licensed 2.2.0 → 2.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ee8b9896bf3a7728b539c308822b7613b70ddc62
-  data.tar.gz: e3c4f581c2a1982b426a82dfd7c5217ca98d2838
+  metadata.gz: fb25b0f6171f25264970c95ae18b301c44400343
+  data.tar.gz: 945252932681b87f622fb9d065afae70af33ca0d
 SHA512:
-  metadata.gz: 05bc23396c71a8d445412965cc9decf5abb6d5a6ebc450060e318266a3504368abb257649092ffe1eae615a93b6e69e24f9192a7ed475c39ff9e943332db2cb4
-  data.tar.gz: 2fa140721c4e3fbfe22fe91048c8cac718ae6e918efc675cb800ea606d260de6383d977fa13ce1cd309b81c36275245183bbbbeca0b1f2ccfb81c812fb0f06a8
+  metadata.gz: d771ab002291e816f84b43eb66dc011f62ac6e3e0e4de2dfa82b869b19d60a3f584bc1cefbdd99798e14dec14310f7a447a522ff4ab0efbf6d73c9a661295811
+  data.tar.gz: 56877626264a91d6afd66740818b010655c1f9d5b0e9eb757c559f7092c3b2ef7962b12ed9d8284f4363e7e2ea7040199a86bd5cff855417b3243acebcb871d0

data/.gitignore

@@ -24,6 +24,7 @@ test/fixtures/cabal/*
 test/fixtures/git_submodule/*
 !test/fixtures/git_submodule/README
 test/fixtures/pip/venv
+test/fixtures/pipenv/Pipfile.lock
 !test/fixtures/migrations/**/*
 
 vendor/licenses

data/.travis.yml

@@ -73,20 +73,26 @@ matrix:
 
     # python 2.7 tests
     - language: python
-      python:
-        - "2.7"
+      python: 2.7
       before_script: ./script/source-setup/pip
       script: ./script/test pip
       env: NAME="pip"
 
     # python 3.6 tests
     - language: python
-      python:
-        - "3.6"
+      python: 3.6
       before_script: ./script/source-setup/pip
       script: ./script/test pip
       env: NAME="pip"
 
+    - language: python
+      python: 3.6
+      before_script:
+        - pip install pipenv
+        - ./script/source-setup/pipenv
+      script: ./script/test pipenv
+      env: NAME="pipenv"
+
     - language: ruby
       rvm: 2.4.0
       before_script: ./script/source-setup/git_submodule

data/CHANGELOG.md

@@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 2.1.0 - 2019-04-16
+
+### Added
+- New Pipenv dependency source enumerator (:tada: @krzysztof-pawlik-gat https://github.com/github/licensed/pull/167)
+
 ## 2.2.0 - 2019-05-11
 
 ### Added
@@ -162,4 +167,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/2.2.0...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/2.3.0...HEAD

data/README.md

@@ -87,7 +87,8 @@ Dependencies will be automatically detected for all of the following sources by
 6. [Manifest lists (manifests)](./docs/sources/manifests.md)
 7. [NPM (npm)](./docs/sources/npm.md)
 8. [Pip (pip)](./docs/sources/pip.md)
-9. [Git Submodules (git_submodule)](./docs/sources/git_submodule.md)
+9. [Pipenv (pipenv)](./docs/sources/pipenv.md)
+10. [Git Submodules (git_submodule)](./docs/sources/git_submodule.md)
 
 You can disable any of them in the configuration file:
 

data/docs/sources/pipenv.md

@@ -0,0 +1,5 @@
+# Pipenv
+
+The pipenv source uses `pipenv` CLI command to enumerate dependencies and properties.
+
+Be sure to run `pipenv update` (or `pipenv sync`) before running `licensed` so all required packages are properly installed.

