spandx 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 79b4eefa834b1649c1cced69cd4666bdabb22f42383cb177545042e3c643eac9
-  data.tar.gz: e0c3e8836e82c3b34eed0c83d0cdca7212334e87030fb900ae8152e1fa13ffb5
+  metadata.gz: a8c7d63af4cdd331e0f9ab51eb895797567278365cc1029dbbe07744158cb5f4
+  data.tar.gz: d8cb97dfc05729a577a95c358d2a8397b43bd4628925bf3bcb55b282d6042ee8
 SHA512:
-  metadata.gz: 492a1ed30bb41f77c748c6ad70aa258ae16e74d2ee2e8bb437def781d72389403c6a67baf90d728c13971e9a1cf47c5f9535a63f2b754870f936ccb81d73ff3c
-  data.tar.gz: 6c4281a992017b9dc07e9837426f862a5daa7514f20fa01674896a502b5356c31ab9877ac2e8372fbf39d07f97b21bf1eb3eb50f294dcc88a68ec92e69599e48
+  metadata.gz: 252c70cd5862c795eede663242f22b4be188c35a950fa55f41f1b324f9e6ee73b8a1a4bebf3d875fbd68b640359db6e20d5c0bbdd42e90dc640470a5fa91d7ad
+  data.tar.gz: 14a5bc5fe4ad89de5288df9ea6425d234d25daced1c6429e17563809ec666109c9b8ba668881cf32b5528c480b44a0fa32b3f57c33bb2608f123c2fd3c62d498

data/.github/workflows/ci.yml

@@ -0,0 +1,13 @@
+name: ci
+on: [push]
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Set up Ruby 2.6
+        uses: actions/setup-ruby@v1
+        with:
+          ruby-version: 2.6.x
+      - name: Run cibuild
+        run: bin/cibuild

data/.gitignore

@@ -9,3 +9,4 @@
 
 # rspec failure tracking
 .rspec_status
+*.log

data/.rubocop.yml

@@ -3,46 +3,24 @@ require:
 
 AllCops:
   Exclude:
-    - 'coverage/**/*'
     - 'pkg/**/*'
     - 'spec/fixtures/**/*'
-    - 'tmp/**/*'
-    - 'vendor/**/*'
   TargetRubyVersion: 2.6
 
-Layout/AlignArguments:
+Layout/ArgumentAlignment:
   EnforcedStyle: with_fixed_indentation
 
-Layout/AlignParameters:
+Layout/ParameterAlignment:
   Enabled: true
   EnforcedStyle: with_fixed_indentation
   IndentationWidth: 2
 
-Layout/ClassStructure:
-  Enabled: true
-  Categories:
-    module_inclusion:
-      - include
-      - prepend
-      - extend
-  ExpectedOrder:
-      - module_inclusion
-      - constants
-      - public_class_methods
-      - initializer
-      - instance_methods
-      - protected_methods
-      - private_methods
-
 Layout/EndOfLine:
   EnforcedStyle: lf
 
-Layout/IndentFirstArrayElement:
+Layout/FirstArrayElementIndentation:
   EnforcedStyle: consistent
 
-Layout/IndentHeredoc:
-  EnforcedStyle: active_support
-
 Layout/MultilineMethodCallIndentation:
   Enabled: true
   EnforcedStyle: indented
@@ -51,14 +29,8 @@ Lint/AmbiguousBlockAssociation:
   Exclude:
     - 'spec/**/*.rb'
 
-Lint/InterpolationCheck:
-  Exclude:
-    - 'spec/**/*.rb'
-
 Metrics/BlockLength:
   Exclude:
-    - '**/**/*.builder'
-    - '**/*.rake'
     - '*.gemspec'
     - 'Rakefile'
     - 'spec/**/*.rb'
@@ -69,24 +41,16 @@ Metrics/ModuleLength:
 
