licensed 3.9.1 → 4.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8fc5dda597e72ea3231515620aa042c3daaa07ae652d78328000048fb476386e
-  data.tar.gz: a772502d860cefdd4a6710432a3a5406abc2c81bd99dd82307b9ddbaf47d40cd
+  metadata.gz: 4c0f6c78059b52e669e7febd8a0a146c7d2bc1d2ff9c7a4e962941470a13845c
+  data.tar.gz: 14c6ff763c08e1317b430704fe8ec4552373f9ab24df80838f114fdb4d1fe906
 SHA512:
-  metadata.gz: f5dd491826706986ac7503340ab6dddd122653f394b313e96f3cf0652502cedfc0e201b660ac657591e3e4fde507e6c60237680118e90ca053ab27effa35b0f6
-  data.tar.gz: aed36ca1cf19673579fa8ffdf0e196e3e8edff5111515dcd0b3c0afcdf90d1b2e79ba558366f548ede7d6a86bdc1f37218967ed28943f9c05151d5a5450fbefb
+  metadata.gz: 7c7af4fe377c93becf816adab3b549452dba206aaf03080f18c42f944991f3572e4822ba768c6cc0ef1f320a81b9643738313097637f6da548b5285180a89ae2
+  data.tar.gz: be4466294a92d6cdb807fb6ace47b2ff0231430b118e60c7059dbfed92379a4e827e75f9df276e916c034f8f9a7226a95ef621239f1dbd0baecb942a30427a1a

data/CHANGELOG.md

@@ -6,6 +6,22 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 4.0.0
+
+### Added
+
+- Licensed supports Cocoapods as a dependency source (:tada: @LouisBoudreau https://github.com/github/licensed/pull/584)
+- Licensed supports Gradle multi-project builds (:tada: @LouisBoudreau https://github.com/github/licensed/pull/583)
+
+### Fixed
+
+- Licensed no longer crashes when run with Bundler >= 2.4.0 (:tada: @JoshReedSchramm https://github.com/github/licensed/pull/597)
+
+### Changed
+
+- BREAKING: Licensed no longer ships executables with releases (https://github.com/github/licensed/pull/586)
+- BREAKING: Licensed no longer includes support for Go <= 1.11 (https://github.com/github/licensed/pull/602)
+
 ## 3.9.1
 
 ### Fixed
@@ -661,4 +677,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/3.9.1...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/4.0.0...HEAD

data/CONTRIBUTING.md

@@ -59,8 +59,6 @@ The following steps will happen automatically from a GitHub Actions workflow
 after creating the release. In case that fails, the following steps can be performed manually
 
 11. Push the gem from (7) to rubygems.org -- `gem push licensed-x.xx.xx.gem`
-12. Build packages for new tag: `VERSION=x.xx.xx bundle exec rake package`
-13. Upload packages from (12) to release from (10)
 
 ## Resources
 

data/README.md

@@ -1,8 +1,6 @@
 # Licensed
 
-Licensed caches the licenses of dependencies and checks their status.
-
-Licensed is available as a Ruby gem for Ruby environments, and as a self-contained executable for non-Ruby environments.
+Licensed caches the licenses of dependencies and checks their status, and is available as a Ruby gem.
 
 Licensed is **not** a complete open source license compliance solution. Please understand the important [disclaimer](#disclaimer) below to make appropriate use of Licensed.
 
@@ -12,6 +10,10 @@ Licensed is **not** a complete open source license compliance solution. Please u
 
 Licensed is in active development and currently used at GitHub.  See the [open issues](https://github.com/github/licensed/issues) for a list of potential work.
 
