59
|
|
|
58
60
|
map "-v" => :version
|
|
@@ -13,7 +13,7 @@ module Licensed
|
|
|
13
13
|
|
|
14
14
|
protected
|
|
15
15
|
|
|
16
|
-
# Load
|
|
16
|
+
# Load a dependency record data and add it to the notices report.
|
|
17
17
|
#
|
|
18
18
|
# app - The application configuration for the dependency
|
|
19
19
|
# source - The dependency source enumerator for the dependency
|
|
@@ -22,13 +22,36 @@ module Licensed
|
|
|
22
22
|
#
|
|
23
23
|
# Returns true.
|
|
24
24
|
def evaluate_dependency(app, source, dependency, report)
|
|
25
|
+
report["record"] =
|
|
26
|
+
if load_dependency_record_from_files
|
|
27
|
+
load_cached_dependency_record(app, source, dependency, report)
|
|
28
|
+
else
|
|
29
|
+
dependency.record
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
true
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
# Loads a dependency record from a cached file.
|
|
36
|
+
#
|
|
37
|
+
# app - The application configuration for the dependency
|
|
38
|
+
# source - The dependency source enumerator for the dependency
|
|
39
|
+
# dependency - An application dependency
|
|
40
|
+
# report - A report hash for the command to provide extra data for the report output.
|
|
41
|
+
#
|
|
42
|
+
# Returns a dependency record or nil if one doesn't exist
|
|
43
|
+
def load_cached_dependency_record(app, source, dependency, report)
|
|
25
44
|
filename = app.cache_path.join(source.class.type, "#{dependency.name}.#{DependencyRecord::EXTENSION}")
|
|
26
|
-
|
|
27
|
-
if !
|
|
45
|
+
record = Licensed::DependencyRecord.read(filename)
|
|
46
|
+
if !record
|
|
28
47
|
report.warnings << "expected cached record not found at #{filename}"
|
|
29
48
|
end
|
|
30
49
|
|
|
31
|
-
|
|
50
|
+
record
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def load_dependency_record_from_files
|
|
54
|
+
!options.fetch(:computed, false)
|
|
32
55
|
end
|
|
33
56
|
end
|
|
34
57
|
end
|
|
@@ -31,7 +31,7 @@ module Licensed
|
|
|
31
31
|
def key
|
|
32
32
|
@key ||= begin
|
|
33
33
|
# rubocop:disable GitHub/InsecureHashAlgorithm
|
|
34
|
-
|
|
34
|
+
sources.join("") + ":" + Digest::XXHash64.digest(text).to_s
|
|
35
35
|
# rubocop:enable GitHub/InsecureHashAlgorithm
|
|
36
36
|
end
|
|
37
37
|
end
|
|
@@ -54,11 +54,11 @@ module Licensed
|
|
|
54
54
|
def notices(report)
|
|
55
55
|
return unless report.target.is_a?(Licensed::Dependency)
|
|
56
56
|
|
|
57
|
-
|
|
58
|
-
return unless
|
|
57
|
+
record = report["record"]
|
|
58
|
+
return unless record
|
|
59
59
|
|
|
60
|
-
texts =
|
|
61
|
-
|
|
60
|
+
texts = record.licenses.map(&:text)
|
|
61
|
+
record.notices.each do |notice|
|
|
62
62
|
case notice
|
|
63
63
|
when Hash
|
|
64
64
|
texts << notice["text"]
|
|
@@ -70,7 +70,7 @@ module Licensed
|
|
|
70
70
|
end
|
|
71
71
|
|
|
72
72
|
<<~NOTICE
|
|
73
|
-
#{
|
|
73
|
+
#{record["name"]}@#{record["version"]}
|
|
74
74
|
|
|
75
75
|
#{texts.map(&:strip).reject(&:empty?).compact.join(TEXT_SEPARATOR)}
|
|
76
76
|
NOTICE
|
data/lib/licensed/version.rb
CHANGED
data/licensed.gemspec
CHANGED
|
@@ -35,7 +35,7 @@ Gem::Specification.new do |spec|
|
|
|
35
35
|
|
|
36
36
|
spec.add_development_dependency "rake", ">= 12.3.3"
|
|
37
37
|
spec.add_development_dependency "minitest", "~> 5.8"
|
|
38
|
-
spec.add_development_dependency "mocha", "~>
|
|
38
|
+
spec.add_development_dependency "mocha", "~> 2.0"
|
|
39
39
|
spec.add_development_dependency "rubocop-github", "~> 0.6"
|
|
40
40
|
spec.add_development_dependency "byebug", "~> 11.1.3"
|
|
41
41
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: licensed
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.9.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- GitHub
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-11-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: licensee
|
|
@@ -188,14 +188,14 @@ dependencies:
|
|
|
188
188
|
requirements:
|
|
189
189
|
- - "~>"
|
|
190
190
|
- !ruby/object:Gem::Version
|
|
191
|
-
version: '
|
|
191
|
+
version: '2.0'
|
|
192
192
|
type: :development
|
|
193
193
|
prerelease: false
|
|
194
194
|
version_requirements: !ruby/object:Gem::Requirement
|
|
195
195
|
requirements:
|
|
196
196
|
- - "~>"
|
|
197
197
|
- !ruby/object:Gem::Version
|
|
198
|
-
version: '
|
|
198
|
+
version: '2.0'
|
|
199
199
|
- !ruby/object:Gem::Dependency
|
|
200
200
|
name: rubocop-github
|
|
201
201
|
requirement: !ruby/object:Gem::Requirement
|