licensed 2.13.0 → 2.14.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a4477f07cae2650a7d8679a9042f73a7d14d8de019088be22d09f30e0f8af4c2
-  data.tar.gz: b4cbd8769c1f98b1a0729e5d603ff08c15d2d5c5e4e8e029cd3bce7f69f395c1
+  metadata.gz: b246cf67fe29bfe3612770c81b44006cdc185e2875deba36aa339b7f8be6d654
+  data.tar.gz: 47e90e173cd914d214c270db673c1ffdff61f155853fec18da41837cebe7740b
 SHA512:
-  metadata.gz: 83e7612e7a1fe2dbb77d48893c68db036630a45cdbc37f38f6630be0380231d9ac7fc0d37298d3a8a349d4bd43eb1dad64b7ec26a4b8d795806fb682091d94b7
-  data.tar.gz: 26e4fed8cede2d4de43fc511a85a82507dcc0cbcc9a66537d39a189d533a7cfbb22fdf2be5ad242ae72f4943fde6676c23b0bdcdf906beeecef813369177c158
+  metadata.gz: 8e651c1ce72c6802b7f13e813ea4227c8dbeb53058deb8f68f1c8eabbcf4b9c4b9bd4a130b2d00b4238e14577f0a341d55fabac5aa72d0c3d0195a4b75bd1c86
+  data.tar.gz: b07832f775f62da3fef628bf3ca9769e6f33e9d32338ffe468dad212f27d65d2be455e57ac73786930017d55308cd5222f2280f2944c832a1f32fa5c8a3557bb

data/.github/workflows/release.yml

@@ -1,18 +1,12 @@
-name: Create release
+name: Build and publish release assets
 
-on: create
+on:
+  release:
+    types: [created]
 
 jobs:
-  tag_filter:
-    runs-on: ubuntu-latest
-    if: startsWith(github.ref, 'refs/tags/')
-    steps:
-      - run: exit 0
-
   package_linux:
     runs-on: ubuntu-latest
-    needs: tag_filter
-
     steps:
     - uses: actions/checkout@v2
     - name: Set up Ruby 2.6
@@ -23,17 +17,15 @@ jobs:
     - name: Build package
       run: script/packages/linux
       env:
-        VERSION: ${{github.event.ref}}
+        VERSION: ${{github.event.release.tag_name}}
 
     - uses: actions/upload-artifact@v2
       with:
-        name: ${{github.event.ref}}-linux
-        path: pkg/${{github.event.ref}}/licensed-${{github.event.ref}}-linux-x64.tar.gz
+        name: ${{github.event.release.tag_name}}-linux
+        path: pkg/${{github.event.release.tag_name}}/licensed-${{github.event.release.tag_name}}-linux-x64.tar.gz
 
   package_mac:
     runs-on: macOS-latest
-    needs: tag_filter
-
     steps:
     - uses: actions/checkout@v2
     - name: Set up Ruby 2.6
@@ -44,17 +36,15 @@ jobs:
     - name: Build package
       run: script/packages/mac
       env:
-        VERSION: ${{github.event.ref}}
+        VERSION: ${{github.event.release.tag_name}}
 
     - uses: actions/upload-artifact@v2
       with:
-        name: ${{github.event.ref}}-darwin
-        path: pkg/${{github.event.ref}}/licensed-${{github.event.ref}}-darwin-x64.tar.gz
+        name: ${{github.event.release.tag_name}}-darwin
+        path: pkg/${{github.event.release.tag_name}}/licensed-${{github.event.release.tag_name}}-darwin-x64.tar.gz
 
   build_gem:
     runs-on: ubuntu-latest
-    needs: tag_filter
-
     steps:
     - uses: actions/checkout@v2
     - name: Set up Ruby 2.6
@@ -63,25 +53,16 @@ jobs:
         ruby-version: 2.6.x
 
     - name: Build gem
-      run: gem build *.gemspec
+      run: gem build licensed.gemspec -o licensed-${{github.event.release.tag_name}}.gem
 