+## Licensed v4 - **Removed support for non-Ruby environments**
+
+Licensed v4 no longer provides a self-contained executable build of licensed.  Please see [the deprecation notice](https://github.com/github/licensed/issues/585) for more context.
+
 ## Licensed v3
 
 Licensed v3 includes a breaking change if both of the following are true:
@@ -59,19 +61,12 @@ And then execute:
 $> bundle
 ```
 
-### As an executable
-
-Download a package from GitHub and extract the executable.  Executable packages are available for each release starting with version 1.2.0.
+### With a Homebrew (on macOS)
 
 ```bash
-$> curl -sSL https://github.com/github/licensed/releases/download/<version>/licensed-<version>-<os>-x64.tar.gz > licensed.tar.gz
-$> tar -xzf licensed.tar.gz
-$> rm -f licensed.tar.gz
-$> ./licensed list
+brew install licensed
 ```
 
-For system wide usage, install licensed to a location on `$PATH`, e.g. `/usr/local/bin`.
-
 ## Usage
 
 See [getting started](./docs/getting_started.md) for guidance using Licensed as part of your developer workflow.

data/Rakefile

@@ -72,32 +72,6 @@ Rake::TestTask.new(:test) do |t|
   t.test_files = FileList["test/**/*_test.rb"].exclude("test/fixtures/**/*_test.rb")
 end
 
-packages_search = File.expand_path("script/packages/*", __dir__)
-platforms = Dir[packages_search].map { |f| File.basename(f, ".*") }
-                                .reject { |f| f == "build" }
-
-namespace :package do
-  platforms.each do |platform|
-    desc "Package licensed for #{platform}"
-    task platform.to_sym do
-      puts "Packaging licensed for #{platform}"
-
-      if Bundler.with_original_env { system("script/packages/#{platform}") }
-        # green
-        puts "\033[32mCompleted packaging for #{platform}.\e[0m"
-      else
-        # red
-        puts "\033[31mEncountered an error packaging for #{platform}.\e[0m"
-      end
-
-      puts
-    end
-  end
-end
-
-desc "Package licensed for all platforms"
-task package: platforms.map { |platform| "package:#{platform}" }
-
 # add rubocop task
 # -S adds styleguide urls to offense messages
 RuboCop::RakeTask.new do |t|

data/docs/sources/bundler.md

@@ -2,8 +2,6 @@
 
 The bundler source will detect dependencies `Gemfile` and `Gemfile.lock` files are found at an apps `source_path`.  The source uses the `Bundler` API to enumerate dependencies from `Gemfile` and `Gemfile.lock`.
 
-**Note** The bundler source cannot be used when running the [packaged licensed executable](../packaging.md)
-
 ### Excluding gem groups
 
 The bundler source determines which gem groups to include or exclude with the following logic, in order of precedence.

data/docs/sources/cocoapods.md

@@ -0,0 +1,15 @@
+# CocoaPods
+
+The cocoapods source will detect dependencies when `Podfile` and `Podfile.lock` are found at an app's `source_path`.
+
+It uses the `pod` CLI commands to enumerate dependencies and gather metadata on each package.
+
+### Evaluating dependencies from a specific target
+
+The `cocoapods.targets` property is used to specify which targets to analyze dependencies from. By default, dependencies from all targets will be analyzed.
+
+```yml
+cocoapods:
+  targets:
+    - ios
+```

data/docs/sources/gradle.md

@@ -14,3 +14,11 @@ gradle:
     - runtime
     - runtimeClassPath
 ```
+### Multi-build projects
+
+To run `licensed` for specific projects in a [multi-build project](https://docs.gradle.org/current/userguide/multi_project_builds.html) you must specify the [apps](../configuration/application_source.md) configuration key.
+
+```yml
+apps:
+  - source_path: ./path/to/subproject
+```

data/lib/licensed/configuration.rb

@@ -355,7 +355,6 @@ module Licensed
     def default_options
       # manually set a cache path without additional name
       {
-        "source_path" => Dir.pwd,
         "cache_path" => AppConfiguration::DEFAULT_CACHE_PATH
       }
     end

data/lib/licensed/sources/bundler/definition.rb

@@ -18,7 +18,7 @@ module Licensed
 
           all_dependencies = requested_dependencies.concat(specs.flat_map(&:dependencies))
           if all_dependencies.any? { |d| d.name == "bundler" } && !specs["bundler"].any?
-            bundler = sources.metadata_source.specs.search(Gem::Dependency.new("bundler", ::Bundler::VERSION)).last
+            bundler = sources.metadata_source.specs.search(bundler_query).last
             specs["bundler"] = bundler
           end
 
