licensed 3.9.1 → 4.1.0

data/lib/licensed/sources/go.rb

@@ -36,27 +36,13 @@ module Licensed
 
       # Returns an array of dependency package import paths
       def packages
-        dependency_packages =
-          if go_version < Gem::Version.new("1.11.0")
-            root_package_deps
-          else
-            go_list_deps
-          end
-
         # don't include go std packages
         # don't include packages under the root project that aren't vendored
-        dependency_packages
+        go_list_deps
           .reject { |pkg| go_std_package?(pkg) }
           .reject { |pkg| local_package?(pkg) }
       end
 
-      # Returns non-ignored packages found from the root packages "Deps" property
-      def root_package_deps
-        # check for ignored packages to avoid raising errors calling `go list`
-        # when ignored package is not found
-        Parallel.map(Array(root_package["Deps"])) { |name| package_info(name) }
-      end
-
       # Returns the list of dependencies as returned by "go list -json -deps"
       # available in go 1.11
       def go_list_deps
@@ -188,13 +174,6 @@ module Licensed
         package["ImportPath"]
       end
 
-      # Returns a hash of information about the package with a given import path
-      #
-      # import_path - Go package import path
-      def package_info(import_path)
-        JSON.parse(package_info_command(import_path))
-      end
-
       # Returns package information as a JSON string
       #
       # args - additional arguments to `go list`, e.g. Go package import path
@@ -202,11 +181,6 @@ module Licensed
         Licensed::Shell.execute("go", "list", "-e", "-json", *Array(args)).strip
       end
 
-      # Returns the info for the package under test
-      def root_package
-        @root_package ||= package_info(".")
-      end
-
       # Returns whether go source is found
       def go_source?
         with_configured_gopath { Licensed::Shell.success?("go", "doc") }
@@ -230,15 +204,6 @@ module Licensed
         end
       end
 
-      # Returns the current version of go available, as a Gem::Version
-      def go_version
-        @go_version ||= begin
-          full_version = Licensed::Shell.execute("go", "version").strip
-          version_string = full_version.gsub(%r{.*go(\d+\.\d+(\.\d+)?).*}, "\\1")
-          Gem::Version.new(version_string)
-        end
-      end
-
       private
 
       # Execute a block with ENV["GOPATH"] set to the value of #gopath.

data/lib/licensed/sources/gradle.rb

@@ -9,53 +9,19 @@ require "fileutils"
 module Licensed
   module Sources
     class Gradle < Source
-
       DEFAULT_CONFIGURATIONS   = ["runtime", "runtimeClasspath"].freeze
       GRADLE_LICENSES_PATH     = ".gradle-licenses".freeze
-
+      GRADLE_LICENSES_CSV_NAME = "licenses.csv".freeze
       class Dependency < Licensed::Dependency
-        GRADLE_LICENSES_CSV_NAME = "licenses.csv".freeze
-
         class << self
-          # Returns a key to uniquely identify a name and version in the obtained CSV content
-          def csv_key(name:, version:)
-            "#{name}-#{version}"
-          end
-
-          # Loads and caches license report CSV data as a hash of :name-:version => :url pairs
-          #
-          # executable     - The gradle executable to run to generate the license report
-          # configurations - The gradle configurations to generate license report for
-          #
-          # Returns a hash of dependency identifiers to their license content URL
-          def load_csv(path, executable, configurations)
-            @csv ||= begin
-              gradle_licenses_dir = File.join(path, GRADLE_LICENSES_PATH)
-              Licensed::Sources::Gradle.gradle_command("generateLicenseReport", path: path, executable: executable, configurations: configurations)
-              CSV.foreach(File.join(gradle_licenses_dir, GRADLE_LICENSES_CSV_NAME), headers: true).each_with_object({}) do |row, hsh|
-                name, _, version = row["artifact"].rpartition(":")
-                key = csv_key(name: name, version: version)
-                hsh[key] = row["moduleLicenseUrl"]
-              end
-            ensure
-              FileUtils.rm_rf(gradle_licenses_dir)
-            end
-          end
-
-          # Returns the cached url for the given dependency
-          def url_for(dependency)
-            @csv[csv_key(name: dependency.name, version: dependency.version)]
-          end
-
           # Cache and return the results of getting the license content.
           def retrieve_license(url)
             (@licenses ||= {})[url] ||= Net::HTTP.get(URI(url))
           end
         end
 
-        def initialize(name:, version:, path:, executable:, configurations:, metadata: {})
-          @configurations = configurations
-          @executable = executable
+        def initialize(name:, version:, path:, url:, metadata: {})
+          @url = url
           super(name: name, version: version, path: path, metadata: metadata)
         end
 
@@ -68,32 +34,27 @@ module Licensed
 
         # Returns a Licensee::ProjectFiles::LicenseFile for the dependency
         def project_files
-          self.class.load_csv(path, @executable, @configurations)
-          url = self.class.url_for(self)
+          return [] if @url.nil?
 
