licensed 3.8.0 → 3.9.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -1
- data/docs/commands/notices.md +3 -1
- data/lib/licensed/cli.rb +4 -2
- data/lib/licensed/commands/notices.rb +27 -4
- data/lib/licensed/dependency_record.rb +1 -1
- data/lib/licensed/reporters/notices_reporter.rb +5 -5
- data/lib/licensed/version.rb +1 -1
- data/licensed.gemspec +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8fc5dda597e72ea3231515620aa042c3daaa07ae652d78328000048fb476386e
|
|
4
|
+
data.tar.gz: a772502d860cefdd4a6710432a3a5406abc2c81bd99dd82307b9ddbaf47d40cd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f5dd491826706986ac7503340ab6dddd122653f394b313e96f3cf0652502cedfc0e201b660ac657591e3e4fde507e6c60237680118e90ca053ab27effa35b0f6
|
|
7
|
+
data.tar.gz: aed36ca1cf19673579fa8ffdf0e196e3e8edff5111515dcd0b3c0afcdf90d1b2e79ba558366f548ede7d6a86bdc1f37218967ed28943f9c05151d5a5450fbefb
|
data/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,18 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
6
6
|
|
|
7
7
|
## [Unreleased]
|
|
8
8
|
|
|
9
|
+
## 3.9.1
|
|
10
|
+
|
|
11
|
+
### Fixed
|
|
12
|
+
|
|
13
|
+
- Updating cached dependency records will more accurately apply `review_changed_license` flag (https://github.com/github/licensed/pull/578)
|
|
14
|
+
|
|
15
|
+
## 3.9.0
|
|
16
|
+
|
|
17
|
+
### Added
|
|
18
|
+
|
|
19
|
+
- `NOTICE` files can now be generated without cached files in a repository (https://github.com/github/licensed/pull/572)
|
|
20
|
+
|
|
9
21
|
## 3.8.0
|
|
10
22
|
|
|
11
23
|
### Added
|
|
@@ -649,4 +661,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
|
|
|
649
661
|
|
|
650
662
|
Initial release :tada:
|
|
651
663
|
|
|
652
|
-
[Unreleased]: https://github.com/github/licensed/compare/3.
|
|
664
|
+
[Unreleased]: https://github.com/github/licensed/compare/3.9.1...HEAD
|
data/docs/commands/notices.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
Outputs license and notice text for all dependencies in each app into a `NOTICE` file in the app's `cache_path`. If an app uses a shared cache path, the file name will contain the app name as well, e.g. `NOTICE.my_app`.
|
|
4
4
|
|
|
5
|
-
`NOTICE` file contents are retrieved from cached records, with the assumption that cached records have already been reviewed in a compliance workflow.
|
|
5
|
+
`NOTICE` file contents are retrieved from cached records when the `--computed`/`-l` option is not set, with the assumption that cached records have already been reviewed in a compliance workflow. When the `--computed`/`-l` option is set and a dependency's license is not found, that dependency's license text will be empty in the `NOTICE` file.
|
|
6
6
|
|
|
7
7
|
## Options
|
|
8
8
|
|
|
@@ -10,3 +10,5 @@ Outputs license and notice text for all dependencies in each app into a `NOTICE`
|
|
|
10
10
|
- default value: `./.licensed.yml`
|
|
11
11
|
- `--sources`/`-s`: runtime filter on which dependency sources are run. Sources must also be enabled in the licensed configuration file.
|
|
12
12
|
- default value: not set, all configured sources
|
|
13
|
+
- `--computed`/`-l`: use live computed when generating a `NOTICE` file
|
|
14
|
+
- default value: not set, `NOTICE` file generated from cached records
|
data/lib/licensed/cli.rb
CHANGED
|
@@ -46,13 +46,15 @@ module Licensed
|
|
|
46
46
|
run Licensed::Commands::List.new(config: config), sources: options[:sources], reporter: options[:format], licenses: options[:licenses]
|
|
47
47
|
end
|
|
48
48
|
|
|
49
|
-
desc "notices", "Generate a NOTICE file
|
|
49
|
+
desc "notices", "Generate a NOTICE file with dependency data"
|
|
50
50
|
method_option :config, aliases: "-c", type: :string,
|
|
51
51
|
desc: "Path to licensed configuration file"
|
|
52
52
|
method_option :sources, aliases: "-s", type: :array,
|
|
53
53
|
desc: "Individual source(s) to evaluate. Must also be enabled via configuration."
|
|
54
|
+
method_option :computed, aliases: "-l", type: :boolean,
|
|
55
|
+
desc: "Whether to generate a NOTICE file using computed data or cached records"
|
|
54
56
|
def notices
|
|
55
|
-
run Licensed::Commands::Notices.new(config: config), sources: options[:sources]
|
|
57
|
+
run Licensed::Commands::Notices.new(config: config), sources: options[:sources], computed: options[:computed]