@@ -26,6 +26,14 @@ module Licensed
         end
       end
 
+      def bundler_query
+        if Gem::Version.new(::Bundler::VERSION) >= Gem::Version.new("2.4.0")
+          ["bundler", ::Bundler.gem_version]
+        else
+          Gem::Dependency.new("bundler", ::Bundler::VERSION)
+        end
+      end
+
       # Override requested_groups to also exclude any groups that are
       # in the "bundler.without" section of the licensed configuration file.
       def requested_groups

data/lib/licensed/sources/bundler.rb

@@ -39,13 +39,8 @@ module Licensed
       end
 
       DEFAULT_WITHOUT_GROUPS = %i{development test}
-      RUBY_PACKER_ERROR = "The bundler source cannot be used from the executable built with ruby-packer.  Please install licensed using `gem install` or using bundler."
 
       def enabled?
-        # running a ruby-packer-built licensed exe when ruby isn't available
-        # could lead to errors if the host ruby doesn't exist
-        return false if ruby_packer? && !Licensed::Shell.tool_available?("ruby")
-
         # if Bundler isn't loaded, this enumerator won't work!
         return false unless defined?(::Bundler)
 
@@ -55,8 +50,6 @@ module Licensed
       end
 
       def enumerate_dependencies
-        raise Licensed::Sources::Source::Error.new(RUBY_PACKER_ERROR) if ruby_packer?
-
         with_application_environment do
           definition.specs.map do |spec|
             next if spec.name == config["name"]
@@ -126,11 +119,6 @@ module Licensed
         # reload the bundler environment after enumeration
         ::Bundler.load
       end
-
-      # Returns whether the current licensed execution is running ruby-packer
-      def ruby_packer?
-        @ruby_packer ||= RbConfig::TOPDIR =~ /__enclose_io_memfs__/
-      end
     end
   end
 end

data/lib/licensed/sources/cocoapods.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+require "json"
+require "pathname"
+require "uri"
+require "cocoapods-core"
+
+module Licensed
+  module Sources
+    class Cocoapods < Source
+      def enabled?
+        return unless Licensed::Shell.tool_available?("pod")
+
+        config.pwd.join("Podfile").exist? && config.pwd.join("Podfile.lock").exist?
+      end
+
+      def enumerate_dependencies
+        pods.map do |pod|
+          name = pod.name
+          path = dependency_path(pod.root_name)
+          version = lockfile.version(name).version
+
+          Dependency.new(
+            path: path,
+            name: name,
+            version: version,
+            metadata: { "type" => Cocoapods.type }
+          )
+        end
+      end
+
+      private
+
+      def pods
+        return lockfile.dependencies if targets.nil?
+
+        targets_to_validate = podfile.target_definition_list.filter { |t| targets.include?(t.label) }
+        if targets_to_validate.any?
+          targets_to_validate.map(&:dependencies).flatten
+        else
+          raise Licensed::Sources::Source::Error, "Unable to find any target in the Podfile matching the ones provided in the config."
+        end
+      end
+
+      def targets
+        @targets ||= config.dig("cocoapods", "targets")&.map { |t| "Pods-#{t}" }
+      end
+
+      def lockfile
+        @lockfile ||= Pod::Lockfile.from_file(config.pwd.join("Podfile.lock"))
+      end
+
+      def podfile
+        @podfile ||= Pod::Podfile.from_file(config.pwd.join("Podfile"))
+      end
+
+      def dependency_path(name)
+        config.pwd.join("Pods/#{name}")
+      end
+    end
+  end
+end

data/lib/licensed/sources/go.rb

@@ -36,27 +36,13 @@ module Licensed
 
       # Returns an array of dependency package import paths
       def packages
-        dependency_packages =
-          if go_version < Gem::Version.new("1.11.0")
-            root_package_deps
-          else
-            go_list_deps
-          end
-
         # don't include go std packages
         # don't include packages under the root project that aren't vendored
-        dependency_packages
+        go_list_deps
           .reject { |pkg| go_std_package?(pkg) }
           .reject { |pkg| local_package?(pkg) }
       end
 
