licensed 3.2.3 → 3.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1e2043fe7541ca6458302eab4e81fabdc22d874d5e80498eaac0f1551d7796e8
-  data.tar.gz: abe1b03af0e02be363661d357e82cac6b53a127a6fd01cfef2c7ba2b6c174116
+  metadata.gz: f452bd7c6a58fdaa9a56cf7085b20fe4ff3a8f3eb214835ba82a52b2ed1ac71c
+  data.tar.gz: 8b3aff33c001623780455c68d23c014746e988b82a44db0fa243829c2be34cd5
 SHA512:
-  metadata.gz: 8555b427c46ab7e0198cf4ac71ed02fae65a230576057bd6d2cbf38e5d26491479444cfc4ed6ec78549e615c5b8cf6d71ce762b31552bf7bfd1d348e228b1055
-  data.tar.gz: 30da66cc1abb37677768dab09d79f93c17df25a7d0a73e06dbfdcb51ce7bb3ea66af5962e97631a019a8119498f4b0ebdeaca46667cb8b2b3d3fe0a2bb63c254
+  metadata.gz: e0bb95e3496257986e52294a7788824043697d8f99d2745c65e30e3a5c255843bc1471cf47ab3f3cd407d597c658b2d82e1bc27a76e6f985b45af6803d0e98a5
+  data.tar.gz: 93eb593c4389bff724a0a41be7c583e96541bfc308a9c331bf5d34c35217c98160e026733a49cc07b93b654b23e4507a447dbd5ab9ef8f1596a0e38139187757

data/CHANGELOG.md

@@ -6,6 +6,18 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 3.3.0
+
+2021-09-18
+
+### Added
+
+- New cargo source enumerates rust dependencies (https://github.com/github/licensed/pull/404)
+
+### Changed
+
+- Removed non-functional files from gem builds (https://github.com/github/licensed/pull/405)
+
 ## 3.2.3
 
 2021-09-14
@@ -497,4 +509,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/3.2.3...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/3.3.0...HEAD

data/docs/sources/cargo.md

@@ -0,0 +1,19 @@
+# Cargo
+
+The cargo source will detect dependencies when `Cargo.toml` is found at an apps `source_path`.  The source uses the `cargo metadata` CLI and reports on all dependencies that are listed in the output in `resolve.nodes`, excluding packages that are listed in `workspace_members`.
+
+## Metadata CLI options
+
+Licensed by default runs `cargo metadata --format-version=1`.  You can specify additional CLI options by specifying them in your licensed configuration file under `cargo.metadata_options`.  The configuration can be set as a string, or as an array of strings for multiple options.
+
+```yml
+cargo:
+  metadata_options: '--all-features'
+```
+
+```yml
+cargo:
+  metadata_options:
+    - '--all-features'
+    - '--filter-platform x86_64-pc-windows-msvc'
+```

data/lib/licensed/sources/cargo.rb

@@ -0,0 +1,70 @@
+# frozen_string_literal: true
+
+require "json"
+
+module Licensed
+  module Sources
+    class Cargo < Source
+      # Source is enabled when the cargo tool and Cargo.toml manifest file are available
+      def enabled?
+        return false unless Licensed::Shell.tool_available?("cargo")
+        config.pwd.join("Cargo.toml").exist?
+      end
+
+      def enumerate_dependencies
+        packages.map do |package|
+          Dependency.new(
+            name: "#{package["name"]}-#{package["version"]}",
+            version: package["version"],
+            path: File.dirname(package["manifest_path"]),
+            metadata: {
+              "name" => package["name"],
+              "type" => Cargo.type,
+              "summary" => package["description"],
+              "homepage" => package["homepage"]
+            }
+          )
+        end
+      end
+
+      # Returns the package data for all dependencies used to build the current package
+      def packages
+        cargo_metadata_resolved_node_ids.map { |id| cargo_metadata_packages[id] }
+      end
+
+      # Returns the ids of all resolved nodes used to build the current package
+      def cargo_metadata_resolved_node_ids
+        cargo_metadata.dig("resolve", "nodes")
+                      .map { |node| node["id"] }
+                      .reject { |id| cargo_metadata_workspace_members.include?(id) }
+
+      end
+
+      # Returns a hash of id => package pairs sourced from the "packages" cargo metadata property
+      def cargo_metadata_packages
+        @cargo_metadata_packages ||= cargo_metadata["packages"].each_with_object({}) do |package, hsh|
+          hsh[package["id"]] = package
+        end
+      end
+
+      # Returns a set of the ids of packages in the current workspace
+      def cargo_metadata_workspace_members
+        @cargo_metadata_workspace_members ||= Set.new(Array(cargo_metadata["workspace_members"]))
+      end
+
+      # Returns parsed JSON metadata returned from the cargo CLI
+      def cargo_metadata
+        @cargo_metadata ||= JSON.parse(cargo_metadata_command)
+      rescue JSON::ParserError => e
+        message = "Licensed was unable to parse the output from 'cargo metadata'. JSON Error: #{e.message}"
+        raise Licensed::Sources::Source::Error, message
+      end
+
+      # Runs a command to get cargo metadata for the current package
+      def cargo_metadata_command
+        options = Array(config.dig("cargo", "metadata_options")).flat_map(&:split)
+        Licensed::Shell.execute("cargo", "metadata", "--format-version=1", *options)
+      end
+    end
+  end
+end

data/lib/licensed/sources.rb

@@ -5,6 +5,7 @@ module Licensed
     require "licensed/sources/bower"
     require "licensed/sources/bundler"
     require "licensed/sources/cabal"
+    require "licensed/sources/cargo"
     require "licensed/sources/composer"
     require "licensed/sources/dep"
     require "licensed/sources/git_submodule"

