organization_license_audit 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 5bddd806ad923e0021c5c5b07a36f158ca441e4a
+  data.tar.gz: aea6b5b9d57b337239176447d26af60740c3ee4d
+SHA512:
+  metadata.gz: 8150765f1816d56a28c010ebc6f5d6eeba25a0de372c08ab40d08e6fc2845eb3b6f9ed81d9b88011ffe7be11b639e1816b4068ef927f6e3f9dd23ff28a3e8831
+  data.tar.gz: 8e3b2df4f8b2869d1ff8b5f7abcd79e12f6575d6f3df10ca70468d2a54895546d850586639a4145444b41936f7ed1e6dc572d8753f5c46933ea7df2f99afb6c7

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (C) 2013 Michael Grosser <michael@grosser.it>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/bin/organization-license-audit

@@ -0,0 +1,35 @@
+#!/usr/bin/env ruby
+require "rubygems"
+require "optparse"
+
+$LOAD_PATH << File.join(File.dirname(__FILE__), '..', 'lib')
+require "organization_license_audit"
+
+def git_config(thing)
+  result = `git config #{thing}`.strip
+  result.empty? ? nil : result
+end
+
+options = {
+  :ignore => [],
+  :user => git_config("github.user"),
+  :whitelist => []
+}
+OptionParser.new do |parser|
+  parser.banner = <<BANNER
+Audit all licenses used by your github organization/user
+
+Usage:
+    organization-license-audit your-user-name
+
+Options:
+BANNER
+  OrganizationAudit.optparse(parser, options)
+  parser.on("--csv", "Dump a csv summary") { options[:csv] = true }
+  parser.on("--ignore-gems", "Ignore repos that have a %{repo}.gemspec") { options[:ignore_gems] = true }
+  parser.on("-w", "--whitelist=LICENSES", String, "Comma separated list of licenses") { |whitelist| options[:whitelist] = whitelist.split(",") }
+  parser.on("-h", "--help", "Show this.") { puts parser; exit }
+  parser.on("-v", "--version", "Show Version"){ puts OrganizationLicenseAudit::VERSION; exit}
+end.parse!
+
+exit OrganizationLicenseAudit.run(options)

data/lib/organization_license_audit.rb

@@ -0,0 +1,140 @@
+require "organization_license_audit/version"
+require "tmpdir"
+require "organization_audit"
+
+module OrganizationLicenseAudit
+  BUNDLE_PATH = "vendor/bundle"
+  RESULT_LINE = /(^[a-z_\d-]+), ([^,]+), (.+)/
+  APPROVAL_HEADING = "Dependencies that need approval"
+
+  class << self
+    def run(options)
+      bad = find_bad(options)
+      if bad.any?
+        $stderr.puts "Failed:"
+
+        errors = bad.map { |repo, output| [repo, extract_error(output)] }
+
+        errors.each do |repo, unapproved|
+          puts "#{describe_error(unapproved)} -- #{repo}"
+        end
+
+        if options[:csv]
+          puts
+          puts "CSV:"
+          puts csv(errors)
+        end
+
+        1
+      else
+        0
+      end
+    end
+
+    private
+
+    def describe_error(unapproved)
+      if unapproved
+        unapproved.map(&:last).flatten.uniq.sort.join(", ")
+      else
+        "Unknown error"
+      end
+    end
+
+    def csv(errors)
+      require "csv"
+      CSV.generate do |csv|
+        csv << ["repo", "dependency", "license"]
+        errors.each do |repo, errors|
+          if errors
+            errors.each do |gem, license|
+              csv << [repo.url, gem, license]
+            end
+          else
+            csv << [repo.url, "Unknown error"]
+          end
+        end
+      end
+    end
+
+    def extract_error(output)
+      if output.include?(APPROVAL_HEADING)
+        output = output.split("\n")
+        output.reject! { |l| l.include?(APPROVAL_HEADING) || l.strip == "" }
+        output.map do |line|
+          if line =~ RESULT_LINE
+            [$1, $3]
+          else
+            ["unparsable-line", line] # do not swallow the unknown or we might hide an error
+          end
+        end
+      end
+    end
+
+    def download_file(repo, file)
+      return unless content = repo.content(file)
+      File.write(file, content)
+    end
+
+    def find_bad(options)
+      OrganizationAudit.all(options).map do |repo|
+        next if options[:ignore_gems] and repo.gem?
+        success, output = audit_repo(repo, options)
+        $stderr.puts ""
+        [repo, output] unless success
+      end.compact
+    end
+
+    def audit_repo(repo, options)
+      $stderr.puts repo.name
+      in_temp_dir do
+        raise "Clone failed" unless sh("git clone #{repo.clone_url} --depth 1 --quiet").first
+        Dir.chdir repo.name do
+          with_clean_env do
+            bundled = File.exist?("Gemfile")
+            raise "Failed to bundle" if bundled && !sh("bundle --path #{BUNDLE_PATH} --quiet").first
+            options[:whitelist].each do |license|
+              raise "failed to approve #{license}" unless system("license_finder whitelist add '#{license}' >/dev/null")
+            end
+            sh("#{combined_gem_path if bundled}license_finder --quiet")
+          end
+        end
+      end
+    rescue Exception => e
+      raise if e.is_a?(Interrupt) # user interrupted
+      $stderr.puts "Error auditing #{repo.name} (#{e})"
+      true
+    end
+
+    # license_finder loads all gems in the target repo, which fails if they are not available in the current ruby installation
+    # so we have to add the gems in vendor/bundle to the gems currently available from this bundle
+    def combined_gem_path
+      "GEM_PATH=#{`gem env path`.strip}:#{BUNDLE_PATH}/ruby/* "
+    end
+
+    def in_temp_dir(&block)
+      Dir.mktmpdir { |dir| Dir.chdir(dir, &block) }
+    end
+
+    def with_clean_env(&block)
+      if defined?(Bundler)
+        Bundler.with_clean_env(&block)
+      else
+        yield
+      end
+    end
+
+    # http://grosser.it/2010/12/11/sh-without-rake
+    def sh(cmd)
+      output = ""
+      $stderr.puts cmd.sub(/GEM_PATH=[^ ]+ /, "")
+      IO.popen(cmd) do |pipe|
+        while str = pipe.gets
+          output << str
+          $stderr.puts str
+        end
+      end
+      [$?.success?, output]
+    end
+  end
+end