-      # Returns non-ignored packages found from the root packages "Deps" property
-      def root_package_deps
-        # check for ignored packages to avoid raising errors calling `go list`
-        # when ignored package is not found
-        Parallel.map(Array(root_package["Deps"])) { |name| package_info(name) }
-      end
-
       # Returns the list of dependencies as returned by "go list -json -deps"
       # available in go 1.11
       def go_list_deps
@@ -188,13 +174,6 @@ module Licensed
         package["ImportPath"]
       end
 
-      # Returns a hash of information about the package with a given import path
-      #
-      # import_path - Go package import path
-      def package_info(import_path)
-        JSON.parse(package_info_command(import_path))
-      end
-
       # Returns package information as a JSON string
       #
       # args - additional arguments to `go list`, e.g. Go package import path
@@ -202,11 +181,6 @@ module Licensed
         Licensed::Shell.execute("go", "list", "-e", "-json", *Array(args)).strip
       end
 
-      # Returns the info for the package under test
-      def root_package
-        @root_package ||= package_info(".")
-      end
-
       # Returns whether go source is found
       def go_source?
         with_configured_gopath { Licensed::Shell.success?("go", "doc") }
@@ -230,15 +204,6 @@ module Licensed
         end
       end
 
-      # Returns the current version of go available, as a Gem::Version
-      def go_version
-        @go_version ||= begin
-          full_version = Licensed::Shell.execute("go", "version").strip
-          version_string = full_version.gsub(%r{.*go(\d+\.\d+(\.\d+)?).*}, "\\1")
-          Gem::Version.new(version_string)
-        end
-      end
-
       private
 
       # Execute a block with ENV["GOPATH"] set to the value of #gopath.

data/lib/licensed/sources/gradle.rb

@@ -9,53 +9,19 @@ require "fileutils"
 module Licensed
   module Sources
     class Gradle < Source
-
       DEFAULT_CONFIGURATIONS   = ["runtime", "runtimeClasspath"].freeze
       GRADLE_LICENSES_PATH     = ".gradle-licenses".freeze
-
+      GRADLE_LICENSES_CSV_NAME = "licenses.csv".freeze
       class Dependency < Licensed::Dependency
-        GRADLE_LICENSES_CSV_NAME = "licenses.csv".freeze
-
         class << self
-          # Returns a key to uniquely identify a name and version in the obtained CSV content
-          def csv_key(name:, version:)
-            "#{name}-#{version}"
-          end
-
-          # Loads and caches license report CSV data as a hash of :name-:version => :url pairs
-          #
-          # executable     - The gradle executable to run to generate the license report
-          # configurations - The gradle configurations to generate license report for
-          #
-          # Returns a hash of dependency identifiers to their license content URL
-          def load_csv(path, executable, configurations)
-            @csv ||= begin
-              gradle_licenses_dir = File.join(path, GRADLE_LICENSES_PATH)
-              Licensed::Sources::Gradle.gradle_command("generateLicenseReport", path: path, executable: executable, configurations: configurations)
-              CSV.foreach(File.join(gradle_licenses_dir, GRADLE_LICENSES_CSV_NAME), headers: true).each_with_object({}) do |row, hsh|
-                name, _, version = row["artifact"].rpartition(":")
-                key = csv_key(name: name, version: version)
-                hsh[key] = row["moduleLicenseUrl"]
-              end
-            ensure
-              FileUtils.rm_rf(gradle_licenses_dir)
-            end
-          end
-
-          # Returns the cached url for the given dependency
-          def url_for(dependency)
-            @csv[csv_key(name: dependency.name, version: dependency.version)]
-          end
-
           # Cache and return the results of getting the license content.
           def retrieve_license(url)
             (@licenses ||= {})[url] ||= Net::HTTP.get(URI(url))
           end
         end
 
-        def initialize(name:, version:, path:, executable:, configurations:, metadata: {})
-          @configurations = configurations
-          @executable = executable
+        def initialize(name:, version:, path:, url:, metadata: {})
+          @url = url
           super(name: name, version: version, path: path, metadata: metadata)
         end
 
@@ -68,32 +34,27 @@ module Licensed
 
         # Returns a Licensee::ProjectFiles::LicenseFile for the dependency
         def project_files
-          self.class.load_csv(path, @executable, @configurations)
-          url = self.class.url_for(self)
+          return [] if @url.nil?
 
