licensed 5.0.6 → 5.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b2116c5d4d417f54373aa775d2fdc5791479445806e0f6da1766f665af2c1805
-  data.tar.gz: 564c0a2ca1a6467600be91af8915bc34ab3c7a7cc11bb5b3db595845c93c26dc
+  metadata.gz: 93373cde622ea3d33acda4c6a94ddff7c309d6381b5578c5d8224aca5d899cf3
+  data.tar.gz: c03ab707bbc5f0aaecca317e2bfa3418d716a4aaba648cd1327626ef67ec8454
 SHA512:
-  metadata.gz: c181754b3c73c8f03dec2d2d3159a4291511d2f65510b18fa19c3d7dbd609b7afb2c1c61ae1099f118fac7bbcfb4d93d32ea1647c8114bd5934a67dc1158303b
-  data.tar.gz: 3017621bfa6f3dbb7fcaebafe9056e91ed5ed9bca7de878dcf75050a8f20200ad30bb4aa344a473d38be730ce4e0cc071508b2a5ab2af5a1dd41b244cb7e02a5
+  metadata.gz: c440e8a50d67a00eedd20ab514c66d922b6ffa7c7d24a8419ed558839d2355c8315dc865785110d176718015ed93004023557b763ff6e2c5003025e27ff3a770
+  data.tar.gz: 422a67416d5799789e0f2755190a112561cf1870627dc46d628311b175f1c96d27a222c7cc67113636853ef320348f45e8affd3e1c646b1b0a3005fb49eb95c4

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    licensed (5.0.6)
+    licensed (5.0.7)
       csv (~> 3.3)
       json (~> 2.6)
       licensee (~> 9.16)
@@ -16,27 +16,27 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (7.2.3)
+    activesupport (8.1.3)
       base64
-      benchmark (>= 0.3)
       bigdecimal
       concurrent-ruby (~> 1.0, >= 1.3.1)
       connection_pool (>= 2.2.5)
       drb
       i18n (>= 1.6, < 2)
+      json
       logger (>= 1.4.2)
       minitest (>= 5.1)
       securerandom (>= 0.3)
       tzinfo (~> 2.0, >= 2.0.5)
-    addressable (2.8.8)
+      uri (>= 0.13.1)
+    addressable (2.9.0)
       public_suffix (>= 2.0.2, < 8.0)
     ast (2.4.3)
     base64 (0.3.0)
-    benchmark (0.5.0)
-    bigdecimal (4.0.1)
+    bigdecimal (4.1.1)
     byebug (12.0.0)
     concurrent-ruby (1.3.6)
-    connection_pool (2.5.5)
+    connection_pool (3.0.2)
     csv (3.3.5)
     dotenv (3.2.0)
     drb (2.2.3)
@@ -48,11 +48,11 @@ GEM
       net-http (~> 0.5)
     i18n (1.14.8)
       concurrent-ruby (~> 1.0)
-    json (2.18.1)
+    json (2.19.3)
     language_server-protocol (3.17.0.5)
-    licensee (9.18.0)
+    licensee (9.19.0)
       dotenv (>= 2, < 4)
-      octokit (>= 4.20, < 10.0)
+      octokit (>= 4.20, < 11.0)
       reverse_markdown (>= 1, < 4)
       rugged (>= 0.24, < 2.0)
       thor (>= 0.19, < 2.0)
@@ -62,46 +62,46 @@ GEM
     minitest (5.27.0)
     minitest-hooks (1.5.3)
       minitest (> 5.3)
-    mocha (3.0.2)
+    mocha (3.1.0)
       ruby2_keywords (>= 0.0.5)
     net-http (0.9.1)
       uri (>= 0.11.1)
-    nokogiri (1.19.1)
+    nokogiri (1.19.2)
       mini_portile2 (~> 2.8.2)
       racc (~> 1.4)
-    octokit (9.2.0)
+    octokit (10.0.0)
       faraday (>= 1, < 3)
       sawyer (~> 0.9)
     ostruct (0.6.3)
-    parallel (1.27.0)
-    parser (3.3.10.1)
+    parallel (1.28.0)
+    parser (3.3.11.1)
       ast (~> 2.4.1)
       racc
     pathname-common_prefix (0.0.2)
     prism (1.9.0)
-    public_suffix (6.0.2)
+    public_suffix (7.0.5)
     racc (1.8.1)
-    rack (3.2.5)
+    rack (3.2.6)
     rainbow (3.1.1)
-    rake (13.3.1)
-    regexp_parser (2.11.3)
+    rake (13.4.1)
+    regexp_parser (2.12.0)
     reverse_markdown (3.0.2)
       nokogiri
-    rubocop (1.84.2)
+    rubocop (1.86.1)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
-      parallel (~> 1.10)
+      parallel (>= 1.10)
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 2.9.3, < 3.0)
       rubocop-ast (>= 1.49.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.49.0)
+    rubocop-ast (1.49.1)
       parser (>= 3.3.7.2)
       prism (~> 1.7)
-    rubocop-github (0.26.0)
+    rubocop-github (0.27.0)
       rubocop (>= 1.76)
       rubocop-performance (>= 1.24)
       rubocop-rails (>= 2.23)
@@ -145,4 +145,4 @@ DEPENDENCIES
   rubocop-github (~> 0.20)
 
 BUNDLED WITH
-  4.0.3
+  4.0.8

data/README.md

@@ -94,7 +94,7 @@ To get started after checking out the repo, run
 
 You can also run `script/console` for an interactive prompt that will allow you to experiment.
 
