licensed 3.6.0 → 3.7.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a328b5551bdf77593f4bf97f4a846b7792898b6f749c25f5c5f39e68669f2164
4
- data.tar.gz: ac9b2013cf25d9dab94aadd2122a41bfa2790d741bd9e1588a270cd122dfaddb
3
+ metadata.gz: 2b28b00b1b23f91bc89a99928d3ae07396afe29700e06c4e22debe1e4f3b2d45
4
+ data.tar.gz: 5e8ccfb04df77cb4802bc51825562ec52a5f8368718e66434460b61e425a864f
5
5
  SHA512:
6
- metadata.gz: 846cadb01c2045ea258a785767ebfc8df3cee9d3a05648c93291c94cc21b7e84fb83146476c4afb64f9bc137a530cb84ba523ec41e2c4938396629b5b8901795
7
- data.tar.gz: 4aa7028294894b9f0c1781b558032d80f87669e959e71aa1b635c7a8687f77b4cf11be6431f280cfcbc06ea25f605da061a9af2fb480ea134a4172f989060451
6
+ metadata.gz: 2b71b2fd45dcd9e61b425a08f0b2148ecd568ae4f3a0ffacd15213850fba8c313362783945cb3828592ef397f4d2ced750f890f6bf18447e6a32c02cbbb47795
7
+ data.tar.gz: aa587ef6d6e420761098ab2364aa485a36885cfdd6b09f9eec5ad838dbd108f759a91447818bc0279992b489513efad8a2381966dbbcf3f6fea3f3946069e676
data/CHANGELOG.md CHANGED
@@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
6
6
 
7
7
  ## [Unreleased]
8
8
 
9
+ ## 3.7.0
10
+
11
+ ### Changed
12
+
13
+ - Pip and pipenv sources will find dependency licenses under `dist-info/license_files` when available (https://github.com/github/licensed/pull/504)
14
+
9
15
  ## 3.6.0
10
16
 
11
17
  2022-03-17
@@ -597,4 +603,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
597
603
 
598
604
  Initial release :tada:
599
605
 
600
- [Unreleased]: https://github.com/github/licensed/compare/3.6.0...HEAD
606
+ [Unreleased]: https://github.com/github/licensed/compare/3.7.0...HEAD
@@ -10,18 +10,17 @@ module Licensed
10
10
  PACKAGE_INFO_SEPARATOR = "\n---\n"
11
11
 
12
12
  def enabled?
13
- virtual_env_pip && Licensed::Shell.tool_available?(virtual_env_pip)
13
+ !pip_command.empty? && Licensed::Shell.tool_available?(pip_command.join(""))
14
14
  end
15
15
 
16
16
  def enumerate_dependencies
17
17
  packages.map do |package|
18
- location = File.join(package["Location"], package["Name"].gsub("-", "_") + "-" + package["Version"] + ".dist-info")
19
18
  Dependency.new(
20
19
  name: package["Name"],
21
20
  version: package["Version"],
22
- path: location,
21
+ path: package_license_location(package),
23
22
  metadata: {
24
- "type" => Pip.type,
23
+ "type" => self.class.type,
25
24
  "summary" => package["Summary"],
26
25
  "homepage" => package["Home-page"]
27
26
  }
@@ -29,8 +28,24 @@ module Licensed
29
28
  end
30
29
  end
31
30
 
31
+ protected
32
+
33
+ # Returns the command to run pip
34
+ def pip_command
35
+ return [] unless virtual_env_dir
36
+ Array(File.join(virtual_env_dir, "bin", "pip"))
37
+ end
38
+
32
39
  private
33
40
 
41
+ # Returns the location of license files in the package, checking for the inclusion of a new `license_files`
42
+ # folder per https://peps.python.org/pep-0639/
43
+ def package_license_location(package)
44
+ dist_info = File.join(package["Location"], package["Name"].gsub("-", "_") + "-" + package["Version"] + ".dist-info")
45
+ license_files = File.join(dist_info, "license_files")
46
+ return File.exist?(license_files) ? license_files : dist_info
47
+ end
48
+
34
49
  # Returns parsed information for all packages used by the project,
35
50
  # using `pip list` to determine what packages are used and `pip show`
36
51
  # to gather package information
@@ -64,17 +79,12 @@ module Licensed
64
79
 
65
80
  # Returns the output from `pip list --format=json`
66
81
  def pip_list_command
67
- Licensed::Shell.execute(virtual_env_pip, "--disable-pip-version-check", "list", "--format=json")
82
+ Licensed::Shell.execute(*pip_command, "--disable-pip-version-check", "list", "--format=json")
68
83
  end
69
84
 
70
85
  # Returns the output from `pip show <package> <package> ...`
71
86
  def pip_show_command(packages)
72
- Licensed::Shell.execute(virtual_env_pip, "--disable-pip-version-check", "show", *packages)
73
- end
74
-
75
- def virtual_env_pip
76
- return unless virtual_env_dir
77
- File.join(virtual_env_dir, "bin", "pip")
87
+ Licensed::Shell.execute(*pip_command, "--disable-pip-version-check", "show", *packages)
78
88
  end
79
89
 