-          return [] if url.nil?
-
-          license_data = self.class.retrieve_license(url)
-
-          Array(Licensee::ProjectFiles::LicenseFile.new(license_data, { uri: url }))
+          license_data = self.class.retrieve_license(@url)
+          Array(Licensee::ProjectFiles::LicenseFile.new(license_data, { uri: @url }))
         end
       end
 
       def enabled?
-        !gradle_executable.to_s.empty? && File.exist?(config.pwd.join("build.gradle"))
+        gradle_runner.enabled? && File.exist?(config.pwd.join("build.gradle"))
       end
 
       def enumerate_dependencies
-        JSON.parse(self.class.gradle_command("printDependencies", path: config.pwd, executable: gradle_executable, configurations: configurations)).map do |package|
-          name = "#{package["group"]}:#{package["name"]}"
+        JSON.parse(gradle_runner.run("printDependencies", config.source_path)).map do |package|
+          name = "#{package['group']}:#{package['name']}"
           Dependency.new(
             name: name,
             version: package["version"],
             path: config.pwd,
-            executable: gradle_executable,
-            configurations: configurations,
+            url: package_url(name: name, version: package["version"]),
             metadata: {
-              "type"     => Gradle.type
+              "type" => Gradle.type,
             }
           )
         end
@@ -101,13 +62,8 @@ module Licensed
 
       private
 
-      def gradle_executable
-        return @gradle_executable if defined?(@gradle_executable)
-        @gradle_executable = begin
-          gradlew = File.join(config.pwd, "gradlew")
-          return gradlew if File.executable?(gradlew)
-          "gradle" if Licensed::Shell.tool_available?("gradle")
-        end
+      def gradle_runner
+        @gradle_runner ||= Runner.new(config.pwd, configurations)
       end
 
       # Returns the configurations to include in license generation.
@@ -122,61 +78,134 @@ module Licensed
         end
       end
 
-      def self.add_gradle_license_report_plugins_block(gradle_build_file)
+      # Returns a key to uniquely identify a name and version in the obtained CSV content
+      def csv_key(name:, version:)
+        "#{name}-#{version}"
+      end
 
-        if gradle_build_file.include? "plugins"
-          gradle_build_file.gsub(/(?<=plugins)\s+{/, " { id 'com.github.jk1.dependency-license-report' version '1.16'")
-        else
+      def package_url(name:, version:)
+        # load and memoize the license report CSV
+        @urls ||= load_csv
 
-          gradle_build_file = " plugins { id 'com.github.jk1.dependency-license-report' version '1.16' }" + gradle_build_file
+        # uniquely identify a name and version in the obtained CSV content
+        @urls["#{name}-#{version}"]
+      end
+
+      def load_csv
+        begin
+          # create the CSV file including dependency license urls using the gradle plugin
+          gradle_licenses_dir = File.join(config.root, GRADLE_LICENSES_PATH)
+          gradle_runner.run("generateLicenseReport", config.source_path)
+
+          # parse the CSV report for dependency license urls
+          CSV.foreach(File.join(gradle_licenses_dir, GRADLE_LICENSES_CSV_NAME), headers: true).each_with_object({}) do |row, hsh|
+            name, _, version = row["artifact"].rpartition(":")
+            key = csv_key(name: name, version: version)
+            hsh[key] = row["moduleLicenseUrl"]
+          end
+        ensure
+          FileUtils.rm_rf(gradle_licenses_dir)
         end
       end
 
-      def self.gradle_command(*args, path:, executable:, configurations:)
-        gradle_build_file = File.read("build.gradle")
+      # Returns the cached url for the given dependency
+      def url_for(dependency)
+        @csv[csv_key(name: dependency.name, version: dependency.version)]
+      end
 