-          return [] if url.nil?
-
-          license_data = self.class.retrieve_license(url)
-
-          Array(Licensee::ProjectFiles::LicenseFile.new(license_data, { uri: url }))
+          license_data = self.class.retrieve_license(@url)
+          Array(Licensee::ProjectFiles::LicenseFile.new(license_data, { uri: @url }))
         end
       end
 
       def enabled?
-        !gradle_executable.to_s.empty? && File.exist?(config.pwd.join("build.gradle"))
+        !executable.to_s.empty? && File.exist?(config.pwd.join("build.gradle"))
       end
 
       def enumerate_dependencies
-        JSON.parse(self.class.gradle_command("printDependencies", path: config.pwd, executable: gradle_executable, configurations: configurations)).map do |package|
-          name = "#{package["group"]}:#{package["name"]}"
+        JSON.parse(gradle_runner.run("printDependencies", config.source_path)).map do |package|
+          name = "#{package['group']}:#{package['name']}"
           Dependency.new(
             name: name,
             version: package["version"],
             path: config.pwd,
-            executable: gradle_executable,
-            configurations: configurations,
+            url: package_url(name: name, version: package["version"]),
             metadata: {
-              "type"     => Gradle.type
+              "type" => Gradle.type,
             }
           )
         end
@@ -101,15 +62,20 @@ module Licensed
 
       private
 
-      def gradle_executable
-        return @gradle_executable if defined?(@gradle_executable)
-        @gradle_executable = begin
-          gradlew = File.join(config.pwd, "gradlew")
+      def executable
+        return @executable if defined?(@executable)
+
+        @executable = begin
           return gradlew if File.executable?(gradlew)
+
           "gradle" if Licensed::Shell.tool_available?("gradle")
         end
       end
 
+      def gradle_runner
+        @gradle_runner ||= Runner.new(config.pwd, configurations, executable)
+      end
+
       # Returns the configurations to include in license generation.
       # Defaults to ["runtime", "runtimeClasspath"]
       def configurations
@@ -122,61 +88,128 @@ module Licensed
         end
       end
 
-      def self.add_gradle_license_report_plugins_block(gradle_build_file)
-
-        if gradle_build_file.include? "plugins"
-          gradle_build_file.gsub(/(?<=plugins)\s+{/, " { id 'com.github.jk1.dependency-license-report' version '1.16'")
-        else
-
-          gradle_build_file = " plugins { id 'com.github.jk1.dependency-license-report' version '1.16' }" + gradle_build_file
+      # Returns the path to the Gradle wrapper.
+      def gradlew
+        @gradlew ||= begin
+          gradlew = config.dig("gradle", "gradlew")
+          config.root.join(gradlew || "gradlew").to_s
         end
       end
 
-      def self.gradle_command(*args, path:, executable:, configurations:)
-        gradle_build_file = File.read("build.gradle")
+      # Returns a key to uniquely identify a name and version in the obtained CSV content
+      def csv_key(name:, version:)
+        "#{name}-#{version}"
+      end
+
+      def package_url(name:, version:)
+        # load and memoize the license report CSV
+        @urls ||= load_csv
 
-        if !gradle_build_file.include? "dependency-license-report"
-          gradle_build_file = Licensed::Sources::Gradle.add_gradle_license_report_plugins_block(gradle_build_file)
-        end
+        # uniquely identify a name and version in the obtained CSV content
+        @urls["#{name}-#{version}"]
+      end
 
-        Dir.chdir(path) do
-          Tempfile.create(["license-", ".gradle"], path) do |f|
-            f.write(gradle_build_file)
-            f.write gradle_file(configurations)
-            f.close
-            Licensed::Shell.execute(executable, "-q", "-b", f.path, *args)
+      def load_csv
+        begin
+          # create the CSV file including dependency license urls using the gradle plugin
+          gradle_licenses_dir = File.join(config.root, GRADLE_LICENSES_PATH)
+          gradle_runner.run("generateLicenseReport", config.source_path)
+
+          # parse the CSV report for dependency license urls
+          CSV.foreach(File.join(gradle_licenses_dir, GRADLE_LICENSES_CSV_NAME), headers: true).each_with_object({}) do |row, hsh|
+            name, _, version = row["artifact"].rpartition(":")
+            key = csv_key(name: name, version: version)
+            hsh[key] = row["moduleLicenseUrl"]
           end
+        ensure
+          FileUtils.rm_rf(gradle_licenses_dir)
         end
       end
 
