spandx 0.16.1 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: ba0b42d3a015296733d9666c1d4b3b4bf89a86622941dd608eca9eef258f4e7a
4
- data.tar.gz: 2dc3760f3e265a751a1b5affabfb13abeceb77d9c5980203fabea0758cc64347
3
+ metadata.gz: d884c729b0d1cb14391435f68b78a77cfb2a73860b8757d4421bda9ff06276bd
4
+ data.tar.gz: 2fe44244d7285b7fc5bd9ddf8660b2bd4b435d8908b6c5e67d305181e6356658
5
5
  SHA512:
6
- metadata.gz: 3e41d8d13f883bf9def9c684ff633c6d78077a25e999be320d5841e885cd3a45df39486a12fbee0eef8f632e32236dd294a1303901a401214b66c0dc387fd531
7
- data.tar.gz: 451efa448a0c702593e694e25ef0d62dbe49683b33d304951284642176340a94fd3e355978782ebac0d32a5cf224a962f2c80b3afbb489e1ce0b1204191cc9e4
6
+ metadata.gz: a6f25542efd0f506dbe65f5dbd179d562fbb37fd9498cffc1cee2ac8a0bfdfabab614269920aa2799736a198529408300277c2d87c7303f3463bd37e0ff67ee8
7
+ data.tar.gz: ebe7266727203ec7a84e741e2dfa5fa76db8a9da30dbfbb258618adbda6e7463a04174fd0c706c23c65068857f06584eef2fcdd25e05fe1ad0ebf5dbd9489c06
@@ -1,4 +1,4 @@
1
- Version 0.16.1
1
+ Version 0.17.0
2
2
 
3
3
  # Changelog
4
4
 
@@ -8,6 +8,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
8
8
  and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
9
9
 
10
10
  ## [Unreleased]
11
+ ## [0.17.0] - 2020-12-28
12
+ ### Added
13
+ - Allow indexing gems from index.rubygems.org.
11
14
 
12
15
  ## [0.16.1] - 2020-11-19
13
16
  ### Fixed
@@ -220,7 +223,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
220
223
  ### Added
221
224
  - Provide ruby API to the latest SPDX catalogue.
222
225
 
223
- [Unreleased]: https://github.com/spandx/spandx/compare/v0.16.1...HEAD
226
+ [Unreleased]: https://github.com/spandx/spandx/compare/v0.17.0...HEAD
227
+ [0.17.0]: https://github.com/spandx/spandx/compare/v0.16.1...v0.17.0
224
228
  [0.16.1]: https://github.com/spandx/spandx/compare/v0.16.0...v0.16.1
225
229
  [0.16.0]: https://github.com/spandx/spandx/compare/v0.15.1...v0.16.0
226
230
  [0.15.1]: https://github.com/spandx/spandx/compare/v0.15.0...v0.15.1
@@ -11,6 +11,7 @@ require 'nokogiri'
11
11
  require 'oj'
12
12
  require 'parslet'
13
13
  require 'pathname'
14
+ require 'sorted_set'
14
15
  require 'yaml'
15
16
  require 'zeitwerk'
16
17
  require 'spandx/spandx'
@@ -5,10 +5,11 @@ module Spandx
5
5
  module Commands
6
6
  class Build
7
7
  INDEXES = {
8
+ dotnet: Spandx::Dotnet::Index,
8
9
  maven: Spandx::Java::Index,
9
10
  nuget: Spandx::Dotnet::Index,
10
- dotnet: Spandx::Dotnet::Index,
11
11
  pypi: Spandx::Python::Index,
12
+ rubygems: Spandx::Ruby::Index,
12
13
  }.freeze
13
14
 
14
15
  def initialize(options)
@@ -12,15 +12,11 @@ module Spandx
12
12
  method_option :pull, aliases: '-p', type: :boolean, desc: 'Pull the latest cache before the scan', default: false
13
13
  method_option :require, aliases: '-r', type: :string, desc: 'Causes spandx to load the library using require.', default: nil
14
14
  def scan(lockfile = Pathname.pwd)
15
- if options[:help]
16
- invoke :help, ['scan']
17
- else
18
- Oj.default_options = { mode: :strict }
19
- Spandx.airgap = options[:airgap]
20
- Spandx.logger = Logger.new(options[:logfile])
21
- pull if options[:pull]
22
- Spandx::Cli::Commands::Scan.new(lockfile, options).execute
23
- end
15
+ return invoke :help, ['scan'] if options[:help]
16
+
17
+ prepare(options)
18
+ pull if options[:pull]
19
+ Spandx::Cli::Commands::Scan.new(lockfile, options).execute
24
20
  end
25
21
 
26
22
  desc 'pull', 'Pull the latest offline cache'
@@ -52,6 +48,14 @@ module Spandx
52
48
  puts "v#{Spandx::VERSION}"
53
49
  end
54
50
  map %w[--version -v] => :version
51
+
52
+ private
53
+
54
+ def prepare(options)
55
+ Oj.default_options = { mode: :strict }
56
+ Spandx.airgap = options[:airgap]
57
+ Spandx.logger = Logger.new(options[:logfile])
58
+ end
55
59
  end
56
60
  end
57
61
  end
@@ -8,8 +8,21 @@ module Spandx
8
8
  @http = http
9
9
  end
10
10
 