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "3.2.3".freeze
+  VERSION = "3.3.0".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

data/licensed.gemspec

@@ -16,7 +16,7 @@ Gem::Specification.new do |spec|
   spec.homepage      = "https://github.com/github/licensed"
   spec.license       = "MIT"
 
-  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test/|script/|docker/|\..+)}) }
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 3.2.3
+  version: 3.3.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-09-14 00:00:00.000000000 Z
+date: 2021-09-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -238,13 +238,6 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- ".github/dependabot.yml"
-- ".github/workflows/release.yml"
-- ".github/workflows/test.yml"
-- ".gitignore"
-- ".licensed.yml"
-- ".rubocop.yml"
-- ".ruby-version"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - CONTRIBUTING.md
@@ -252,7 +245,6 @@ files:
 - LICENSE
 - README.md
 - Rakefile
-- docker/Dockerfile.build-linux
 - docs/adding_a_new_source.md
 - docs/commands/README.md
 - docs/commands/cache.md
@@ -280,6 +272,7 @@ files:
 - docs/sources/bower.md
 - docs/sources/bundler.md
 - docs/sources/cabal.md
+- docs/sources/cargo.md
 - docs/sources/composer.md
 - docs/sources/dep.md
 - docs/sources/git_submodule.md
@@ -326,6 +319,7 @@ files:
 - lib/licensed/sources/bundler/definition.rb
 - lib/licensed/sources/bundler/missing_specification.rb
 - lib/licensed/sources/cabal.rb
+- lib/licensed/sources/cargo.rb
 - lib/licensed/sources/composer.rb
 - lib/licensed/sources/dep.rb
 - lib/licensed/sources/git_submodule.rb
@@ -344,28 +338,6 @@ files:
 - lib/licensed/ui/shell.rb
 - lib/licensed/version.rb
 - licensed.gemspec
-- script/bootstrap
-- script/cibuild
-- script/console
-- script/package
-- script/packages/build
-- script/packages/linux
-- script/packages/mac
-- script/setup
-- script/source-setup/bower
-- script/source-setup/bundler
-- script/source-setup/cabal
-- script/source-setup/composer
-- script/source-setup/git_submodule
-- script/source-setup/go
-- script/source-setup/mix
-- script/source-setup/npm
-- script/source-setup/nuget
-- script/source-setup/pip
-- script/source-setup/pipenv
-- script/source-setup/swift
-- script/source-setup/yarn
-- script/test
 homepage: https://github.com/github/licensed
 licenses:
 - MIT

data/.github/dependabot.yml

@@ -1,19 +0,0 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
-version: 2
-updates:
-  - package-ecosystem: github-actions
-    directory: /
-    schedule:
-      interval: daily
-  - package-ecosystem: bundler
-    directory: /
-    schedule:
-      interval: weekly
-  - package-ecosystem: docker
-    directory: docker
-    schedule:
-      interval: weekly