-      def self.gradle_file(configurations)
-        <<~EOF
+      # Returns the cached url for the given dependency
+      def url_for(dependency)
+        @csv[csv_key(name: dependency.name, version: dependency.version)]
+      end
+
+      # The Gradle::Runner class is a wrapper which provides
+      # an interface to run gradle commands with the init script initialized
+      class Runner
+        def initialize(root_path, configurations, executable)
+          @root_path = root_path
+          @executable = executable
+          @init_script = create_init_script(root_path, configurations)
+        end
 
-          import com.github.jk1.license.render.CsvReportRenderer
-          import com.github.jk1.license.filter.LicenseBundleNormalizer
+        def run(command, source_path)
+          args = [format_command(command, source_path)]
+          # The configuration cache is an incubating feature that can be activated manually.
+          # The gradle plugin for licenses does not support it so we prevent it to run for gradle version supporting it.
+          args << "--no-configuration-cache" if gradle_version >= "6.6"
+          Licensed::Shell.execute(@executable, "-q", "--init-script", @init_script.path, *args)
+        end
 
-          final configs = #{configurations.inspect}
+        private
 
-          licenseReport {
-              configurations = configs
-              outputDir = "$projectDir/#{GRADLE_LICENSES_PATH}"
-              renderers = [new CsvReportRenderer()]
-              filters = [new LicenseBundleNormalizer()]
-          }
+        def gradle_version
+          @gradle_version ||= Licensed::Shell.execute(@executable, "--version").scan(/Gradle [\d+]\.[\d+]/).last.split(" ").last
+        end
 
-          task printDependencies {
-              doLast {
-                  def dependencies = []
-                  configs.each {
-                      configurations[it].resolvedConfiguration.resolvedArtifacts.each { artifact ->
-                          def id = artifact.moduleVersion.id
-                          dependencies << "  { \\"group\\": \\"${id.group}\\", \\"name\\": \\"${id.name}\\", \\"version\\": \\"${id.version}\\" }"
+        def create_init_script(path, configurations)
+          Dir.chdir(path) do
+            f = Tempfile.new(["init", ".gradle"], @root_path)
+            f.write(
+              <<~EOF
+                  import com.github.jk1.license.render.CsvReportRenderer
+                  import com.github.jk1.license.filter.LicenseBundleNormalizer
+                  final configs = #{configurations.inspect}
+
+                  initscript {
+                    repositories {
+                      maven {
+                        url "https://plugins.gradle.org/m2/"
                       }
+                    }
+                    dependencies {
+                      classpath "com.github.jk1:gradle-license-report:#{gradle_version >= "7.0" ? "2.0" : "1.17"}"
+                    }
                   }
-                  println "[\\n${dependencies.join(", ")}\\n]"
-              }
-          }
-        EOF
+
+                  allprojects {
+                    apply plugin: com.github.jk1.license.LicenseReportPlugin
+                    licenseReport {
+                        outputDir = "$rootDir/.gradle-licenses"
+                        configurations = configs
+                        renderers = [new CsvReportRenderer()]
+                        filters = [new LicenseBundleNormalizer()]
+                    }
+
+                    task printDependencies {
+                      doLast {
+                          def dependencies = []
+                          configs.each {
+                              configurations[it].resolvedConfiguration.resolvedArtifacts.each { artifact ->
+                                  def id = artifact.moduleVersion.id
+                                  dependencies << "{ \\"group\\": \\"${id.group}\\", \\"name\\": \\"${id.name}\\", \\"version\\": \\"${id.version}\\" }"
+                              }
+                          }
+                          println "[${dependencies.join(", ")}]"
+                      }
+                    }
+                  }
+                EOF
+              )
+            f.close
+            f
+          end
+        end
+
+        # Prefixes the gradle command with the project name for multi-build projects.
+        def format_command(command, source_path)
+          Dir.chdir(source_path) do
+            path = Licensed::Shell.execute(@executable, "properties", "-Dorg.gradle.logging.level=quiet").scan(/path:.*/).last.split(" ").last
+            path == ":" ? command : "#{path}:#{command}"
+          end
+        end
       end
     end
   end