11
+ def each
12
+ response = http.get('https://index.rubygems.org/versions')
13
+ return unless http.ok?(response)
14
+
15
+ parse_each_from(StringIO.new(response.body)) do |item|
16
+ yield item
17
+ end
18
+ end
19
+
11
20
  def licenses_for(dependency)
12
- details_on(dependency.name, dependency.version)['licenses'] || []
21
+ licenses(dependency.name, dependency.version)
22
+ end
23
+
24
+ def licenses(name, version)
25
+ details_on(name, version)['licenses'] || []
13
26
  end
14
27
 
15
28
  def matches?(dependency)
@@ -20,6 +33,17 @@ module Spandx
20
33
 
21
34
  attr_reader :http
22
35
 
36
+ def parse_each_from(io)
37
+ _created_at = io.readline
38
+ _triple_dash = io.readline
39
+ until io.eof?
40
+ name, versions, _digest = io.readline.split(' ')
41
+ versions.split(',').each do |version|
42
+ yield({ name: name, version: version })
43
+ end
44
+ end
45
+ end
46
+
23
47
  def details_on(name, version)
24
48
  url = "https://rubygems.org/api/v2/rubygems/#{name}/versions/#{version}.json"
25
49
  response = http.get(url, default: {})
@@ -0,0 +1,52 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Spandx
4
+ module Ruby
5
+ class Index
6
+ include Enumerable
7
+
8
+ attr_reader :directory, :name, :rubygems
9
+
10
+ def initialize(directory:)
11
+ @directory = directory
12
+ @name = 'rubygems'
13
+ @cache = ::Spandx::Core::Cache.new(@name, root: directory)
14
+ @rubygems = ::Spandx::Ruby::Gateway.new
15
+ end
16
+
17
+ def update!(*)
18
+ queue = Queue.new
19
+ [fetch(queue), save(queue)].each(&:join)
20
+ cache.rebuild_index
21
+ end
22
+
23
+ private
24
+
25
+ attr_reader :cache
26
+
27
+ def fetch(queue)
28
+ Thread.new do
29
+ rubygems.each do |item|
30
+ queue.enq(
31
+ item.merge(
32
+ licenses: rubygems.licenses(item[:name], item[:version])
33
+ )
34
+ )
35
+ end
36
+ queue.enq(:stop)
37
+ end
38
+ end
39
+
40
+ def save(queue)
41
+ Thread.new do
42
+ loop do
43
+ item = queue.deq
44
+ break if item == :stop
45
+
46
+ cache.insert(item[:name], item[:version], item[:licenses])
47
+ end
48
+ end
49
+ end
50
+ end
51
+ end
52
+ end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Spandx
4
- VERSION = '0.16.1'
4
+ VERSION = '0.17.0'
5
5
  end
@@ -38,6 +38,7 @@ Gem::Specification.new do |spec|
38
38
  spec.add_dependency 'nokogiri', '~> 1.10'
39
39
  spec.add_dependency 'oj', '~> 3.10'
40
40
  spec.add_dependency 'parslet', '~> 2.0'
41
+ spec.add_dependency 'sorted_set', '~> 1.0'
41
42
  spec.add_dependency 'terminal-table', '~> 1.8'
42
43
  spec.add_dependency 'thor'
43
44
  spec.add_dependency 'tty-spinner', '~> 0.9'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: spandx
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.16.1
4
+ version: 0.17.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Can Eldem
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: exe
11
11
  cert_chain: []
12
- date: 2020-11-19 00:00:00.000000000 Z
12
+ date: 2020-12-29 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: addressable
@@ -101,6 +101,20 @@ dependencies:
101
101
  - - "~>"
102
102
  - !ruby/object:Gem::Version
103
103
  version: '2.0'
104
+ - !ruby/object:Gem::Dependency
105
+ name: sorted_set
106
+ requirement: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - "~>"
109
+ - !ruby/object:Gem::Version
110
+ version: '1.0'
111
+ type: :runtime
112
+ prerelease: false
113
+ version_requirements: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - "~>"
116
+ - !ruby/object:Gem::Version
117
+ version: '1.0'
104
118
  - !ruby/object:Gem::Dependency
105
119
  name: terminal-table
106
120
  requirement: !ruby/object:Gem::Requirement
@@ -413,6 +427,7 @@ files:
413
427
  - lib/spandx/python/pypi.rb
414
428
  - lib/spandx/python/source.rb
415
429
  - lib/spandx/ruby/gateway.rb
430
+ - lib/spandx/ruby/index.rb
416
431
  - lib/spandx/ruby/parsers/gemfile_lock.rb
417
432
  - lib/spandx/spdx/catalogue.rb
418
433
  - lib/spandx/spdx/composite_license.rb
@@ -443,7 +458,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
443
458
  - !ruby/object:Gem::Version
444
459
  version: '0'
445
460
  requirements: []
446
- rubygems_version: 3.1.4
461
+ rubygems_version: 3.2.3
447
462
  signing_key:
448
463
  specification_version: 4
449
464
  summary: A ruby interface to the SPDX catalogue.