 Metrics/LineLength:
   Exclude:
-    - 'lib/saml/kit/builders/templates/*.builder'
     - 'spec/**/*.rb'
   IgnoredPatterns:
     - '^#*'
 
-Naming/FileName:
-  Exclude:
-    - 'lib/saml-kit.rb'
-
 Naming/RescuedExceptionsVariableName:
   PreferredName: error
 
 Style/Documentation:
   Enabled: false
 
-Style/EachWithObject:
-  Enabled: false
-
 Style/StringLiterals:
   EnforcedStyle: 'single_quotes'
 
@@ -99,14 +63,12 @@ Style/TrailingCommaInHashLiteral:
 RSpec/ExampleLength:
   Max: 80
 
-RSpec/MultipleExpectations:
-  Enabled: false
-
 RSpec/NamedSubject:
   Enabled: false
 
-RSpec/NestedGroups:
-  Max: 7
-
-RSpec/SubjectStub:
+RSpec/FilePath:
   Enabled: false
+
+RSpec/DescribeClass:
+  Exclude:
+    - 'spec/integration/**/*'

data/CHANGELOG.md

@@ -0,0 +1,25 @@
+Version 0.1.2
+
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+- nil
+
+## [0.1.2] - 2020-01-16
+### Added
+- Add CLI for `spandx scan <LOCKER>`
+- Parse Gemfile.lock for dependencies.
+- Parse Pipfile.lock for dependencies.
+- Allow lookup for a specific license by id
+
+## [0.1.1] - 2019-10-05
+### Added
+- Provide ruby API to the latest SPDX catalogue.
+
+[Unreleased]: https://github.com/mokhan/spandx/compare/v0.1.2...HEAD
+[0.1.2]: https://github.com/mokhan/spandx/compare/v0.1.1...v0.1.2
+[0.1.1]: https://github.com/mokhan/spandx/compare/v0.1.0...v0.1.1

data/Gemfile.lock

@@ -1,8 +1,9 @@
 PATH
   remote: .
   specs:
-    spandx (0.1.1)
-      net-hippie (~> 0.2)
+    spandx (0.1.2)
+      net-hippie (~> 0.3)
+      thor (~> 0.1)
 
 GEM
   remote: https://rubygems.org/
@@ -17,35 +18,35 @@ GEM
       safe_yaml (~> 1.0.0)
     diff-lcs (1.3)
     hashdiff (1.0.0)
-    jaro_winkler (1.5.3)
-    net-hippie (0.2.6)
-    parallel (1.17.0)
-    parser (2.6.5.0)
+    jaro_winkler (1.5.4)
+    net-hippie (0.3.1)
+    parallel (1.19.1)
+    parser (2.7.0.0)
       ast (~> 2.4.0)
-    public_suffix (4.0.1)
+    public_suffix (4.0.2)
     rainbow (3.0.0)
-    rake (10.5.0)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.2)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.5)
+    rake (13.0.1)
+    rspec (3.9.0)
+      rspec-core (~> 3.9.0)
+      rspec-expectations (~> 3.9.0)
+      rspec-mocks (~> 3.9.0)
+    rspec-core (3.9.0)
+      rspec-support (~> 3.9.0)
+    rspec-expectations (3.9.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.2)
+      rspec-support (~> 3.9.0)
+    rspec-mocks (3.9.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.3)
-    rubocop (0.75.0)
+      rspec-support (~> 3.9.0)
+    rspec-support (3.9.0)
+    rubocop (0.78.0)
       jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
       parser (>= 2.6)
       rainbow (>= 2.2.2, < 4.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 1.4.0, < 1.7)
-    rubocop-rspec (1.36.0)
+    rubocop-rspec (1.37.1)
       rubocop (>= 0.68.1)
     ruby-progressbar (1.10.1)
     safe_yaml (1.0.5)
@@ -62,7 +63,7 @@ PLATFORMS
 DEPENDENCIES
   bundler (~> 2.0)
   bundler-audit (~> 0.6)
-  rake (~> 10.0)
+  rake (~> 13.0)
   rspec (~> 3.0)
   rubocop (~> 0.52)
   rubocop-rspec (~> 1.22)
@@ -70,4 +71,4 @@ DEPENDENCIES
   webmock (~> 3.7)
 
 BUNDLED WITH
-   2.0.2
+   2.1.2

data/README.md

@@ -1,7 +1,8 @@
 # Spandx
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/spandx`. To experiment with that code, run `bin/console` for an interactive prompt.
+A ruby API for interacting with the https://spdx.org software license catalogue.
 