data/lib/licensed/sources/pnpm.rb

@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+require "json"
+
+module Licensed
+  module Sources
+    class PNPM < Source
+      # Returns true when pnpm is installed and a pnpm-lock.yaml file is found,
+      # otherwise false
+      def enabled?
+        return false unless Licensed::Shell.tool_available?("pnpm")
+        File.exist?(File.join(config.pwd, "pnpm-lock.yaml"))
+      end
+
+      def enumerate_dependencies
+        packages.map do |package|
+          name_with_version = "#{package["name"]}@#{package["version"]}"
+          Dependency.new(
+            name: name_with_version,
+            version: package["version"],
+            path: package["path"],
+            metadata: {
+              "type"     => PNPM.type,
+              "name"     => package["name"],
+              "summary"  => package["description"],
+              "homepage" => package["homepage"]
+            }
+          )
+        end
+      end
+
+      # Returns package metadata returned from `pnpm licensed list`
+      def packages
+        JSON.parse(package_metadata_command).values.flatten
+      rescue JSON::ParserError => e
+        message = "Licensed was unable to parse the output from 'pnpm licenses list'. JSON Error: #{e.message}"
+        raise Licensed::Sources::Source::Error, message
+      end
+
+      # Returns the output from running `pnpm licenses list` to get package metadata
+      def package_metadata_command
+        args = %w(--json --long)
+        args << "--prod" unless include_non_production?
+        Licensed::Shell.execute("pnpm", "licenses", "list", *args, allow_failure: true)
+      end
+
+      # Returns whether to include non production dependencies based on the licensed configuration settings
+      def include_non_production?
+        config.dig("pnpm", "production_only") == false
+      end
+    end
+  end
+end

data/lib/licensed/sources/source.rb

@@ -69,7 +69,9 @@ module Licensed
       # Returns all dependencies that should be evaluated.
       # Excludes ignored dependencies.
       def dependencies
-        cached_dependencies.reject { |d| ignored?(d) }
+        cached_dependencies
+          .reject { |d| ignored?(d) }
+          .each { |d| add_additional_terms_from_configuration(d) }
       end
 
       # Enumerate all source dependencies.  Must be implemented by each source class.
@@ -88,6 +90,11 @@ module Licensed
       def cached_dependencies
         @dependencies ||= enumerate_dependencies.compact
       end
+
+      # Add any additional_terms for this dependency that have been added to the configuration
+      def add_additional_terms_from_configuration(dependency)
+        dependency.additional_terms.concat config.additional_terms_for_dependency("type" => self.class.type, "name" => dependency.name)
+      end
     end
   end
 end

data/lib/licensed/sources.rb

@@ -6,18 +6,20 @@ module Licensed
     require "licensed/sources/bundler"
     require "licensed/sources/cabal"
     require "licensed/sources/cargo"
+    require "licensed/sources/cocoapods"
     require "licensed/sources/composer"
     require "licensed/sources/dep"
     require "licensed/sources/git_submodule"
     require "licensed/sources/go"
+    require "licensed/sources/gradle"
     require "licensed/sources/manifest"
+    require "licensed/sources/mix"
     require "licensed/sources/npm"
     require "licensed/sources/nuget"
     require "licensed/sources/pip"
     require "licensed/sources/pipenv"
+    require "licensed/sources/pnpm"
     require "licensed/sources/swift"
-    require "licensed/sources/gradle"
-    require "licensed/sources/mix"
     require "licensed/sources/yarn"
   end
 end

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "3.9.1".freeze
+  VERSION = "4.1.0".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

data/licensed.gemspec

@@ -21,21 +21,21 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.required_ruby_version = ">= 2.3.0"
+  spec.required_ruby_version = ">= 2.6.0"
 
-  spec.add_dependency "licensee", ">= 9.15.2", "< 10.0.0"
-  spec.add_dependency "thor", ">= 0.19"
+  spec.add_dependency "licensee", "~> 9.16"
+  spec.add_dependency "thor", "~> 1.2"
   spec.add_dependency "pathname-common_prefix", "~> 0.0.1"
-  spec.add_dependency "tomlrb", ">= 1.2", "< 3.0"
-  spec.add_dependency "bundler", ">= 1.10"
-  spec.add_dependency "ruby-xxHash", "~> 0.4"
-  spec.add_dependency "parallel", ">= 0.18.0"
-  spec.add_dependency "reverse_markdown", ">= 1", "< 3"
-  spec.add_dependency "json", ">= 2.6.2"
+  spec.add_dependency "tomlrb", "~> 2.0"
+  spec.add_dependency "ruby-xxHash", "~> 0.4.0"
+  spec.add_dependency "parallel", "~> 1.22"
+  spec.add_dependency "reverse_markdown", "~> 2.1"
+  spec.add_dependency "json", "~> 2.6"
+  # spec.add_dependency "cocoapods-core", "~> 1.11"
 
-  spec.add_development_dependency "rake", ">= 12.3.3"
-  spec.add_development_dependency "minitest", "~> 5.8"
+  spec.add_development_dependency "rake", "~> 13.0"
+  spec.add_development_dependency "minitest", "~> 5.17"
   spec.add_development_dependency "mocha", "~> 2.0"
-  spec.add_development_dependency "rubocop-github", "~> 0.6"
-  spec.add_development_dependency "byebug", "~> 11.1.3"
+  spec.add_development_dependency "rubocop-github", "~> 0.20"
+  spec.add_development_dependency "byebug", "~> 11.1"
 end