data/.github/workflows/release.yml

@@ -1,213 +0,0 @@
-name: Build and publish release assets
-
-on:
-  release:
-    types: [created]
-  workflow_dispatch:
-    inputs:
-      version:
-        description: 'Commit-like version of github/licensed to build package at'
-        required: true
-      release_tag:
-        description: 'Release tag to upload built packages to'
-        required: false
-
-jobs:
-  vars:
-    name: "Gather values for remainder of steps"
-    runs-on: ubuntu-latest
-    outputs:
-      version: ${{ steps.get_version.outputs.result }}
-      upload_url: ${{ steps.get_url.outputs.result }}
-      ref: ${{ steps.get_ref.outputs.result }}
-    steps:
-      - id: get_version
-        name: Get package version
-        uses: actions/github-script@v4.1
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          result-encoding: string
-          script: |
-            let version = "${{ github.event.release.tag_name }}"
-            if (!version) {
-              version = "${{ github.event.inputs.version }}"
-            }
-
-            if (!version) {
-              throw new Error("unable to find package build version")
-            }
-
-            return version
-
-      - id: get_url
-        name: Get release upload url
-        uses: actions/github-script@v4.1
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          result-encoding: string
-          script: |
-            let uploadUrl = "${{ github.event.release.upload_url}}"
-            const tag = "${{ github.event.inputs.release_tag }}"
-            if (!uploadUrl && tag) {
-              const { data: release } = await github.repos.getReleaseByTag({
-                ...context.repo,
-                tag
-              })
-
-              if (!release.upload_url) {
-                throw new Error("unable to find a release upload url")
-              }
-
-              uploadUrl = release.upload_url
-            }
-
-            return uploadUrl
-
-      - id: get_ref
-        name: Get checkout ref for custom build scripts
-        uses: actions/github-script@v4.1
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          result-encoding: string
-          script: |
-            let ref = "${{ github.event.release.tag_name }}"
-            if (!ref) {
-              ref = "${{ github.event.ref }}".replace(/refs\/[^\/]+\//, '')
-            }
-
-            if (!ref) {
-              throw new Error("unable to find a ref for action")
-            }
-
-            return ref
-
-  package_linux:
-    needs: vars
-    runs-on: ubuntu-18.04
-    steps:
-    - uses: actions/checkout@v2
-      with:
-        # checkout at the ref for the action, separate from the target build version
-        # this allows running build scripts independent of the target version
-        ref: ${{needs.vars.outputs.ref}}
-        fetch-depth: 0
-
-    - name: Set up Ruby 2.6
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 2.6
-
-    - name: Build package
-      run: script/packages/linux
-      env:
-        VERSION: ${{needs.vars.outputs.version}}
-
-    - uses: actions/upload-artifact@v2
-      with:
-        name: ${{needs.vars.outputs.version}}-linux
-        path: pkg/${{needs.vars.outputs.version}}/licensed-${{needs.vars.outputs.version}}-linux-x64.tar.gz
-
-  package_mac:
-    needs: vars
-    runs-on: macOS-latest
-    steps:
-    - uses: actions/checkout@v2
-      with:
-        # checkout at the ref for the action, separate from the target build version
-        # this allows running build scripts independent of the target version
-        ref: ${{needs.vars.outputs.ref}}
-        fetch-depth: 0
-
-    - name: Set up Ruby 2.6
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 2.6
-
-    - name: Build package
-      run: script/packages/mac
-      env:
-        VERSION: ${{needs.vars.outputs.version}}
-
-    - uses: actions/upload-artifact@v2
-      with:
-        name: ${{needs.vars.outputs.version}}-darwin
-        path: pkg/${{needs.vars.outputs.version}}/licensed-${{needs.vars.outputs.version}}-darwin-x64.tar.gz
-
-  build_gem:
-    needs: vars
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-      with:
-        # building a gem doesn't use a different ref from the version input
-        ref: ${{needs.vars.outputs.version}}
-
-    - name: Set up Ruby 2.6
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 2.6
-
-    - name: Build gem
-      run: gem build licensed.gemspec -o licensed-${{needs.vars.outputs.version}}.gem
-
-    - uses: actions/upload-artifact@v2
-      with:
-        name: ${{needs.vars.outputs.version}}-gem
-        path: licensed-${{needs.vars.outputs.version}}.gem
-
-  upload_packages:
-    if: ${{ needs.vars.outputs.upload_url != '' }}
-    runs-on: ubuntu-latest
-    needs: [vars, package_linux, package_mac, build_gem]
-
-    steps:
-    - name: Set up Ruby 2.6
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 2.6
-
-    - name: Download linux package
-      uses: actions/download-artifact@v2
-      with:
-        name: ${{needs.vars.outputs.version}}-linux
-
-    - name: Download macOS package
-      uses: actions/download-artifact@v2
-      with:
-        name: ${{needs.vars.outputs.version}}-darwin
-
-    - name: Download gem
-      uses: actions/download-artifact@v2
-      with:
-        name: ${{needs.vars.outputs.version}}-gem
-
-    - name: Publish linux package
-      uses: actions/upload-release-asset@v1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ needs.vars.outputs.upload_url }}
-        asset_path: ./licensed-${{needs.vars.outputs.version}}-linux-x64.tar.gz
-        asset_name: licensed-${{needs.vars.outputs.version}}-linux-x64.tar.gz
-        asset_content_type: application/gzip
-
-    - name: Publish mac package
-      uses: actions/upload-release-asset@v1
-      env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      with:
-        upload_url: ${{ needs.vars.outputs.upload_url }}
-        asset_path: ./licensed-${{needs.vars.outputs.version}}-darwin-x64.tar.gz
-        asset_name: licensed-${{needs.vars.outputs.version}}-darwin-x64.tar.gz
-        asset_content_type: application/gzip
-
-    - name: Publish gem to RubyGems
-      run: |
-        mkdir -p $HOME/.gem
-        touch $HOME/.gem/credentials
-        chmod 0600 $HOME/.gem/credentials
-        printf -- "---\n:rubygems_api_key: ${RUBYGEMS_API_KEY}\n" > $HOME/.gem/credentials
-        gem push $GEM
-      env:
-        RUBYGEMS_API_KEY: ${{secrets.RUBYGEMS_AUTH_TOKEN}}
-        GEM: licensed-${{needs.vars.outputs.version}}.gem