80
90
  def virtual_env_dir
@@ -4,44 +4,16 @@ require "parallel"
4
4
 
5
5
  module Licensed
6
6
  module Sources
7
- class Pipenv < Source
7
+ class Pipenv < Pip
8
8
  def enabled?
9
9
  Licensed::Shell.tool_available?("pipenv") && File.exist?(config.pwd.join("Pipfile.lock"))
10
10
  end
11
11
 
12
- def enumerate_dependencies
13
- Parallel.map(pakages_from_pipfile_lock, in_threads: Parallel.processor_count) do |package_name|
14
- package = package_info(package_name)
15
- location = File.join(package["Location"], package["Name"].gsub("-", "_") + "-" + package["Version"] + ".dist-info")
16
- Dependency.new(
17
- name: package["Name"],
18
- version: package["Version"],
19
- path: location,
20
- metadata: {
21
- "type" => Pipenv.type,
22
- "summary" => package["Summary"],
23
- "homepage" => package["Home-page"]
24
- }
25
- )
26
- end
27
- end
28
-
29
- private
30
-
31
- def pakages_from_pipfile_lock
32
- Licensed::Shell.execute("pipenv", "run", "pip", "list")
33
- .lines
34
- .drop(2) # Header
35
- .map { |line| line.strip.split.first.strip }
36
- end
12
+ protected
37
13
 
38
- def package_info(package_name)
39
- p_info = Licensed::Shell.execute("pipenv", "run", "pip", "--disable-pip-version-check", "show", package_name).lines
40
- p_info.each_with_object(Hash.new(0)) { |pkg, a|
41
- k, v = pkg.split(":", 2)
42
- next if k.nil? || k.empty?
43
- a[k.strip] = v&.strip
44
- }
14
+ # Returns the command to run pip
15
+ def pip_command
16
+ %w(pipenv run pip)
45
17
  end
46
18
  end
47
19
  end
@@ -14,8 +14,13 @@ module Licensed
14
14
  class << self
15
15
  attr_reader :sources
16
16
  def inherited(klass)
17
- # add child source classes are defined,
18
- # add them to the known sources list
17
+ # register the inherited class as a source on the Licensed::Sources::Source class
18
+ Licensed::Sources::Source.register_source(klass)
19
+ end
20
+
21
+ def register_source(klass)
22
+ # add the source class to the known sources list
23
+ return unless klass < Licensed::Sources::Source
19
24
  (@sources ||= []) << klass
20
25
  end
21
26
 
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
  module Licensed
3
- VERSION = "3.6.0".freeze
3
+ VERSION = "3.7.0".freeze
4
4
 
5
5
  def self.previous_major_versions
6
6
  major_version = Gem::Version.new(Licensed::VERSION).segments.first
data/licensed.gemspec CHANGED
@@ -35,7 +35,7 @@ Gem::Specification.new do |spec|
35
35
  spec.add_development_dependency "rake", ">= 12.3.3"
36
36
  spec.add_development_dependency "minitest", "~> 5.8"
37
37
  spec.add_development_dependency "mocha", "~> 1.0"
38
- spec.add_development_dependency "rubocop", "~> 0.49", "< 1.20"
38
+ spec.add_development_dependency "rubocop", "~> 1.26", "< 1.27"
39
39
  spec.add_development_dependency "rubocop-github", "~> 0.6"
40
- spec.add_development_dependency "byebug", "~> 11.0.1"
40
+ spec.add_development_dependency "byebug", "~> 11.1.3"
41
41
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: licensed
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.6.0
4
+ version: 3.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - GitHub
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2022-03-17 00:00:00.000000000 Z
11
+ date: 2022-04-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: licensee
@@ -188,20 +188,20 @@ dependencies:
188
188
  requirements:
189
189
  - - "~>"
190
190
  - !ruby/object:Gem::Version
191
- version: '0.49'
191
+ version: '1.26'
192
192
  - - "<"
193
193
  - !ruby/object:Gem::Version
194
- version: '1.20'
194
+ version: '1.27'
195
195
  type: :development
196
196
  prerelease: false
197
197
  version_requirements: !ruby/object:Gem::Requirement
198
198
  requirements:
199
199
  - - "~>"
200
200
  - !ruby/object:Gem::Version
201
- version: '0.49'
201
+ version: '1.26'
202
202
  - - "<"
203
203
  - !ruby/object:Gem::Version
204
- version: '1.20'
204
+ version: '1.27'
205
205
  - !ruby/object:Gem::Dependency
206
206
  name: rubocop-github
207
207
  requirement: !ruby/object:Gem::Requirement
@@ -222,14 +222,14 @@ dependencies:
222
222
  requirements:
223
223
  - - "~>"
224
224
  - !ruby/object:Gem::Version
225
- version: 11.0.1
225
+ version: 11.1.3
226
226
  type: :development
227
227
  prerelease: false
228
228
  version_requirements: !ruby/object:Gem::Requirement
229
229
  requirements:
230
230
  - - "~>"
231
231
  - !ruby/object:Gem::Version
232
- version: 11.0.1
232
+ version: 11.1.3
233
233
  description: Licensed automates extracting and validating the licenses of dependencies.
234
234
  email:
235
235
  - opensource+licensed@github.com