+![badge](https://github.com/mokhan/spandx/workflows/ci/badge.svg)
 
 ## Installation
 
@@ -21,7 +22,7 @@ Or install it yourself as:
 
 ## Usage
 
-TODO: Write usage instructions here
+To fetch the latest version of the catalogue data from [SPDX](https://spdx.org/licenses/licenses.json).
 
 ```ruby
 catalogue = Spandx::Catalogue.latest
@@ -30,6 +31,16 @@ catalogue.each do |license|
 end
 ```
 
+To load an offline copy of the data.
+
+```ruby
+path = File.join(Dir.pwd, 'licenses.json')
+catalogue = Spandx::Catalogue.from_file(path)
+catalogue.each do |license|
+  puts license.inspect
+end
+```
+
 ## Development
 
 After checking out the repo, run `bin/setup` to install dependencies. Then, run `bin/cibuild` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
@@ -38,7 +49,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
 
 ## Contributing
 
-Bug reports and pull requests are welcome on GitLab at https://gitlab.com/xlgmokha/spandx.
+Bug reports and pull requests are welcome on GitHub at https://github.com/mokhan/spandx.
 
 ## License
 

data/exe/spandx

@@ -1,4 +1,18 @@
 #!/usr/bin/env ruby
 # frozen_string_literal: true
 
-require 'spandx'
+lib_path = File.expand_path('../lib', __dir__)
+$LOAD_PATH.unshift(lib_path) unless $LOAD_PATH.include?(lib_path)
+require 'spandx/cli'
+
+Signal.trap('INT') do
+  warn("\n#{caller.join("\n")}: interrupted")
+  exit(1)
+end
+
+begin
+  Spandx::CLI.start
+rescue Spandx::CLI::Error => error
+  puts "ERROR: #{error.message}"
+  exit 1
+end

data/lib/spandx/catalogue.rb

@@ -8,6 +8,10 @@ module Spandx
       @catalogue = catalogue
     end
 
+    def [](id)
+      identity_map[id]
+    end
+
     def version
       catalogue[:licenseListVersion]
     end
@@ -18,8 +22,18 @@ module Spandx
       end
     end
 
-    def self.latest
-      CatalogueGateway.new.fetch
+    class << self
+      def latest(gateway: ::Spandx::Gateways::Spdx.new)
+        gateway.fetch
+      end
+
+      def from_file(path)
+        new(JSON.parse(IO.read(path), symbolize_names: true))
+      end
+
+      def empty
+        @empty ||= new(licenses: [])
+      end
     end
 
     private
@@ -27,7 +41,7 @@ module Spandx
     attr_reader :catalogue
 
     def licenses
-      @licenses ||= catalogue.fetch(:licenses, []).map { |x| map_from(x) }
+      @licenses ||= identity_map.values
     end
 
     def map_from(license_hash)
@@ -37,5 +51,13 @@ module Spandx
     def present?(item)
       item && !item.empty?
     end
+
+    def identity_map
+      @identity_map ||=
+        catalogue.fetch(:licenses, []).each_with_object({}) do |hash, memo|
+          license = map_from(hash)
+          memo[license.id] = license if present?(license.id)
+        end
+    end
   end
 end