-        if !gradle_build_file.include? "dependency-license-report"
-          gradle_build_file = Licensed::Sources::Gradle.add_gradle_license_report_plugins_block(gradle_build_file)
+      # The Gradle::Runner class is a wrapper which provides
+      # an interface to run gradle commands with the init script initialized
+      class Runner
+        def initialize(root_path, configurations)
+          @root_path = root_path
+          @init_script = create_init_script(root_path, configurations)
         end
 
-        Dir.chdir(path) do
-          Tempfile.create(["license-", ".gradle"], path) do |f|
-            f.write(gradle_build_file)
-            f.write gradle_file(configurations)
-            f.close
-            Licensed::Shell.execute(executable, "-q", "-b", f.path, *args)
-          end
+        def run(command, source_path)
+          args = [format_command(command, source_path)]
+          # The configuration cache is an incubating feature that can be activated manually.
+          # The gradle plugin for licenses does not support it so we prevent it to run for gradle version supporting it.
+          args << "--no-configuration-cache" if gradle_version >= "6.6"
+          Licensed::Shell.execute(executable, "-q", "--init-script", @init_script.path, *args)
         end
-      end
 
-      def self.gradle_file(configurations)
-        <<~EOF
+        def enabled?
+          !executable.to_s.empty?
+        end
 
-          import com.github.jk1.license.render.CsvReportRenderer
-          import com.github.jk1.license.filter.LicenseBundleNormalizer
+        private
+
+        def gradle_version
+          @gradle_version ||= Licensed::Shell.execute(executable, "--version").scan(/Gradle [\d+]\.[\d+]/).last.split(" ").last
+        end
 
-          final configs = #{configurations.inspect}
+        def executable
+          return @executable if defined?(@executable)
 
-          licenseReport {
-              configurations = configs
-              outputDir = "$projectDir/#{GRADLE_LICENSES_PATH}"
-              renderers = [new CsvReportRenderer()]
-              filters = [new LicenseBundleNormalizer()]
-          }
+          @executable = begin
+            gradlew = File.join(@root_path, "gradlew")
+            return gradlew if File.executable?(gradlew)
 
-          task printDependencies {
-              doLast {
-                  def dependencies = []
-                  configs.each {
-                      configurations[it].resolvedConfiguration.resolvedArtifacts.each { artifact ->
-                          def id = artifact.moduleVersion.id
-                          dependencies << "  { \\"group\\": \\"${id.group}\\", \\"name\\": \\"${id.name}\\", \\"version\\": \\"${id.version}\\" }"
+            "gradle" if Licensed::Shell.tool_available?("gradle")
+          end
+        end
+
+        def create_init_script(path, configurations)
+          Dir.chdir(path) do
+            f = Tempfile.new(["init", ".gradle"], @root_path)
+            f.write(
+              <<~EOF
+                  import com.github.jk1.license.render.CsvReportRenderer
+                  import com.github.jk1.license.filter.LicenseBundleNormalizer
+                  final configs = #{configurations.inspect}
+
+                  initscript {
+                    repositories {
+                      maven {
+                        url "https://plugins.gradle.org/m2/"
                       }
+                    }
+                    dependencies {
+                      classpath "com.github.jk1:gradle-license-report:#{gradle_version >= "7.0" ? "2.0" : "1.17"}"
+                    }
                   }
-                  println "[\\n${dependencies.join(", ")}\\n]"
-              }
-          }
-        EOF
+
+                  allprojects {
+                    apply plugin: com.github.jk1.license.LicenseReportPlugin
+                    licenseReport {
+                        outputDir = "$rootDir/.gradle-licenses"
+                        configurations = configs
+                        renderers = [new CsvReportRenderer()]
+                        filters = [new LicenseBundleNormalizer()]
+                    }
+
+                    task printDependencies {
+                      doLast {
+                          def dependencies = []
+                          configs.each {
+                              configurations[it].resolvedConfiguration.resolvedArtifacts.each { artifact ->
+                                  def id = artifact.moduleVersion.id
+                                  dependencies << "{ \\"group\\": \\"${id.group}\\", \\"name\\": \\"${id.name}\\", \\"version\\": \\"${id.version}\\" }"
+                              }
+                          }
+                          println "[${dependencies.join(", ")}]"
+                      }
+                    }
+                  }
+                EOF
+              )
+            f.close
+            f
+          end
+        end
+
+        # Prefixes the gradle command with the project name for multi-build projects.
+        def format_command(command, source_path)
+          Dir.chdir(source_path) do
+            path = Licensed::Shell.execute(executable, "properties", "-Dorg.gradle.logging.level=quiet").scan(/path:.*/).last.split(" ").last
+            path == ":" ? command : "#{path}:#{command}"
+          end
+        end
       end
     end
   end

