licensed 3.8.0 → 3.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a8ae3ae52bbb8b7a7b9bca992046e870a917fa891600ecb81386d1aaeee3c65a
-  data.tar.gz: 31988f8d467f49ae8b3ba0765479a9ae5be4e2de4b60f58de6a40ab8578c50e5
+  metadata.gz: f4df54260766353e4cd56b9ae56ded611ed4d6a312469d43e18ab47b6b9cabde
+  data.tar.gz: 8f04c9e9d11bcaf7f47698a174ee1269346e798eaa176e28ac3282de482ef237
 SHA512:
-  metadata.gz: 6a14c36d7d1c0060114ff1b30176e148ba85f8a211249e8b4964af00a818677a4252ffc88428355a09e8070b765803ddf6a68d35db8ea14cf0253855f6cfd299
-  data.tar.gz: f735c4a13b0d8aa00c496e2d7f502e7fd23680865a2530f6262689f3484faa7a34297e05f7db6deb2b539b991cc4e8415816b3ecd10ce8d0d9e89830d277d3d6
+  metadata.gz: 0006a278b5b2a7af75ad7634fe11f418f310e7c7506e1ae3cc68bdfca873cdbf74b9bd359d2a9b917c8c79df3a91b589c0c7e8f0b6ad2c03349a81e3bfbc91cd
+  data.tar.gz: 0c6275c87fe724a747f0432395b568341c495453f0072aa78e0f1ee48e075ebfbd94de5ef85d3eb46adf7dfb16e203c725a90929be6dfe801bf53a7b55c783e8

data/CHANGELOG.md

@@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+## 3.9.0
+
+### Added
+
+- `NOTICE` files can now be generated without cached files in a repository (https://github.com/github/licensed/pull/572)
+
 ## 3.8.0
 
 ### Added
@@ -649,4 +655,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 Initial release :tada:
 
-[Unreleased]: https://github.com/github/licensed/compare/3.8.0...HEAD
+[Unreleased]: https://github.com/github/licensed/compare/3.9.0...HEAD

data/docs/commands/notices.md

@@ -2,7 +2,7 @@
 
 Outputs license and notice text for all dependencies in each app into a `NOTICE` file in the app's `cache_path`.  If an app uses a shared cache path, the file name will contain the app name as well, e.g. `NOTICE.my_app`.
 
-`NOTICE` file contents are retrieved from cached records, with the assumption that cached records have already been reviewed in a compliance workflow.
+`NOTICE` file contents are retrieved from cached records when the `--computed`/`-l` option is not set, with the assumption that cached records have already been reviewed in a compliance workflow.  When the `--computed`/`-l` option is set and a dependency's license is not found, that dependency's license text will be empty in the `NOTICE` file.
 
 ## Options
 
@@ -10,3 +10,5 @@ Outputs license and notice text for all dependencies in each app into a `NOTICE`
    - default value: `./.licensed.yml`
 - `--sources`/`-s`: runtime filter on which dependency sources are run.  Sources must also be enabled in the licensed configuration file.
    - default value: not set, all configured sources
+- `--computed`/`-l`: use live computed when generating a `NOTICE` file
+   - default value: not set, `NOTICE` file generated from cached records

data/lib/licensed/cli.rb

@@ -46,13 +46,15 @@ module Licensed
       run Licensed::Commands::List.new(config: config), sources: options[:sources], reporter: options[:format], licenses: options[:licenses]
     end
 
-    desc "notices", "Generate a NOTICE file from cached records"
+    desc "notices", "Generate a NOTICE file with dependency data"
     method_option :config, aliases: "-c", type: :string,
       desc: "Path to licensed configuration file"
     method_option :sources, aliases: "-s", type: :array,
       desc: "Individual source(s) to evaluate.  Must also be enabled via configuration."
+    method_option :computed, aliases: "-l", type: :boolean,
+      desc: "Whether to generate a NOTICE file using computed data or cached records"
     def notices
-      run Licensed::Commands::Notices.new(config: config), sources: options[:sources]
+      run Licensed::Commands::Notices.new(config: config), sources: options[:sources], computed: options[:computed]
     end
 
     map "-v" => :version

data/lib/licensed/commands/notices.rb

@@ -13,7 +13,7 @@ module Licensed
 
       protected
 
-      # Load stored dependency record data to add to the notices report.
+      # Load a dependency record data and add it to the notices report.
       #
       # app - The application configuration for the dependency
       # source - The dependency source enumerator for the dependency
@@ -22,13 +22,36 @@ module Licensed
       #
       # Returns true.
       def evaluate_dependency(app, source, dependency, report)
+        report["record"] =
+          if load_dependency_record_from_files
+            load_cached_dependency_record(app, source, dependency, report)
+          else
+            dependency.record
+          end
+
+        true
+      end
+
+      # Loads a dependency record from a cached file.
+      #
+      # app - The application configuration for the dependency
+      # source - The dependency source enumerator for the dependency
+      # dependency - An application dependency
+      # report - A report hash for the command to provide extra data for the report output.
+      #
+      # Returns a dependency record or nil if one doesn't exist
+      def load_cached_dependency_record(app, source, dependency, report)
         filename = app.cache_path.join(source.class.type, "#{dependency.name}.#{DependencyRecord::EXTENSION}")
-        report["cached_record"] = Licensed::DependencyRecord.read(filename)
-        if !report["cached_record"]
+        record = Licensed::DependencyRecord.read(filename)
+        if !record
           report.warnings << "expected cached record not found at #{filename}"
         end
 
-        true
+        record
+      end
+
+      def load_dependency_record_from_files
+        !options.fetch(:computed, false)
       end
     end
   end

data/lib/licensed/reporters/notices_reporter.rb

@@ -54,11 +54,11 @@ module Licensed
       def notices(report)
         return unless report.target.is_a?(Licensed::Dependency)
 
-        cached_record = report["cached_record"]
-        return unless cached_record
+        record = report["record"]
+        return unless record
 
-        texts = cached_record.licenses.map(&:text)
-        cached_record.notices.each do |notice|
+        texts = record.licenses.map(&:text)
+        record.notices.each do |notice|
           case notice
           when Hash
             texts << notice["text"]
@@ -70,7 +70,7 @@ module Licensed
         end
 
         <<~NOTICE
-          #{cached_record["name"]}@#{cached_record["version"]}
+          #{record["name"]}@#{record["version"]}
 
           #{texts.map(&:strip).reject(&:empty?).compact.join(TEXT_SEPARATOR)}
         NOTICE

data/lib/licensed/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 module Licensed
-  VERSION = "3.8.0".freeze
+  VERSION = "3.9.0".freeze
 
   def self.previous_major_versions
     major_version = Gem::Version.new(Licensed::VERSION).segments.first

data/licensed.gemspec

@@ -35,7 +35,7 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "rake", ">= 12.3.3"
   spec.add_development_dependency "minitest", "~> 5.8"
-  spec.add_development_dependency "mocha", "~> 1.0"
+  spec.add_development_dependency "mocha", "~> 2.0"
   spec.add_development_dependency "rubocop-github", "~> 0.6"
   spec.add_development_dependency "byebug", "~> 11.1.3"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: licensed
 version: !ruby/object:Gem::Version
-  version: 3.8.0
+  version: 3.9.0
 platform: ruby
 authors:
 - GitHub
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-10-29 00:00:00.000000000 Z
+date: 2022-11-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: licensee
@@ -188,14 +188,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: rubocop-github
   requirement: !ruby/object:Gem::Requirement