     - uses: actions/upload-artifact@v2
       with:
-        name: ${{github.event.ref}}-gem
-        path: licensed-${{github.event.ref}}.gem
-
-  create_release:
-    runs-on: ubuntu-latest
-    needs: [package_linux, package_mac, build_gem]
-    steps:
-    - uses: Roang-zero1/github-create-release-action@v1.0.2
-      env:
-        GITHUB_TOKEN: ${{ secrets.API_AUTH_TOKEN }}
-        VERSION_REGEX: "^[[:digit:]]+\\.[[:digit:]]+\\.[[:digit:]]+"
+        name: ${{github.event.release.tag_name}}-gem
+        path: licensed-${{github.event.release.tag_name}}.gem
 
   upload_packages:
     runs-on: ubuntu-latest
-    needs: [create_release]
+    needs: [package_linux, package_mac, build_gem]
 
     steps:
     - name: Set up Ruby 2.6
@@ -92,32 +73,45 @@ jobs:
     - name: Download linux package
       uses: actions/download-artifact@v2
       with:
-        name: ${{github.event.ref}}-linux
+        name: ${{github.event.release.tag_name}}-linux
 
     - name: Download macOS package
       uses: actions/download-artifact@v2
       with:
-        name: ${{github.event.ref}}-darwin
+        name: ${{github.event.release.tag_name}}-darwin
 
     - name: Download gem
       uses: actions/download-artifact@v2
       with:
-        name: ${{github.event.ref}}-gem
+        name: ${{github.event.release.tag_name}}-gem
 
-    - name: Publish packages to GitHub Release
-      uses: Roang-zero1/github-upload-release-artifacts-action@v2.0.0
+    - name: Publish linux package
+      uses: actions/upload-release-asset@v1
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
-        args: licensed-${{github.event.ref}}-linux-x64.tar.gz licensed-${{github.event.ref}}-darwin-x64.tar.gz
+        upload_url: ${{ github.event.release.upload_url }}
+        asset_path: ./licensed-${{github.event.release.tag_name}}-linux-x64.tar.gz
+        asset_name: licensed-${{github.event.release.tag_name}}-linux-x64.tar.gz
+        asset_content_type: application/gzip
+
+    - name: Publish mac package
+      uses: actions/upload-release-asset@v1
       env:
-        GITHUB_TOKEN: ${{secrets.API_AUTH_TOKEN}}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      with:
+        upload_url: ${{ github.event.release.upload_url }}
+        asset_path: ./licensed-${{github.event.release.tag_name}}-darwin-x64.tar.gz
+        asset_name: licensed-${{github.event.release.tag_name}}-darwin-x64.tar.gz
+        asset_content_type: application/gzip
 
     - name: Publish gem to RubyGems
       run: |
         mkdir -p $HOME/.gem
         touch $HOME/.gem/credentials
         chmod 0600 $HOME/.gem/credentials
-        printf -- "---\n:rubygems_api_key: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
+        printf -- "---\n:rubygems_api_key: ${RUBYGEMS_API_KEY}\n" > $HOME/.gem/credentials
         gem push $GEM
       env:
-        GEM_HOST_API_KEY: ${{secrets.RUBYGEMS_AUTH_TOKEN}}
-        GEM: licensed-${{github.event.ref}}.gem
+        RUBYGEMS_API_KEY: ${{secrets.RUBYGEMS_AUTH_TOKEN}}
+        GEM: licensed-${{github.event.release.tag_name}}.gem

data/.github/workflows/test.yml

@@ -165,7 +165,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go: [ '1.7.x', '1.10.x', '1.11.x', '1.12.x', '1.13.x', '1.14.x' ]
+        go: [ '1.10.x', '1.11.x', '1.12.x', '1.13.x', '1.14.x', '1.15.x' ]
     steps:
     - uses: actions/checkout@v2
     - name: Setup go

data/CHANGELOG.md

@@ -6,6 +6,15 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 2.14.0
+2020-10-04
+
+### Addded
+- `reviewed` dependencies can use glob pattern matching (https://github.com/github/licensed/pull/313)
+
+### Fixed
+- Fix configuring source path globs that expand into a single directory (https://github.com/github/licensed/pull/312)
+
 ## 2.13.0
 2020-09-23
 