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then create a release on GitHub.
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, create a GitHub release from the matching `vX.Y.Z` tag.
 
 ### Adding a new source
 

data/lib/licensed/sources/pip.rb

@@ -20,7 +20,7 @@ module Licensed
             metadata: {
               "type"        => self.class.type,
               "summary"     => package["Summary"],
-              "homepage"    => package["Home-page"]
+              "homepage"    => homepage(package)
             }
           )
         end
@@ -83,14 +83,30 @@ module Licensed
       end
 
       # Returns a hash filled with package info parsed from the email-header formatted output
-      # returned by `pip show`
+      # returned by `pip show --verbose`, including continuation lines for multi-line fields.
       def parse_package_info(package_info)
+        current_key = nil
+
         package_info.lines.each_with_object(Hash.new(0)) do |pkg, a|
-          next if pkg.start_with?(/^\s/)
+          if pkg.match?(/^\s/)
+            if current_key
+              current_value = a[current_key]
+              continuation = pkg.strip
+              a[current_key] =
+                if current_value.to_s.empty?
+                  continuation
+                else
+                  "#{current_value}\n#{continuation}"
+                end
+            end
+            next
+          end
 
           k, v = pkg.split(":", 2)
           next if k.nil? || k.empty?
-          a[k.strip] = v&.strip
+
+          current_key = k.strip
+          a[current_key] = v&.strip
         end
       end
 
@@ -101,7 +117,39 @@ module Licensed
 
       # Returns the output from `pip show <package> <package> ...`
       def pip_show_command(package)
-        Licensed::Shell.execute(*pip_command, "--disable-pip-version-check", "show", package)
+        Licensed::Shell.execute(*pip_command, "--disable-pip-version-check", "show", "--verbose", package)
+      end
+
+      # Returns the package homepage from pip package metadata
+      def homepage(package)
+        home_page = package["Home-page"]
+        return home_page unless home_page.to_s.empty?
+
+        homepage_from_project_urls(package["Project-URL"] || package["Project-URLs"]) || home_page
+      end
+
+      # Returns best-effort homepage URL extracted from Project-URL(s) metadata
+      # With priority given to Home > Repository > Source, otherwise the first URL
+      def homepage_from_project_urls(project_urls)
+        return if project_urls.to_s.empty?
+
+        entries = project_urls
+          .to_s
+          .split("\n")
+          .map(&:strip)
+          .reject(&:empty?)
+
+        candidates = entries.filter_map do |entry|
+          label, url = entry.split(",", 2).map { |value| value&.strip }
+          next unless url&.match?(%r{^https?://})
+
+          [label.to_s, url]
+        end
+
+        preferred = candidates.find { |label, _| label.match?(/home/i) } ||
+          candidates.find { |label, _| label.match?(/repo/i) } ||
+          candidates.find { |label, _| label.match?(/source/i) }
+        preferred&.last || candidates.first&.last
       end
 
       def virtual_env_dir

data/lib/licensed/version.rb

@@ -1,6 +1,56 @@
 # frozen_string_literal: true
+require "open3"
+
 module Licensed
-  VERSION = "5.0.6".freeze
+  VERSION = begin
+    root = File.expand_path("../..", __dir__)
+    loaded_spec = Gem.loaded_specs["licensed"]
+    loaded_from = loaded_spec&.loaded_from && File.expand_path(loaded_spec.loaded_from)
+
+    # Published gems should report the version stored in gem metadata. Source
+    # checkouts need to ignore Bundler's path gemspec so development builds can
+    # infer the next release version from git tags.
+    if loaded_spec&.version && loaded_from != File.join(root, "licensed.gemspec")
+      loaded_spec.version.to_s
+    else
+      git_error = nil
+
+      begin
+        output, status = Open3.capture2e(
+          "git",
+          "describe",
+          "--tags",
+          chdir: root
+        )
+      rescue SystemCallError => e
+        git_error = e.message
+      end
+
+      if status&.success?
+        described_version = output.strip.delete_prefix("v")
+
+        # Exact tags build that tag's version. Commits after a tag build the
+        # next patch version Homebrew and the release workflow should expect.
+        if (match = described_version.match(/\A(.+)-\d+-g[0-9a-f]+(?:-dirty)?\z/))
+          match[1].sub(/\d+\z/) { |segment| (segment.to_i + 1).to_s.rjust(segment.length, "0") }
+        else
+          described_version
+        end
+      elsif File.exist?(lockfile = File.join(root, "Gemfile.lock"))
+        # Shallow CI checkouts do not fetch tags in the broad test matrix. The
+        # lockfile keeps Bundler setup fast and deterministic there.
+        lockfile_version = File.read(lockfile)[/^    licensed \(([^)]+)\)$/, 1]
+        raise "Unable to determine licensed version from Gemfile.lock" unless lockfile_version
+
+        lockfile_version
+      else
+        error_output = output.to_s.strip
+        raise "Unable to determine licensed version" if git_error.to_s.empty? && error_output.empty?
+
+        raise "Unable to determine licensed version: #{git_error || error_output}"
+      end
+    end
+  end.freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 5.0.6
+  version: 5.1.0
 platform: ruby
 authors:
 - GitHub
@@ -375,7 +375,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.3
+rubygems_version: 4.0.6
 specification_version: 4
 summary: Extract and validate the licenses of dependencies.
 test_files: []