data/lib/licensed/sources.rb

@@ -19,5 +19,6 @@ module Licensed
     require "licensed/sources/gradle"
     require "licensed/sources/mix"
     require "licensed/sources/yarn"
+    require "licensed/sources/cocoapods"
   end
 end

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "3.9.1".freeze
+  VERSION = "4.0.0".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

data/licensed.gemspec

@@ -21,21 +21,21 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.required_ruby_version = ">= 2.3.0"
+  spec.required_ruby_version = ">= 2.6.0"
 
-  spec.add_dependency "licensee", ">= 9.15.2", "< 10.0.0"
-  spec.add_dependency "thor", ">= 0.19"
-  spec.add_dependency "pathname-common_prefix", "~> 0.0.1"
-  spec.add_dependency "tomlrb", ">= 1.2", "< 3.0"
-  spec.add_dependency "bundler", ">= 1.10"
-  spec.add_dependency "ruby-xxHash", "~> 0.4"
-  spec.add_dependency "parallel", ">= 0.18.0"
-  spec.add_dependency "reverse_markdown", ">= 1", "< 3"
-  spec.add_dependency "json", ">= 2.6.2"
+  spec.add_dependency "licensee", "9.16.0"
+  spec.add_dependency "thor", "1.2.1"
+  spec.add_dependency "pathname-common_prefix", "0.0.1"
+  spec.add_dependency "tomlrb", "2.0.3"
+  spec.add_dependency "ruby-xxHash", "0.4.0.2"
+  spec.add_dependency "parallel", "1.22.1"
+  spec.add_dependency "reverse_markdown", "2.1.1"
+  spec.add_dependency "json", "2.6.3"
+  spec.add_dependency "cocoapods-core", "1.11.3"
 
-  spec.add_development_dependency "rake", ">= 12.3.3"
-  spec.add_development_dependency "minitest", "~> 5.8"
-  spec.add_development_dependency "mocha", "~> 2.0"
-  spec.add_development_dependency "rubocop-github", "~> 0.6"
-  spec.add_development_dependency "byebug", "~> 11.1.3"
+  spec.add_development_dependency "rake", "13.0.6"
+  spec.add_development_dependency "minitest", "5.17.0"
+  spec.add_development_dependency "mocha", "2.0.2"
+  spec.add_development_dependency "rubocop-github", "0.20.0"
+  spec.add_development_dependency "byebug", "11.1.3"
 end