|
|
56
58
|
end
|
|
57
59
|
|
|
58
60
|
map "-v" => :version
|
|
@@ -13,7 +13,7 @@ module Licensed
|
|
|
13
13
|
|
|
14
14
|
protected
|
|
15
15
|
|
|
16
|
-
# Load
|
|
16
|
+
# Load a dependency record data and add it to the notices report.
|
|
17
17
|
#
|
|
18
18
|
# app - The application configuration for the dependency
|
|
19
19
|
# source - The dependency source enumerator for the dependency
|
|
@@ -22,13 +22,36 @@ module Licensed
|
|
|
22
22
|
#
|
|
23
23
|
# Returns true.
|
|
24
24
|
def evaluate_dependency(app, source, dependency, report)
|
|
25
|
+
report["record"] =
|
|
26
|
+
if load_dependency_record_from_files
|
|
27
|
+
load_cached_dependency_record(app, source, dependency, report)
|
|
28
|
+
else
|
|
29
|
+
dependency.record
|
|
30
|
+
end
|
|
31
|
+
|
|
32
|
+
true
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
# Loads a dependency record from a cached file.
|
|
36
|
+
#
|
|
37
|
+
# app - The application configuration for the dependency
|
|
38
|
+
# source - The dependency source enumerator for the dependency
|
|
39
|
+
# dependency - An application dependency
|
|
40
|
+
# report - A report hash for the command to provide extra data for the report output.
|
|
41
|
+
#
|
|
42
|
+
# Returns a dependency record or nil if one doesn't exist
|
|
43
|
+
def load_cached_dependency_record(app, source, dependency, report)
|
|
25
44
|
filename = app.cache_path.join(source.class.type, "#{dependency.name}.#{DependencyRecord::EXTENSION}")
|
|
26
|
-
|
|
27
|
-
if !
|
|
45
|
+
record = Licensed::DependencyRecord.read(filename)
|
|
46
|
+
if !record
|
|
28
47
|
report.warnings << "expected cached record not found at #{filename}"
|
|
29
48
|
end
|
|
30
49
|
|
|
31
|
-
|
|
50
|
+
record
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
def load_dependency_record_from_files
|
|
54
|
+
!options.fetch(:computed, false)
|
|
32
55
|
end
|
|
33
56
|
end
|
|
34
57
|
end
|
|
@@ -31,7 +31,7 @@ module Licensed
|
|
|
31
31
|
def key
|
|
32
32
|
@key ||= begin
|
|
33
33
|
# rubocop:disable GitHub/InsecureHashAlgorithm
|
|
34
|
-
|
|
34
|
+
sources.join("") + ":" + Digest::XXHash64.digest(text).to_s
|
|
35
35
|
# rubocop:enable GitHub/InsecureHashAlgorithm
|
|
36
36
|
end
|
|
37
37
|
end
|
|
@@ -54,11 +54,11 @@ module Licensed
|
|
|
54
54
|
def notices(report)
|
|
55
55
|
return unless report.target.is_a?(Licensed::Dependency)
|
|
56
56
|
|
|
57
|
-
|
|
58
|
-
return unless
|
|
57
|
+
record = report["record"]
|
|
58
|
+
return unless record
|
|
59
59
|
|
|
60
|
-
texts =
|
|
61
|
-
|
|
60
|
+
texts = record.licenses.map(&:text)
|
|
61
|
+
record.notices.each do |notice|
|
|
62
62
|
case notice
|
|
63
63
|
when Hash
|
|
64
64
|
texts << notice["text"]
|
|
@@ -70,7 +70,7 @@ module Licensed
|
|
|
70
70
|
end
|
|
71
71
|
|
|
72
72
|
<<~NOTICE
|
|
73
|
-
#{
|
|
73
|
+
#{record["name"]}@#{record["version"]}
|
|
74
74
|
|
|
75
75
|
#{texts.map(&:strip).reject(&:empty?).compact.join(TEXT_SEPARATOR)}
|
|
76
76
|
NOTICE
|
data/lib/licensed/version.rb
CHANGED
data/licensed.gemspec
CHANGED
|
@@ -35,7 +35,7 @@ Gem::Specification.new do |spec|
|
|
|
35
35
|
|
|
36
36
|
spec.add_development_dependency "rake", ">= 12.3.3"
|
|
37
37
|
spec.add_development_dependency "minitest", "~> 5.8"
|
|
38
|
-
spec.add_development_dependency "mocha", "~>
|
|
38
|
+
spec.add_development_dependency "mocha", "~> 2.0"
|
|
39
39
|
spec.add_development_dependency "rubocop-github", "~> 0.6"
|
|
40
40
|
spec.add_development_dependency "byebug", "~> 11.1.3"
|
|
41
41
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: licensed
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.9.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- GitHub
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-11-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: licensee
|
|
@@ -188,14 +188,14 @@ dependencies:
|
|
|
188
188
|
requirements:
|
|
189
189
|
- - "~>"
|
|
190
190
|
- !ruby/object:Gem::Version
|
|
191
|
-
version: '
|
|
191
|
+
version: '2.0'
|
|
192
192
|
type: :development
|
|
193
193
|
prerelease: false
|
|
194
194
|
version_requirements: !ruby/object:Gem::Requirement
|
|
195
195
|
requirements:
|
|
196
196
|
- - "~>"
|
|
197
197
|
- !ruby/object:Gem::Version
|
|
198
|
-
version: '
|
|
198
|
+
version: '2.0'
|
|
199
199
|
- !ruby/object:Gem::Dependency
|
|
200
200
|
name: rubocop-github
|
|
201
201
|
requirement: !ruby/object:Gem::Requirement
|