data/lib/organization_license_audit/version.rb

@@ -0,0 +1,3 @@
+module OrganizationLicenseAudit
+  VERSION = "1.0.0"
+end

metadata

@@ -0,0 +1,97 @@
+--- !ruby/object:Gem::Specification
+name: organization_license_audit
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Michael Grosser
+autorequire: 
+bindir: bin
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDMjCCAhqgAwIBAgIBADANBgkqhkiG9w0BAQUFADA/MRAwDgYDVQQDDAdtaWNo
+  YWVsMRcwFQYKCZImiZPyLGQBGRYHZ3Jvc3NlcjESMBAGCgmSJomT8ixkARkWAml0
+  MB4XDTEzMDIwMzE4MTMxMVoXDTE0MDIwMzE4MTMxMVowPzEQMA4GA1UEAwwHbWlj
+  aGFlbDEXMBUGCgmSJomT8ixkARkWB2dyb3NzZXIxEjAQBgoJkiaJk/IsZAEZFgJp
+  dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMorXo/hgbUq97+kII9H
+  MsQcLdC/7wQ1ZP2OshVHPkeP0qH8MBHGg6eYisOX2ubNagF9YTCZWnhrdKrwpLOO
+  cPLaZbjUjljJ3cQR3B8Yn1veV5IhG86QseTBjymzJWsLpqJ1UZGpfB9tXcsFtuxO
+  6vHvcIHdzvc/OUkICttLbH+1qb6rsHUceqh+JrH4GrsJ5H4hAfIdyS2XMK7YRKbh
+  h+IBu6dFWJJByzFsYmV1PDXln3UBmgAt65cmCu4qPfThioCGDzbSJrGDGLmw/pFX
+  FPpVCm1zgYSb1v6Qnf3cgXa2f2wYGm17+zAVyIDpwryFru9yF/jJxE38z/DRsd9R
+  /88CAwEAAaM5MDcwCQYDVR0TBAIwADAdBgNVHQ4EFgQUsiNnXHtKeMYYcr4yJVmQ
+  WONL+IwwCwYDVR0PBAQDAgSwMA0GCSqGSIb3DQEBBQUAA4IBAQAlyN7kKo/NQCQ0
+  AOzZLZ3WAePvStkCFIJ53tsv5Kyo4pMAllv+BgPzzBt7qi605mFSL6zBd9uLou+W
+  Co3s48p1dy7CjjAfVQdmVNHF3MwXtfC2OEyvSQPi4xKR8iba8wa3xp9LVo1PuLpw
+  /6DsrChWw74HfsJN6qJOK684hJeT8lBYAUfiC3wD0owoPSg+XtyAAddisR+KV5Y1
+  NmVHuLtQcNTZy+gRht3ahJRMuC6QyLmkTsf+6MaenwAMkAgHdswGsJztOnNnBa3F
+  y0kCSWmK6D+x/SbfS6r7Ke07MRqziJdB9GuE1+0cIRuFh8EQ+LN6HXCKM5pon/GU
+  ycwMXfl0
+  -----END CERTIFICATE-----
+date: 2013-12-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: organization_audit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: license_finder
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email: michael@grosser.it
+executables:
+- organization-license-audit
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- bin/organization-license-audit
+- lib/organization_license_audit.rb
+- lib/organization_license_audit/version.rb
+homepage: http://github.com/grosser/organization_license_audit
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.14
+signing_key: 
+specification_version: 4
+summary: Audit all licenses used by your github organization/user
+test_files: []

metadata.gz.sig

@@ -0,0 +1 @@
+:�`��y�)�JM�t��	X.5y~�������]G�X��M��Nq��9|�h�Wa{���C K*�^��h�ZP4!EMkf9�\wI�9p
ap�i7�w��|�N���h�.�������f^7��