metadata

@@ -1,227 +1,209 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 3.9.1
+  version: 4.0.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-11-25 00:00:00.000000000 Z
+date: 2023-01-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: 9.15.2
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: 10.0.0
+        version: 9.16.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 9.15.2
-    - - "<"
+    - - '='
       - !ruby/object:Gem::Version
-        version: 10.0.0
+        version: 9.16.0
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0.19'
+        version: 1.2.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0.19'
+        version: 1.2.1
 - !ruby/object:Gem::Dependency
   name: pathname-common_prefix
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
         version: 0.0.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
         version: 0.0.1
 - !ruby/object:Gem::Dependency
   name: tomlrb
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '1.2'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 2.0.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '1.2'
-    - - "<"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: 2.0.3
 - !ruby/object:Gem::Dependency
-  name: bundler
+  name: ruby-xxHash
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: 0.4.0.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '1.10'
+        version: 0.4.0.2
 - !ruby/object:Gem::Dependency
-  name: ruby-xxHash
+  name: parallel
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: 1.22.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0.4'
+        version: 1.22.1
 - !ruby/object:Gem::Dependency
-  name: parallel
+  name: reverse_markdown
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: 0.18.0
+        version: 2.1.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: 0.18.0
+        version: 2.1.1
 - !ruby/object:Gem::Dependency
-  name: reverse_markdown
+  name: json
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '1'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '3'
+        version: 2.6.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '1'
-    - - "<"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '3'
+        version: 2.6.3
 - !ruby/object:Gem::Dependency
-  name: json
+  name: cocoapods-core
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: 2.6.2
+        version: 1.11.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: 2.6.2
+        version: 1.11.3
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: 12.3.3
+        version: 13.0.6
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: 12.3.3
+        version: 13.0.6
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '5.8'
+        version: 5.17.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '5.8'
+        version: 5.17.0
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: 2.0.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '2.0'
+        version: 2.0.2
 - !ruby/object:Gem::Dependency
   name: rubocop-github
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: 0.20.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: 0.20.0
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
         version: 11.1.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - '='
       - !ruby/object:Gem::Version
         version: 11.1.3
 description: Licensed automates extracting and validating the licenses of dependencies.
@@ -263,12 +245,12 @@ files:
 - docs/getting_started.md
 - docs/migrations/v2.md
 - docs/migrations/v3.md
-- docs/packaging.md
 - docs/reporters.md
 - docs/sources/bower.md
 - docs/sources/bundler.md
 - docs/sources/cabal.md
 - docs/sources/cargo.md
+- docs/sources/cocoapods.md
 - docs/sources/composer.md
 - docs/sources/dep.md
 - docs/sources/git_submodule.md
@@ -316,6 +298,7 @@ files:
 - lib/licensed/sources/bundler/missing_specification.rb
 - lib/licensed/sources/cabal.rb
 - lib/licensed/sources/cargo.rb
+- lib/licensed/sources/cocoapods.rb
 - lib/licensed/sources/composer.rb
 - lib/licensed/sources/dep.rb
 - lib/licensed/sources/git_submodule.rb
@@ -348,14 +331,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 2.6.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3.1
+rubygems_version: 3.3.26
 signing_key: 
 specification_version: 4
 summary: Extract and validate the licenses of dependencies.

data/docs/packaging.md

@@ -1,53 +0,0 @@
-# Packaging licensed for distribution
-
-Licensed is built into executables and packaged for distribution using [ruby-packer][ruby-packer].
-
-Executable packages are currently supported for:
-1. Linux
-2. MacOS / Darwin
-
-The packaged executables contain a self-expanding file system containing ruby, licensed and all of it's runtime dependencies.  Licensed is run inside the contained file system, allowing usage in scenarios where ruby is not available on the host system.
-
-### Building packages
-
-Packages are built as `licensed-$VERSION-$PLATFORM-x64.tar.gz` tarballs that contain a single `./licensed` executable.  After building a package through the available scripting, it will be available in the `pkg` directory.
-
-By default an exe is built for the current licensed git `HEAD`.  The
-`$VERSION` in the package name will be set to the current branch name if
-available, otherwise the current SHA.  To use a specific licensed version,
-set a `VERSION` environment variable when calling the packaging scripts.  `VERSION` can be set to any value that works with `git checkout`.
-
-#### Building all packages
-```bash
-# build all packages
-$ script/package
-```
-or
-```bash
-# build all packages
-$ bundle exec rake package
-```
-
-#### Building packages for a single platform
-```bash
-# build package for linux
-$ script/package linux
-```
-or
-```bash
-# build package for linux
-$ bundle exec rake package:linux
-```
-
-#### Building packages for a specific version
-```bash
-# VERSION can be set to anything that works with git checkout - tag, branch, SHA1
-$ VERSION="1.1.0" script/package
-```
-or
-```bash
-# VERSION can be set to anything that works with git checkout - tag, branch, SHA1
-$ VERSION="1.1.0" bundle exec rake package
-```
-
-[ruby-packer]: https://github.com/pmq20/ruby-packer