data/lib/spandx/cli.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require 'thor'
+
+require 'spandx'
+require 'spandx/command'
+require 'spandx/commands/scan'
+
+module Spandx
+  class CLI < Thor
+    Error = Class.new(StandardError)
+
+    desc 'version', 'spandx version'
+    def version
+      puts "v#{Spandx::VERSION}"
+    end
+    map %w[--version -v] => :version
+
+    desc 'scan LOCKFILE', 'Command description...'
+    method_option :help, aliases: '-h', type: :boolean,
+                         desc: 'Display usage information'
+    def scan(lockfile = nil)
+      if options[:help]
+        invoke :help, ['scan']
+      else
+        Spandx::Commands::Scan.new(lockfile, options).execute
+      end
+    end
+  end
+end

data/lib/spandx/command.rb

@@ -0,0 +1,119 @@
+# frozen_string_literal: true
+
+module Spandx
+  class Command
+    extend Forwardable
+
+    def_delegators :command, :run
+
+    # Execute this command
+    #
+    # @api public
+    def execute(*)
+      raise(
+        NotImplementedError,
+        "#{self.class}##{__method__} must be implemented"
+      )
+    end
+
+    # The external commands runner
+    #
+    # @see http://www.rubydoc.info/gems/tty-command
+    #
+    # @api public
+    def command(**options)
+      require 'tty-command'
+      TTY::Command.new(options)
+    end
+
+    # The cursor movement
+    #
+    # @see http://www.rubydoc.info/gems/tty-cursor
+    #
+    # @api public
+    def cursor
+      require 'tty-cursor'
+      TTY::Cursor
+    end
+
+    # Open a file or text in the user's preferred editor
+    #
+    # @see http://www.rubydoc.info/gems/tty-editor
+    #
+    # @api public
+    def editor
+      require 'tty-editor'
+      TTY::Editor
+    end
+
+    # File manipulation utility methods
+    #
+    # @see http://www.rubydoc.info/gems/tty-file
+    #
+    # @api public
+    def generator
+      require 'tty-file'
+      TTY::File
+    end
+
+    # Terminal output paging
+    #
+    # @see http://www.rubydoc.info/gems/tty-pager
+    #
+    # @api public
+    def pager(**options)
+      require 'tty-pager'
+      TTY::Pager.new(options)
+    end
+
+    # Terminal platform and OS properties
+    #
+    # @see http://www.rubydoc.info/gems/tty-pager
+    #
+    # @api public
+    def platform
+      require 'tty-platform'
+      TTY::Platform.new
+    end
+
+    # The interactive prompt
+    #
+    # @see http://www.rubydoc.info/gems/tty-prompt
+    #
+    # @api public
+    def prompt(**options)
+      require 'tty-prompt'
+      TTY::Prompt.new(options)
+    end
+
+    # Get terminal screen properties
+    #
+    # @see http://www.rubydoc.info/gems/tty-screen
+    #
+    # @api public
+    def screen
+      require 'tty-screen'
+      TTY::Screen
+    end
+
+    # The unix which utility
+    #
+    # @see http://www.rubydoc.info/gems/tty-which
+    #
+    # @api public
+    def which(*args)
+      require 'tty-which'
+      TTY::Which.which(*args)
+    end
+
+    # Check if executable exists
+    #
+    # @see http://www.rubydoc.info/gems/tty-which
+    #
+    # @api public
+    def exec_exist?(*args)
+      require 'tty-which'
+      TTY::Which.exist?(*args)
+    end
+  end
+end

data/lib/spandx/commands/scan.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Commands
+    class Scan < Spandx::Command
+      attr_reader :lockfile
+
+      def initialize(lockfile, options)
+        @lockfile = lockfile ? Pathname.new(File.expand_path(lockfile)) : nil
+        @options = options
+      end
+
+      def execute(output: $stdout)
+        if lockfile.nil?
+          output.puts 'OK'
+        else
+          report = Parsers.for(lockfile).parse(lockfile)
+          output.puts report.to_json
+        end
+      end
+    end
+  end
+end

data/lib/spandx/gateways/http.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Gateways
+    class Http
+      attr_reader :driver
+
+      def initialize(driver: Http.default_driver)
+        @driver = driver
+      end
+
+      def get(uri, default: nil)
+        driver.with_retry do |client|
+          client.get(uri)
+        end
+      rescue *Net::Hippie::CONNECTION_ERRORS
+        default
+      end
+
+      def ok?(response)
+        response.is_a?(Net::HTTPSuccess)
+      end
+
+      def self.default_driver
+        @default_driver ||= Net::Hippie::Client.new.tap do |client|
+          client.logger = ::Logger.new('http.log')
+          client.follow_redirects = 3
+        end
+      end
+    end
+  end
+end

data/lib/spandx/gateways/pypi.rb

@@ -0,0 +1,59 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Gateways
+    class PyPI
+      class Source
+        attr_reader :name, :uri, :verify_ssl
+
+        def initialize(source)
+          @name = source['name']
+          @uri = URI.parse(source['url'])
+          @verify_ssl = source['verify_ssl']
+        end
+
+        def host
+          @uri.host
+        end
+
+        def uri_for(name, version)
+          URI.parse("https://#{host}/pypi/#{name}/#{version}/json")
+        end
+
+        def lookup(name, version, http: Spandx.http)
+          response = http.get(uri_for(name, version))
+          response if http.ok?(response)
+        end
+
+        class << self
+          def sources_from(json)
+            meta = json['_meta']
+            meta['sources'].map do |hash|
+              Gateways::PyPI::Source.new(hash)
+            end
+          end
+
+          def default
+            new(
+              'name' => 'pypi',
+              'url' => 'https://pypi.org/simple',
+              'verify_ssl' => true
+            )
+          end
+        end
+      end
+
+      def initialize(sources: [Source.default])
+        @sources = sources
+      end
+
+      def definition_for(name, version)
+        @sources.each do |source|
+          response = source.lookup(name, version)
+          return JSON.parse(response.body).fetch('info', {}) if response
+        end
+        {}
+      end
+    end
+  end
+end

data/lib/spandx/gateways/spdx.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Gateways
+    class Spdx
+      URL = 'https://spdx.org/licenses/licenses.json'
+
+      def fetch(url: URL, http: Spandx.http, default: Catalogue.empty)
+        response = http.get(url, default: default)
+        http.ok?(response) ? parse(response.body) : default
+      end
+
+      private
+
+      def parse(json)
+        Catalogue.new(JSON.parse(json, symbolize_names: true))
+      end
+    end
+  end
+end

data/lib/spandx/parsers/base.rb

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Parsers
+    class Base
+      attr_reader :catalogue
+
+      def initialize(catalogue:)
+        @catalogue = catalogue
+      end
+
+      class << self
+        include Enumerable
+
+        def each(&block)
+          registry.each do |x|
+            block.call(x)
+          end
+        end
+
+        def inherited(subclass)
+          registry.push(subclass)
+        end
+
+        def registry
+          @registry ||= []
+        end
+      end
+    end
+  end
+end

data/lib/spandx/parsers/gemfile_lock.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Parsers
+    class GemfileLock < Base
+      def self.matches?(filename)
+        filename.match?(/Gemfile.*\.lock/)
+      end
+
+      def parse(lockfile)
+        report = Report.new
+        dependencies_from(lockfile) do |dependency|
+          spec = dependency.to_spec
+          report.add(
+            name: dependency.name,
+            version: spec.version.to_s,
+            licenses: [catalogue[spec.license]]
+          )
+        end
+        report
+      end
+
+      private
+
+      def dependencies_from(lockfile)
+        ::Bundler::LockfileParser
+          .new(IO.read(lockfile))
+          .dependencies.each do |_key, dependency|
+          yield dependency
+        end
+      end
+    end
+  end
+end

data/lib/spandx/parsers/pipfile_lock.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Spandx
+  module Parsers
+    class PipfileLock < Base
+      def self.matches?(filename)
+        filename.match?(/Pipfile.*\.lock/)
+      end
+
+      def parse(lockfile)
+        report = Report.new
+        dependencies_from(lockfile) do |x|
+          report.add(
+            name: x[:name],
+            version: x[:version],
+            licenses: x[:licenses]
+          )
+        end
+        report
+      end
+
+      private
+
+      def dependencies_from(lockfile)
+        json = JSON.parse(IO.read(lockfile))
+        each_dependency(pypi_for(json), json) do |name, version, definition|
+          yield({ name: name, version: version, licenses: [catalogue[definition['license']]] })
+        end
+      end
+
+      def each_dependency(pypi, json, groups: %w[default develop])
+        groups.each do |group|
+          json[group].each do |name, value|
+            version = canonicalize(value['version'])
+            yield name, version, pypi.definition_for(name, version)
+          end
+        end
+      end
+
+      def canonicalize(version)
+        version.gsub(/==/, '')
+      end
+
+      def pypi_for(json)
+        Gateways::PyPI.new(
+          sources: Gateways::PyPI::Source.sources_from(json)
+        )
+      end
+    end
+  end
+end

data/lib/spandx/parsers.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'spandx/parsers/base'
+require 'spandx/parsers/gemfile_lock'
+require 'spandx/parsers/pipfile_lock'
+
+module Spandx
+  module Parsers
+    class << self
+      def for(path, catalogue: Spandx::Catalogue.latest)
+        result = ::Spandx::Parsers::Base.find do |x|
+          x.matches?(File.basename(path))
+        end
+
+        result&.new(catalogue: catalogue)
+      end
+    end
+  end
+end

data/lib/spandx/report.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Spandx
+  class Report
+    def initialize(report: { version: '1.0', packages: [] })
+      @report = report
+    end
+
+    def add(name:, version:, licenses: [])
+      @report[:packages].push(
+        name: name,
+        version: version,
+        licenses: licenses.map(&:id)
+      )
+    end
+
+    def to_h
+      @report
+    end
+
+    def to_json(*_args)
+      JSON.pretty_generate(to_h)
+    end
+  end
+end

data/lib/spandx/templates/scan/.gitkeep

@@ -0,0 +1 @@
+#

data/lib/spandx/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Spandx
-  VERSION = '0.1.1'
+  VERSION = '0.1.2'
 end

data/lib/spandx.rb

@@ -1,11 +1,28 @@
 # frozen_string_literal: true
 
+require 'forwardable'
+require 'json'
 require 'net/hippie'
+
 require 'spandx/catalogue'
-require 'spandx/catalogue_gateway'
+require 'spandx/gateways/http'
+require 'spandx/gateways/pypi'
+require 'spandx/gateways/spdx'
 require 'spandx/license'
+require 'spandx/parsers'
+require 'spandx/report'
 require 'spandx/version'
 
 module Spandx
   class Error < StandardError; end
+
+  class << self
+    def root
+      Pathname.new(File.dirname(__FILE__)).join('../..')
+    end
+
+    def http
+      @http ||= Spandx::Gateways::Http.new
+    end
+  end
 end

data/spandx.gemspec

@@ -12,12 +12,12 @@ Gem::Specification.new do |spec|
 
   spec.summary       = 'A ruby interface to the SPDX catalogue.'
   spec.description   = 'A ruby interface to the SPDX catalogue.'
-  spec.homepage      = 'https://gitlab.com/xlgmokha/spandx'
+  spec.homepage      = 'https://github.com/mokhan/spandx'
   spec.license       = 'MIT'
 
   spec.metadata['homepage_uri'] = spec.homepage
-  spec.metadata['source_code_uri'] = 'https://gitlab.com/xlgmokha/spandx'
-  spec.metadata['changelog_uri'] = 'https://gitlab.com/xlgmokha/spandx/blob/master/CHANGELOG.md'
+  spec.metadata['source_code_uri'] = 'https://github.com/mokhan/spandx'
+  spec.metadata['changelog_uri'] = 'https://github.com/mokhan/spandx/blob/master/CHANGELOG.md'
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
@@ -28,10 +28,11 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'net-hippie', '~> 0.2'
+  spec.add_dependency 'net-hippie', '~> 0.3'
+  spec.add_dependency 'thor', '~> 0.1'
   spec.add_development_dependency 'bundler', '~> 2.0'
   spec.add_development_dependency 'bundler-audit', '~> 0.6'
-  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rake', '~> 13.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rubocop', '~> 0.52'
   spec.add_development_dependency 'rubocop-rspec', '~> 1.22'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: spandx
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
 platform: ruby
 authors:
 - mo khan
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-10-05 00:00:00.000000000 Z
+date: 2020-01-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: net-hippie
@@ -16,14 +16,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '0.3'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.2'
+        version: '0.3'
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -58,14 +72,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -130,11 +144,12 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".gitlab-ci.yml"
 - ".rspec"
 - ".rubocop.yml"
-- ".travis.yml"
+- CHANGELOG.md
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
@@ -149,17 +164,30 @@ files:
 - exe/spandx
 - lib/spandx.rb
 - lib/spandx/catalogue.rb
-- lib/spandx/catalogue_gateway.rb
+- lib/spandx/cli.rb
+- lib/spandx/command.rb
+- lib/spandx/commands/.gitkeep
+- lib/spandx/commands/scan.rb
+- lib/spandx/gateways/http.rb
+- lib/spandx/gateways/pypi.rb
+- lib/spandx/gateways/spdx.rb
 - lib/spandx/license.rb
+- lib/spandx/parsers.rb
+- lib/spandx/parsers/base.rb
+- lib/spandx/parsers/gemfile_lock.rb
+- lib/spandx/parsers/pipfile_lock.rb
+- lib/spandx/report.rb
+- lib/spandx/templates/.gitkeep
+- lib/spandx/templates/scan/.gitkeep
 - lib/spandx/version.rb
 - spandx.gemspec
-homepage: https://gitlab.com/xlgmokha/spandx
+homepage: https://github.com/mokhan/spandx
 licenses:
 - MIT
 metadata:
-  homepage_uri: https://gitlab.com/xlgmokha/spandx
-  source_code_uri: https://gitlab.com/xlgmokha/spandx
-  changelog_uri: https://gitlab.com/xlgmokha/spandx/blob/master/CHANGELOG.md
+  homepage_uri: https://github.com/mokhan/spandx
+  source_code_uri: https://github.com/mokhan/spandx
+  changelog_uri: https://github.com/mokhan/spandx/blob/master/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -175,7 +203,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: A ruby interface to the SPDX catalogue.

data/.travis.yml

@@ -1,7 +0,0 @@
----
-sudo: false
-language: ruby
-cache: bundler
-rvm:
-  - 2.6.4
-before_install: gem install bundler -v 2.0.2

data/lib/spandx/catalogue_gateway.rb

@@ -1,43 +0,0 @@
-# frozen_string_literal: true
-
-module Spandx
-  class CatalogueGateway
-    URL = 'https://spdx.org/licenses/licenses.json'
-
-    def initialize(http: default_client)
-      @http = http
-    end
-
-    def fetch(url: URL)
-      response = http.get(url)
-
-      if response.code == '200'
-        parse(response.body)
-      else
-        empty_catalogue
-      end
-    rescue *::Net::Hippie::CONNECTION_ERRORS
-      empty_catalogue
-    end
-
-    private
-
-    attr_reader :http
-
-    def parse(json)
-      build_catalogue(JSON.parse(json, symbolize_names: true))
-    end
-
-    def empty_catalogue
-      build_catalogue(licenses: [])
-    end
-
-    def build_catalogue(hash)
-      Catalogue.new(hash)
-    end
-
-    def default_client
-      Net::Hippie::Client.new
-    end
-  end
-end