data/lib/licensed/dependency.rb

@@ -83,12 +83,16 @@ module Licensed
          .grep(LEGAL_FILES_PATTERN)
          .select { |path| File.file?(path) }
          .sort # sorted by the path
-         .map { |path| { "sources" => normalize_source_path(path), "text" => File.read(path).rstrip } }
+         .map { |path| { "sources" => normalize_source_path(path), "text" => read_file_with_encoding_check(path) } }
          .select { |notice| notice["text"].length > 0 } # files with content only
     end
 
     private
 
+    def read_file_with_encoding_check(file_path)
+      File.read(file_path).encode("UTF-16", invalid: :replace, replace: "?").encode("UTF-8").rstrip
+    end
+
     # Returns the sources for a group of license file contents
     #
     # Sources are returned as a single string with sources separated by ", "

data/lib/licensed/sources.rb

@@ -11,6 +11,7 @@ module Licensed
     require "licensed/sources/manifest"
     require "licensed/sources/npm"
     require "licensed/sources/pip"
+    require "licensed/sources/pipenv"
     require "licensed/sources/gradle"
   end
 end

data/lib/licensed/sources/pipenv.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Licensed
+  module Sources
+    class Pipenv < Source
+      def enabled?
+        Licensed::Shell.tool_available?("pipenv") && File.exist?(@config.pwd.join("Pipfile.lock"))
+      end
+
+      def enumerate_dependencies
+        pakages_from_pipfile_lock.map do |package_name|
+          package = package_info(package_name)
+          location = File.join(package["Location"], package["Name"].gsub("-", "_") +  "-" + package["Version"] + ".dist-info")
+          Dependency.new(
+            name: package["Name"],
+            version: package["Version"],
+            path: location,
+            metadata: {
+              "type"        => Pipenv.type,
+              "summary"     => package["Summary"],
+              "homepage"    => package["Home-page"]
+            }
+          )
+        end
+      end
+
+      private
+
+      def pakages_from_pipfile_lock
+        Licensed::Shell.execute("pipenv", "run", "pip", "list")
+            .lines
+            .drop(2)  # Header
+            .map { |line| line.strip.split.first.strip }
+      end
+
+      def package_info(package_name)
+        p_info = Licensed::Shell.execute("pipenv", "run", "pip", "--disable-pip-version-check", "show", package_name).lines
+        p_info.each_with_object(Hash.new(0)) { |pkg, a|
+          k, v = pkg.split(":", 2)
+          next if k.nil? || k.empty?
+          a[k.strip] = v&.strip
+        }
+      end
+    end
+  end
+end

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "2.2.0".freeze
+  VERSION = "2.3.0".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

data/script/source-setup/pipenv

@@ -0,0 +1,21 @@
+#!/bin/bash
+set -e
+
+if [ -z "$(which pipenv)" ]; then
+  echo "A local pipenv installation is required for python development." >&2
+  exit 127
+fi
+
+
+# setup test fixtures
+BASE_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+cd $BASE_PATH/test/fixtures/pipenv
+
+# clean up any previous fixture venv that might have been created.
+if [ "$1" == "-f" ]; then
+    echo "removing old fixture setup..."
+    pipenv --rm || true
+fi
+
+# set up a virtualenv and install the packages in the test requirements
+pipenv update

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 2.2.0
+  version: 2.3.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-05-11 00:00:00.000000000 Z
+date: 2019-05-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -221,6 +221,7 @@ files:
 - docs/sources/manifests.md
 - docs/sources/npm.md
 - docs/sources/pip.md
+- docs/sources/pipenv.md
 - docs/sources/stack.md
 - exe/licensed
 - lib/licensed.rb
@@ -254,6 +255,7 @@ files:
 - lib/licensed/sources/manifest.rb
 - lib/licensed/sources/npm.rb
 - lib/licensed/sources/pip.rb
+- lib/licensed/sources/pipenv.rb
 - lib/licensed/sources/source.rb
 - lib/licensed/ui/shell.rb
 - lib/licensed/version.rb
@@ -273,6 +275,7 @@ files:
 - script/source-setup/go
 - script/source-setup/npm
 - script/source-setup/pip
+- script/source-setup/pipenv
 - script/test
 homepage: https://github.com/github/licensed
 licenses: