licensed 2.6.2 → 2.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 01feaa48f4c38ee8a812dd909a05e46e0355c4a7e30add873c1410dca715df8f
-  data.tar.gz: ec09f82ba5ae08100b9c7e15631be48f6f14a302c26809172d0eb87a820b885a
+  metadata.gz: 4b2b964bfef1d9dd5d12c96a4586a4e1815d530a744c09484b548e1505a01a22
+  data.tar.gz: a14d76ad21ab8fb742f698eb0ca90702fb154184b5e887313f8f7a7f894a6437
 SHA512:
-  metadata.gz: '03822f158d7aa6027eb6eb86856b271452bf0cd3f2bf202754a1391b65eee84c4c752fc857c40d5f4bac88dfd1490415cc0813a5003db3b127598e661a4360b2'
-  data.tar.gz: c7393d9cbd363f0dfc1dd5a919b990c31545bf9c6c6f7322174736bdba3dfad1fa30f579f63a6fe8374c5a931fe96c2b264277f717ceccc9dc5d9ebb0afdc600
+  metadata.gz: 46689f9c144234c03de03c3adc9ee8cf11042d51047bcd83321eac9e1fd9d03a974f0f1757777da831e105e784153d06a4f48ea57b4cbda8079c0221074212f5
+  data.tar.gz: 5e1fe805637db57b6d16b0cc0f6ff8dfe3d56fd5aa1d70ffc19c06cc41764afe98b20917697de45ca338a22fe3aa1fcfa2491e9c9f90db393b4b35d38de34dc4

data/.github/workflows/test.yml

@@ -81,10 +81,6 @@ jobs:
       with:
         path: vendor/gems
         key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
-    - uses: actions/cache@preview
-      with:
-        path: test/fixtures/cabal/dist-newstyle
-        key: ${{ runner.os }}-fixtures-cabal-${{ matrix.ghc }}-${{ matrix.cabal }}-${{ hashFiles(format('{0}{1}', github.workspace, '/test/fixtures/cabal/app.cabal')) }}
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
@@ -92,6 +88,33 @@ jobs:
     - name: Run tests
       run: script/test cabal
 
+  composer:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php: [ '5.6', '7.1', '7.2', '7.3' ]
+    steps:
+    - uses: actions/checkout@master
+    - name: Setup php
+      uses: nanasess/setup-php@v1.0.2
+      with:
+        php-version: ${{ matrix.php }}
+    - name: Set up Ruby
+      uses: actions/setup-ruby@v1
+      with:
+        ruby-version: 2.6.x
+    - run: bundle lock
+    - uses: actions/cache@preview
+      with:
+        path: vendor/gems
+        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
+    - name: Bootstrap
+      run: script/bootstrap
+    - name: Set up fixtures
+      run: script/source-setup/composer
+    - name: Run tests
+      run: script/test composer
+
   core:
     runs-on: ubuntu-latest
     strategy:
@@ -168,33 +191,6 @@ jobs:
     - name: Run tests
       run: script/test go
 
-  npm:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        node_version: [ 8, 10, 12 ]
-    steps:
-    - uses: actions/checkout@master
-    - name: Setup node
-      uses: actions/setup-node@v1
-      with:
-        node-version: ${{ matrix.node_version }}
-    - name: Set up Ruby
-      uses: actions/setup-ruby@v1
-      with:
-        ruby-version: 2.6.x
-    - run: bundle lock
-    - uses: actions/cache@preview
-      with:
-        path: vendor/gems
-        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
-    - name: Bootstrap
-      run: script/bootstrap
-    - name: Set up fixtures
-      run: script/source-setup/npm
-    - name: Run tests
-      run: script/test npm
-
   gradle:
     runs-on: ubuntu-latest
     steps:
@@ -215,18 +211,10 @@ jobs:
     - name: Run tests
       run: script/test gradle
 
-  pip:
+  manifest:
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        python: [ '2.x', '3.x' ]
     steps:
     - uses: actions/checkout@master
-    - name: Setup python
-      uses: actions/setup-python@v1
-      with:
-        python-version: ${{ matrix.python }}
-        architecture: x64
     - name: Set up Ruby
       uses: actions/setup-ruby@v1
       with:
@@ -238,22 +226,21 @@ jobs:
         key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
     - name: Bootstrap
       run: script/bootstrap
-    - name: Install virtualenv
-      run: pip install virtualenv
-    - name: Set up fixtures
-      run: script/source-setup/pip
     - name: Run tests
-      run: script/test pip
+      run: script/test manifest
 
-  pipenv:
+  mix:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        otp: [21.x, 22.x]
+        elixir: [1.8.x, 1.9.x]
     steps:
     - uses: actions/checkout@master
-    - name: Setup python
-      uses: actions/setup-python@v1
+    - uses: actions/setup-elixir@v1.0.0
       with:
-        python-version: '3.x'
-        architecture: x64
+        otp-version: ${{matrix.otp}}
+        elixir-version: ${{matrix.elixir}}
     - name: Set up Ruby
       uses: actions/setup-ruby@v1
       with:
@@ -265,24 +252,22 @@ jobs:
         key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
     - name: Bootstrap
       run: script/bootstrap
-    - name: Install pipenv
-      run: pip install pipenv
     - name: Set up fixtures
-      run: script/source-setup/pipenv
+      run: script/source-setup/mix
     - name: Run tests
-      run: script/test pipenv
+      run: script/test mix
 
-  composer:
+  npm:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php: [ '5.6', '7.1', '7.2', '7.3' ]
+        node_version: [ 8, 10, 12 ]
     steps:
     - uses: actions/checkout@master
-    - name: Setup php
-      uses: nanasess/setup-php@v1.0.2
+    - name: Setup node
+      uses: actions/setup-node@v1
       with:
-        php-version: ${{ matrix.php }}
+        node-version: ${{ matrix.node_version }}
     - name: Set up Ruby
       uses: actions/setup-ruby@v1
       with:
@@ -295,22 +280,22 @@ jobs:
     - name: Bootstrap
       run: script/bootstrap
     - name: Set up fixtures
-      run: script/source-setup/composer
+      run: script/source-setup/npm
     - name: Run tests
-      run: script/test composer
+      run: script/test npm
 
-  mix:
+  pip:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        otp: [21.x, 22.x]
-        elixir: [1.8.x, 1.9.x]
+        python: [ '2.x', '3.x' ]
     steps:
     - uses: actions/checkout@master
-    - uses: actions/setup-elixir@v1.0.0
+    - name: Setup python
+      uses: actions/setup-python@v1
       with:
-        otp-version: ${{matrix.otp}}
-        elixir-version: ${{matrix.elixir}}
+        python-version: ${{ matrix.python }}
+        architecture: x64
     - name: Set up Ruby
       uses: actions/setup-ruby@v1
       with:
@@ -322,15 +307,22 @@ jobs:
         key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
     - name: Bootstrap
       run: script/bootstrap
+    - name: Install virtualenv
+      run: pip install virtualenv
     - name: Set up fixtures
-      run: script/source-setup/mix
+      run: script/source-setup/pip
     - name: Run tests
-      run: script/test mix
+      run: script/test pip
 
-  manifest:
+  pipenv:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@master
+    - name: Setup python
+      uses: actions/setup-python@v1
+      with:
+        python-version: '3.x'
+        architecture: x64
     - name: Set up Ruby
       uses: actions/setup-ruby@v1
       with:
@@ -342,5 +334,9 @@ jobs:
         key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles(format('{0}{1}', github.workspace, '/Gemfile.lock')) }}
     - name: Bootstrap
       run: script/bootstrap
+    - name: Install pipenv
+      run: pip install pipenv
+    - name: Set up fixtures
+      run: script/source-setup/pipenv
     - name: Run tests
-      run: script/test manifest
+      run: script/test pipenv

data/CHANGELOG.md

@@ -6,6 +6,15 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 2.7.0
+2019-11-10
+
+### Added
+- License text is automatically generated for known licenses when not otherwise available (https://github.com/github/licensed/pull/223)
+
+### Changed
+- Ignoring dependencies uses glob pattern matching (https://github.com/github/licensed/pull/225)
+
 ## 2.6.2
 2019-11-03
 
@@ -246,4 +255,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/2.6.2...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/2.7.0...HEAD

data/README.md

@@ -21,6 +21,18 @@ See the [migration documentation](./docs/migrating_to_newer_versions.md) for mor
 
 ## Installation
 
+### Dependencies
+
+Licensed uses the `libgit2` bindings for Ruby provided by `rugged`. `rugged` requires `cmake` and `pkg-config` which you may need to install before you can install Licensed.
+   
+   >  Ubuntu 
+    
+    sudo apt-get install cmake pkg-config
+    
+   >  OS X 
+       
+    brew install cmake pkg-config
+
 ### With a Gemfile
 
 Add this line to your application's Gemfile:
@@ -48,12 +60,6 @@ $ ./licensed list
 
 For system wide usage, install licensed to a location on `$PATH`, e.g. `/usr/local/bin`.
 
-#### Dependencies
-
-Licensed uses the `libgit2` bindings for Ruby provided by `rugged`. `rugged` has its own dependencies - `cmake` and `pkg-config` - which you may need to install before you can install Licensed.
-
-For example, on macOS with Homebrew: `brew install cmake pkg-config` and on Ubuntu: `apt-get install cmake pkg-config`.
-
 ## Usage
 
 - `licensed list`: Output enumerated dependencies only.

data/docs/configuration.md

@@ -95,6 +95,12 @@ ignored:
   bower:
     - some-internal-package
 
+  go:
+    # ignore all go packages from import paths starting with github.com/internal-package
+    # see the `File.fnmatch?` documentation for details on how patterns are matched.
+    # comparisons use the FNM_CASEFOLD and FNM_PATHNAME flags
+    - github.com/internal-package/**/*
+
 # These dependencies have been reviewed.
 # They need to be cached and checked, but do not have a license found that matches the allowed configured licenses.
 reviewed:

data/lib/licensed/configuration.rb

@@ -75,7 +75,9 @@ module Licensed
 
     # Is the given dependency ignored?
     def ignored?(dependency)
-      Array(self["ignored"][dependency["type"]]).include?(dependency["name"])
+      Array(self["ignored"][dependency["type"]]).any? do |pattern|
+        File.fnmatch?(pattern, dependency["name"], File::FNM_PATHNAME | File::FNM_CASEFOLD)
+      end
     end
 
     # Is the license of the dependency allowed?

data/lib/licensed/dependency.rb

@@ -72,9 +72,12 @@ module Licensed
     # Returns the license text content from all matched sources
     # except the package file, which doesn't contain license text.
     def license_contents
-      matched_files.reject { |f| f == package_file }
-                   .group_by(&:content)
-                   .map { |content, files| { "sources" => license_content_sources(files), "text" => content } }
+      files = matched_files.reject { |f| f == package_file }
+                           .group_by(&:content)
+                           .map { |content, files| { "sources" => license_content_sources(files), "text" => content } }
+
+      files << generated_license_contents if files.empty?
+      files.compact
     end
 
     # Returns legal notices found at the dependency path
@@ -133,5 +136,25 @@ module Licensed
         "license" => license_key
       })
     end
+
+    # Returns a generated license content source and text for the dependency's
+    # license if it exists and is not "other"
+    def generated_license_contents
+      return unless license
+      return if license.key == "other"
+
+      # strip copyright clauses and any extra newlines
+      # many package managers don't provide enough information to
+      # autogenerate a copyright clause
+      text = license.text.lines
+                         .reject { |l| l =~ Licensee::Matchers::Copyright::REGEX }
+                         .join
+                         .gsub(/\n\n\n/, "\n\n")
+
+      {
+        "sources" => "Auto-generated #{license.spdx_id} license text",
+        "text" => text
+      }
+    end
   end
 end

data/lib/licensed/sources/go.rb

@@ -85,11 +85,16 @@ module Licensed
 
         # true if go standard packages includes the import path as given
         return true if go_std_packages.include?(import_path)
+        return true if go_std_packages.include?("vendor/#{import_path}")
 
         # additional checks are only for vendored dependencies - return false
         # if package isn't vendored
         return false unless vendored_path?(import_path)
 
+        # return true if any of the go standard packages matches against
+        # the non-vendored import path
+        return true if go_std_packages.include?(non_vendored_import_path(import_path))
+
         # modify the import path to look like the import path `go list` returns for vendored std packages
         vendor_path = import_path.sub("#{root_package["ImportPath"]}/", "")
         go_std_packages.include?(vendor_path) || go_std_packages.include?(vendor_path.sub("golang.org", "golang_org"))

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "2.6.2".freeze
+  VERSION = "2.7.0".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 2.6.2
+  version: 2.7.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-11-03 00:00:00.000000000 Z
+date: 2019-11-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee