licensed 3.0.1 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f8e24e2f900732197c5d4b91212a7477dd7ab68a61892e0ea56ae1a99f4c29e6
-  data.tar.gz: 19c679898ccab8f60d219d739c18a14b849cdd87ad04608b24dcf1ea67613f82
+  metadata.gz: 9411b608edb8210d926f1c927bcaa65e396eac39dbf6300b946e842a33071a23
+  data.tar.gz: a4dd2527919e79c111107482233945f476df72d9f282431abf99f40a3516b221
 SHA512:
-  metadata.gz: 171905b06dca655364341c888c5e8845e6dff8d163ffb009f28de624e4d14d399c7add250d80ebb7391b4c94316c8a3c9bbae7bdfb7b219996a8415f463b7a5c
-  data.tar.gz: 054fc3dd7ccb7e3a92b6585e757b85efd0880b1b9c3fa93855ba50ba79d0c7727d707a76d30f588a94b9f7bb1dd0d6bc6f3959e40bf96685f5dda5ea1a7d127f
+  metadata.gz: 07f9153972ac85375a1cb8273d9990052a8d13bc3918c0cd7697c7a0686ef31ed45045065b10091b569a53ad0f2494ae32f0cf2392ae937d242b2954af92c0f6
+  data.tar.gz: 90364cc7be14673627b0280b018498a0feffc962b1c48a89094b9503d5743362f99ee0c36d601478b1818b10ee48d5b1ef97bdd120d6fbc7299b55efa9c5278c

data/.github/workflows/test.yml

@@ -362,6 +362,33 @@ jobs:
     - name: Run tests
       run: script/test pipenv
 
+  swift:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        swift: [ "5.4", "5.3" ]
+    steps:
+    - uses: actions/checkout@v2
+    - name: Setup Swift
+      uses: fwal/setup-swift@v1
+      with:
+        swift-version: ${{ matrix.swift }}
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: 2.6
+    - run: bundle lock
+    - uses: actions/cache@v1
+      with:
+        path: vendor/gems
+        key: ${{ runner.os }}-gem-2.6.x-${{ hashFiles('**/Gemfile.lock') }}
+    - name: Bootstrap
+      run: script/bootstrap
+    - name: Set up fixtures
+      run: script/source-setup/swift
+    - name: Run tests
+      run: script/test swift
+
   yarn:
     runs-on: ubuntu-latest
     strategy:

data/CHANGELOG.md

@@ -6,6 +6,24 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 3.1.0
+
+2021-06-16
+
+### Added
+
+- Licensed supports Swift/Swift package manager as a dependency source (:tada: @mattt https://github.com/github/licensed/pull/363)'
+
+### Changed
+
+- The `source_path` configuration property accepts arrays of inclusion and exclusion glob patterns (https://github.com/github/licensed/pull/368)
+- The Nuget source now uses configured fallback folders to find dependencies that are not in found in the project folder (https://github.com/github/licensed/pull/366)
+- The Nuget source supports a configurable property for the path from the project source path to the project's `obj` folder (https://github.com/github/licensed/pull/365)
+
+### Fixed
+- The Go source's checks for local packages will correctly find paths in case-insensitive file systems (https://github.com/github/licensed/pull/370)
+- The Bundler source will no longer unnecessarily reset the local Bundler environment configuration (https://github.com/github/licensed/pull/372)
+
 ## 3.0.1
 
 2021-05-17
@@ -429,4 +447,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/3.0.1...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/3.1.0...HEAD

data/README.md

@@ -125,6 +125,7 @@ Dependencies will be automatically detected for all of the following sources by
 1. [NuGet](./docs/sources/nuget.md)
 1. [Pip](./docs/sources/pip.md)
 1. [Pipenv](./docs/sources/pipenv.md)
+1. [Swift](./docs/sources/swift.md)
 1. [Yarn](./docs/sources/yarn.md)
 
 You can disable any of them in the configuration file:

data/docs/configuration.md

@@ -19,9 +19,13 @@ If a root path is not specified, it will default to using the following, in orde
 1. the root of the local git repository, if run inside a git repository
 2. the current directory
 
-### Source path glob patterns
+### Source paths
 
-The `source_path` property can use a glob path to share configuration properties across multiple application entrypoints.
+A source path is the directory in which licensed should run to enumerate dependencies.  This is often dependent on the project type, for example the bundler source should be run from the directory containing a `Gemfile` or `gems.rb` while the go source should be run from the directory containing an entrypoint function.
+
+#### Using glob patterns
+
+The `source_path` property can use one or more glob patterns to share configuration properties across multiple application entrypoints.
 
 For example, there is a common pattern in Go projects to include multiple executable entrypoints under folders in `cmd`.  Using a glob pattern allows users to avoid manually configuring and maintaining multiple licensed application `source_path`s.  Using a glob pattern will also ensure that any new entrypoints matching the pattern are automatically picked up by licensed commands as they are added.
 
@@ -33,6 +37,14 @@ sources:
 source_path: cmd/*
 ```
 
+In order to better filter the results from glob patterns, the `source_path` property also accepts an array of inclusion and exclusion glob patterns similar to gitignore files.  Inclusion patterns will add matching directory paths to resulting set of source paths, while exclusion patterns will remove matching directory paths.
+
+```yml
+source_path:
+  - "projects/*" # include by default all directories under "projects"
+  - "!projects/*Test" # exclude all projects ending in "Test"
+```
+
 Glob patterns are syntactic sugar for, and provide the same functionality as, manually specifying multiple `source_path` values. See the instructions on [specifying multiple apps](./#specifying-multiple-apps) below for additional considerations when using multiple apps.
 
 ## Restricting sources

data/docs/sources/swift.md

@@ -0,0 +1,4 @@
+# Swift
+
+The Swift source uses `swift package` subcommands
+to enumerate dependencies and properties.

data/lib/licensed/configuration.rb

@@ -158,18 +158,41 @@ module Licensed
     private
 
     def self.expand_app_source_path(app_config)
-      return app_config if app_config["source_path"].to_s.empty?
+      # map a source_path configuration value to an array of non-empty values
+      source_path_array = Array(app_config["source_path"])
+                            .reject { |path| path.to_s.empty? }
+                            .compact
+      app_root = AppConfiguration.root_for(app_config)
+      return app_config.merge("source_path" => app_root) if source_path_array.empty?
 
       # check if the source path maps to an existing directory
-      source_path = File.expand_path(app_config["source_path"], AppConfiguration.root_for(app_config))
-      return app_config if Dir.exist?(source_path)
+      if source_path_array.length == 1
+        source_path = File.expand_path(source_path_array[0], app_root)
+        return app_config.merge("source_path" => source_path) if Dir.exist?(source_path)
+      end
 
       # try to expand the source path for glob patterns
-      expanded_source_paths = Dir.glob(source_path).select { |p| File.directory?(p) }
+      expanded_source_paths = source_path_array.reduce(Set.new) do |matched_paths, pattern|
+        current_matched_paths = if pattern.start_with?("!")
+          # if the pattern is an exclusion, remove all matching files
+          # from the result
+          matched_paths - Dir.glob(pattern[1..-1])
+        else
+          # if the pattern is an inclusion, add all matching files
+          # to the result
+          matched_paths + Dir.glob(pattern)
+        end
+
+        current_matched_paths.select { |p| File.directory?(p) }
+      end
+
       configs = expanded_source_paths.map { |path| app_config.merge("source_path" => path) }
 
       # if no directories are found for the source path, return the original config
-      return app_config if configs.size == 0
+      if configs.size == 0
+        app_config["source_path"] = app_root if app_config["source_path"].is_a?(Array)
+        return app_config
+      end
 
       # update configured values for name and cache_path for uniqueness.
       # this is only needed when values are explicitly set, AppConfiguration

data/lib/licensed/sources.rb

@@ -14,6 +14,7 @@ module Licensed
     require "licensed/sources/nuget"
     require "licensed/sources/pip"
     require "licensed/sources/pipenv"
+    require "licensed/sources/swift"
     require "licensed/sources/gradle"
     require "licensed/sources/mix"
     require "licensed/sources/yarn"

data/lib/licensed/sources/bundler.rb

@@ -134,28 +134,33 @@ module Licensed
         @lockfile_path ||= gemfile_path.dirname.join(GEMFILES[gemfile_path.basename.to_s])
       end
 
-      private
-
       # helper to clear all bundler environment around a yielded block
       def with_local_configuration
-        # force bundler to use the local gem file
-        original_bundle_gemfile, ENV["BUNDLE_GEMFILE"] = ENV["BUNDLE_GEMFILE"], gemfile_path.to_s
-
         # silence any bundler warnings while running licensed
         bundler_ui, ::Bundler.ui = ::Bundler.ui, ::Bundler::UI::Silent.new
 
-        # reset all bundler configuration
-        ::Bundler.reset!
-        # and re-configure with settings for current directory
-        ::Bundler.configure
+        original_bundle_gemfile = nil
+        if gemfile_path.to_s != ENV["BUNDLE_GEMFILE"]
+          # force bundler to use the local gem file
+          original_bundle_gemfile, ENV["BUNDLE_GEMFILE"] = ENV["BUNDLE_GEMFILE"], gemfile_path.to_s
+
+          # reset all bundler configuration
+          ::Bundler.reset!
+          # and re-configure with settings for current directory
+          ::Bundler.configure
+        end
 
         yield
       ensure
-        ENV["BUNDLE_GEMFILE"] = original_bundle_gemfile
-        ::Bundler.ui = bundler_ui
+        if original_bundle_gemfile
+          ENV["BUNDLE_GEMFILE"] = original_bundle_gemfile
+
+          # restore bundler configuration
+          ::Bundler.reset!
+          ::Bundler.configure
+        end
 
-        # restore bundler configuration
-        ::Bundler.configure
+        ::Bundler.ui = bundler_ui
       end
 
       # Returns whether the current licensed execution is running ruby-packer

data/lib/licensed/sources/bundler/missing_specification.rb

@@ -48,7 +48,7 @@ module Bundler
       spec = orig_materialize
       return spec if spec
 
-      Licensed::Bundler:: MissingSpecification.new(name: name, version: version, platform: platform, source: source)
+      Licensed::Bundler::MissingSpecification.new(name: name, version: version, platform: platform, source: source)
     end
   end
 end

data/lib/licensed/sources/go.rb

@@ -98,7 +98,7 @@ module Licensed
       # Returns whether the package is local to the current project
       def local_package?(package)
         return false unless package && package["Dir"]
-        return false unless File.fnmatch?("#{config.root.to_s}*", package["Dir"])
+        return false unless File.fnmatch?("#{config.root.to_s}*", package["Dir"], File::FNM_CASEFOLD)
         vendored_path_parts(package).nil?
       end
 

data/lib/licensed/sources/nuget.rb

@@ -164,7 +164,7 @@ module Licensed
       end
 
       def project_assets_file_path
-        File.join(config.pwd, "project.assets.json")
+        File.join(config.pwd, nuget_obj_path, "project.assets.json")
       end
 
       def project_assets_file
@@ -172,6 +172,17 @@ module Licensed
         @project_assets_file = File.read(project_assets_file_path)
       end
 
+      def project_assets_json
+        @project_assets_json ||= JSON.parse(project_assets_file)
+      rescue JSON::ParserError => e
+        message = "Licensed was unable to read the project.assets.json file. Error: #{e.message}"
+        raise Licensed::Sources::Source::Error, message
+      end
+
+      def nuget_obj_path
+        config.dig("nuget", "obj_path") || ""
+      end
+
       def enabled?
         File.exist?(project_assets_file_path)
       end
@@ -180,32 +191,51 @@ module Licensed
       # Ideally we'd use `dotnet list package` instead, but its output isn't
       # easily machine readable and doesn't contain everything we need.
       def enumerate_dependencies
-        json = JSON.parse(project_assets_file)
-        nuget_packages_dir = json["project"]["restore"]["packagesPath"]
-        json["targets"].each_with_object({}) do |(_, target), dependencies|
-          target.each do |reference_key, reference|
-            # Ignore project references
-            next unless reference["type"] == "package"
-            package_id_parts = reference_key.partition("/")
-            name = package_id_parts[0]
-            version = package_id_parts[-1]
-            id = "#{name}-#{version}"
-
-            # Already know this package from another target
-            next if dependencies.key?(id)
-
-            path = File.join(nuget_packages_dir, json["libraries"][reference_key]["path"])
-            dependencies[id] = NuGetDependency.new(
-              name: id,
-              version: version,
-              path: path,
-              metadata: {
-                "type" => NuGet.type,
-                "name" => name
-              }
-            )
-          end
-        end.values
+        reference_keys.map do |reference_key|
+          package_id_parts = reference_key.partition("/")
+          name = package_id_parts[0]
+          version = package_id_parts[-1]
+          id = "#{name}-#{version}"
+
+          path = full_dependency_path(reference_key)
+          error = "Package #{id} path was not found in project.assets.json, or does not exist on disk at any project package folder" if path.nil?
+
+          NuGetDependency.new(
+            name: id,
+            version: version,
+            path: path,
+            errors: Array(error),
+            metadata: {
+              "type" => NuGet.type,
+              "name" => name
+            }
+          )
+        end
+      end
+
+      # Returns a unique set of the package reference keys used across all target groups
+      def reference_keys
+        all_reference_keys = project_assets_json["targets"].flat_map do |_, references|
+          references.select { |key, reference| reference["type"] == "package" }
+                    .keys
+        end
+
+        Set.new(all_reference_keys)
+      end
+
+      # Returns a dependency's path, if it exists, in one of the project's global or fallback package folders
+      def full_dependency_path(reference_key)
+        dependency_path = project_assets_json.dig("libraries", reference_key, "path")
+        return unless dependency_path
+
+        nuget_package_dirs = [
+          project_assets_json.dig("project", "restore", "packagesPath"),
+          *Array(project_assets_json.dig("project", "restore", "fallbackFolders"))
+        ].compact
+
+        nuget_package_dirs.map { |dir| File.join(dir, dependency_path) }
+                          .select { |path| File.directory?(path) }
+                          .first
       end
     end
   end

data/lib/licensed/sources/swift.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+require "json"
+require "pathname"
+require "uri"
+
+module Licensed
+  module Sources
+    class Swift < Source
+      def enabled?
+        return unless Licensed::Shell.tool_available?("swift") && swift_package?
+        File.exist?(package_resolved_file_path)
+      end
+
+      def enumerate_dependencies
+        pins.map { |pin|
+          name = pin["package"]
+          version = pin.dig("state", "version")
+          path = dependency_path_for_url(pin["repositoryURL"])
+          error = "Unable to determine project path from #{url}" unless path
+
+          Dependency.new(
+            name: name,
+            path: path,
+            version: version,
+            errors: Array(error),
+            metadata: {
+              "type"      => Swift.type,
+              "homepage"  => homepage_for_url(pin["repositoryURL"])
+            }
+          )
+        }
+      end
+
+      private
+
+      def pins
+        return @pins if defined?(@pins)
+
+        @pins = begin
+          json = JSON.parse(File.read(package_resolved_file_path))
+          json.dig("object", "pins")
+        rescue => e
+          message = "Licensed was unable to read the Package.resolved file. Error: #{e.message}"
+          raise Licensed::Sources::Source::Error, message
+        end
+      end
+
+      def dependency_path_for_url(url)
+        last_path_component = URI(url).path.split("/").last.sub(/\.git$/, "")
+        File.join(config.pwd, ".build", "checkouts", last_path_component)
+      rescue URI::InvalidURIError
+      end
+
+      def homepage_for_url(url)
+        return unless %w{http https}.include?(URI(url).scheme)
+        url.sub(/\.git$/, "")
+      rescue URI::InvalidURIError
+      end
+
+      def package_resolved_file_path
+        File.join(config.pwd, "Package.resolved")
+      end
+
+      def swift_package?
+        Licensed::Shell.success?("swift", "package", "describe")
+      end
+    end
+  end
+end

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "3.0.1".freeze
+  VERSION = "3.1.0".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

data/script/source-setup/swift

@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+
+if [ -z "$(which swift)" ]; then
+  echo "A local swift installation is required for swift development." >&2
+  exit 127
+fi
+
+swift --version
+
+BASE_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
+cd $BASE_PATH/test/fixtures/swift
+
+if [ "$1" == "-f" ]; then
+  find . -not -regex "\.*" \
+    -and -not -path "*/Package.swift" \
+    -and -not -path "*/Sources*" \
+    -and -not -path "*/Tests*" \
+    -print0 | xargs -0 rm -rf
+fi
+
+swift package resolve

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 3.0.1
+  version: 3.1.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-05-18 00:00:00.000000000 Z
+date: 2021-06-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -262,6 +262,7 @@ files:
 - docs/sources/pip.md
 - docs/sources/pipenv.md
 - docs/sources/stack.md
+- docs/sources/swift.md
 - docs/sources/yarn.md
 - exe/licensed
 - lib/licensed.rb
@@ -306,6 +307,7 @@ files:
 - lib/licensed/sources/pip.rb
 - lib/licensed/sources/pipenv.rb
 - lib/licensed/sources/source.rb
+- lib/licensed/sources/swift.rb
 - lib/licensed/sources/yarn.rb
 - lib/licensed/ui/shell.rb
 - lib/licensed/version.rb
@@ -329,6 +331,7 @@ files:
 - script/source-setup/nuget
 - script/source-setup/pip
 - script/source-setup/pipenv
+- script/source-setup/swift
 - script/source-setup/yarn
 - script/test
 homepage: https://github.com/github/licensed