@@ -351,4 +360,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/2.13.0...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/2.14.0...HEAD

data/CONTRIBUTING.md

@@ -39,7 +39,7 @@ Pull requests that include a new dependency source must also
 ## Releasing
 If you are the current maintainer of this gem:
 
-1. Create a branch for the release: git checkout -b cut-release-vxx.xx.xx
+1. Create a branch for the release: git checkout -b cut-release-xx.xx.xx
 2. Make sure your local dependencies are up to date: `script/bootstrap`
 3. Ensure that tests are green: `bundle exec rake test`
 4. Bump gem version in lib/licensed/version.rb.
@@ -51,15 +51,16 @@ If you are the current maintainer of this gem:
    2. Install the new gem locally
    3. Test behavior locally, branch deploy, whatever needs to happen
 9. Merge github/licensed PR
-10. Tag and push: `git tag x.xx.xx; git push --tags`
+10. Create a new [github/licensed release](https://github.com/github/licensed/releases)
+   - Set the release name and tag to the release version - `x.xx.x`
+   - Set the release body to the changelog entries for the release
 
 The following steps will happen automatically from a GitHub Actions workflow
-after pushing a new tag. In case that fails, the following steps can be performed manually
+after creating the release. In case that fails, the following steps can be performed manually
 
-11. Push to rubygems.org -- `gem push licensed-x.xx.xx.gem`
+11. Push the gem from (7) to rubygems.org -- `gem push licensed-x.xx.xx.gem`
 12. Build packages for new tag: `VERSION=x.xx.xx bundle exec rake package`
-13. Create release for new tag at github/licensed.
-14. Add built packages to new release
+13. Upload packages from (12) to release from (10)
 
 ## Resources
 

data/docs/configuration.md

@@ -23,7 +23,7 @@ If a root path is not specified, it will default to using the following, in orde
 
 The `source_path` property can use a glob path to share configuration properties across multiple application entrypoints.
 
-For example, there is a common pattern in go projects to include multiple executable entrypoints under folders in `cmd`.  Using a glob pattern allows users to avoid manually configuring and maintaining multiple licensed application `source_path`s.  Using a glob pattern will also ensure that any new entrypoints matching the pattern are automatically picked up by licensed commands as they are added.
+For example, there is a common pattern in Go projects to include multiple executable entrypoints under folders in `cmd`.  Using a glob pattern allows users to avoid manually configuring and maintaining multiple licensed application `source_path`s.  Using a glob pattern will also ensure that any new entrypoints matching the pattern are automatically picked up by licensed commands as they are added.
 
 ```yml
 sources:
@@ -118,12 +118,6 @@ ignored:
   bower:
     - some-internal-package
 
-  go:
-    # ignore all go packages from import paths starting with github.com/internal-package
-    # see the `File.fnmatch?` documentation for details on how patterns are matched.
-    # comparisons use the FNM_CASEFOLD and FNM_PATHNAME flags
-    - github.com/internal-package/**/*
-
 # These dependencies have licenses not on the `allowed` list and have been reviewed.
 # They will be cached and checked, but will not raise errors or warnings for a
 # non-allowed license.  Dependencies on this list will still raise errors if

data/docs/sources/go.md

@@ -24,6 +24,26 @@ The setting supports absolute, relative and expandable (e.g. "~") paths.  Relati
 
 Non-empty `GOPATH` configuration settings will override the `GOPATH` environment variable while enumerating `go` dependencies.  The `GOPATH` environment variable is restored once dependencies have been enumerated.
 
+#### Reviewing and ignoring all packages from a Go module
+
+Go's package and module structure has common conventions that documentation and metadata for all packages in a module live in the module root.  In this scenario all packages share the same LICENSE information and can be reviewed or ignored at the module level rather than per-package using glob patterns.
+
+```yaml
+reviewed:
+  go:
+    # review all Go packages from import paths starting with github.com/external-package
+    # see the `File.fnmatch?` documentation for details on how patterns are matched.
+    # comparisons use the FNM_CASEFOLD and FNM_PATHNAME flags
+    - github.com/external-package/**/*
+
+ignored:
+  go:
+    # ignore all Go packages from import paths starting with github.com/internal-package
+    # see the `File.fnmatch?` documentation for details on how patterns are matched.
+    # comparisons use the FNM_CASEFOLD and FNM_PATHNAME flags
+    - github.com/internal-package/**/*
+```
+
 #### Versioning
 
 The go source supports multiple versioning strategies to determine if cached dependency metadata is stale.  A version strategy is chosen based on the availability of go module information along with the current app configuration.

data/lib/licensed/commands/command.rb

@@ -72,6 +72,12 @@ module Licensed
       # Returns whether the command succeeded for the application.
       def run_app(app)
         reporter.report_app(app) do |report|
+          # ensure the app source path exists before evaluation
+          if !Dir.exist?(app.source_path)
+            report.errors << "No such directory #{app.source_path}"
+            next false
+          end
+
           Dir.chdir app.source_path do
             begin
               # allow additional report data to be given by commands

data/lib/licensed/configuration.rb

@@ -69,7 +69,9 @@ module Licensed
 
     # Is the given dependency reviewed?
     def reviewed?(dependency)
-      Array(self["reviewed"][dependency["type"]]).include?(dependency["name"])
+      Array(self["reviewed"][dependency["type"]]).any? do |pattern|
+        File.fnmatch?(pattern, dependency["name"], File::FNM_PATHNAME | File::FNM_CASEFOLD)
+      end
     end
 
     # Is the given dependency ignored?
@@ -158,19 +160,22 @@ module Licensed
     def self.expand_app_source_path(app_config)
       return app_config if app_config["source_path"].to_s.empty?
 
+      # check if the source path maps to an existing directory
       source_path = File.expand_path(app_config["source_path"], AppConfiguration.root_for(app_config))
+      return app_config if Dir.exist?(source_path)
+
+      # try to expand the source path for glob patterns
       expanded_source_paths = Dir.glob(source_path).select { |p| File.directory?(p) }
-      # return the original configuration if glob didn't result in multiple paths
-      return app_config if expanded_source_paths.size <= 1
+      configs = expanded_source_paths.map { |path| app_config.merge("source_path" => path) }
 
-      # map the expanded paths to new application configurations
-      expanded_source_paths.map do |path|
-        config = app_config.merge("source_path" => path)
+      # if no directories are found for the source path, return the original config
+      return app_config if configs.size == 0
 
-        # update configured values for name and cache_path for uniqueness.
-        # this is only needed when values are explicitly set, AppConfiguration
-        # will handle configurations that don't have these explicitly set
-        dir_name = File.basename(path)
+      # update configured values for name and cache_path for uniqueness.
+      # this is only needed when values are explicitly set, AppConfiguration
+      # will handle configurations that don't have these explicitly set
+      configs.each do |config|
+        dir_name = File.basename(config["source_path"])
         config["name"] = "#{config["name"]}-#{dir_name}" if config["name"]
 
         # if a cache_path is set and is not marked as shared, append the app name
@@ -178,9 +183,9 @@ module Licensed
         if config["cache_path"] && config["shared_cache"] != true
           config["cache_path"] = File.join(config["cache_path"], dir_name)
         end
-
-        config
       end
+
+      configs
     end
 
     # Find a default configuration file in the given directory.

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "2.13.0".freeze
+  VERSION = "2.14.0".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 2.13.0
+  version: 2.14.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-09-24 00:00:00.000000000 Z
+date: 2020-10-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee