diff options
| author | mo khan <mo.khan@gmail.com> | 2020-02-24 09:59:15 -0700 |
|---|---|---|
| committer | mo khan <mo.khan@gmail.com> | 2020-02-24 16:41:50 -0700 |
| commit | 39afdc40296871d9f7c1732ff3f7e1e3b7b28bbe (patch) | |
| tree | 8f547ce1077b89c732411fc28c4a9efa6730ceca | |
| parent | 525d7cb9a30bb14306d6a00919dc25313c632b64 (diff) | |
Exclude development/test dependenciesv2.5.2
* Remove develoment and test dependencies from java-maven fixtures
* Ensure that ruby projects with bundler 2.0 are scannable
* Update CHANGELOG
* Assign @errors ivar for error message
* Remove --cache-from
* Use default ruby and install bundler conservatively
* Install gems to local path
* Add --no-prepare when gems are installed
* Print ruby, rubygems and bundler version
| -rw-r--r-- | .gitlab-ci.yml | 3 | ||||
| -rw-r--r-- | CHANGELOG.md | 4 | ||||
| -rw-r--r-- | Gemfile.lock | 2 | ||||
| -rw-r--r-- | lib/license/management/version.rb | 2 | ||||
| -rwxr-xr-x | run.sh | 18 | ||||
| -rw-r--r-- | spec/integration/ruby/bundler_spec.rb | 41 | ||||
| -rw-r--r-- | spec/support/matchers.rb | 2 | ||||
| -rw-r--r-- | test/results/java-maven-v1.1.json | 216 | ||||
| -rw-r--r-- | test/results/java-maven-v1.json | 148 | ||||
| -rw-r--r-- | test/results/java-maven-v2.json | 144 |
10 files changed, 74 insertions, 506 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b29663d..deb4123 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -27,8 +27,7 @@ build commit: script: - docker info - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - - docker pull $CI_REGISTRY_IMAGE:edge || true - - docker build --cache-from $CI_REGISTRY_IMAGE:edge -t $TMP_IMAGE . + - docker build -t $TMP_IMAGE . - docker push $TMP_IMAGE container_scanning: diff --git a/CHANGELOG.md b/CHANGELOG.md index cf7d4be..1d5aae6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # GitLab License management changelog +## v2.5.2 + +- Exclude development/test dependencies by default (!117) + ## v2.5.1 - Install bundler `1.x` and `2.x` (!116) diff --git a/Gemfile.lock b/Gemfile.lock index 0a3b33a..66377a0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - license-management (2.5.1) + license-management (2.5.2) license_finder (~> 6.0.0) GEM diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb index 5717fbe..ab693f3 100644 --- a/lib/license/management/version.rb +++ b/lib/license/management/version.rb @@ -2,6 +2,6 @@ module License module Management - VERSION = '2.5.1' + VERSION = '2.5.2' end end @@ -117,19 +117,19 @@ case "$COMMAND" in # This always end in the cryptic "bash: Searching: command not found" error but Ruby is installed # So we ignore the error. $($rvm_recommended_ruby) 2>/dev/null || true - rvm use . - gem install --no-document 'bundler:~> 1.7' 'bundler:~> 2.0' - bundler_version=$(grep -A1 "BUNDLED WITH" Gemfile.lock | tail -n 1) - gem install bundler -v "${bundler_version}" || gem install bundler + rvm use . || rvm use default + gem install --conservative --no-document 'bundler:~> 1.7' 'bundler:~> 2.0' # rvm pulls outdated gems # need this to update system bundler # We need to install the license_finder gem into this Ruby version too. gem install --no-document /opt/license-management/*.gem fi - # Ignore test and development dependencies. - license_finder ignored_groups add development - license_finder ignored_groups add test + ruby -v + gem --version + bundle --version + bundle config --local path 'vendor/bundle' + bundle config --local without 'development test' bundle install --jobs $(nproc) skip_prepare=true fi @@ -191,7 +191,11 @@ case "$COMMAND" in echo "Running license_finder $@ in $PWD" if [ "$skip_prepare" != true ]; then prepare="--prepare-no-fail" + else + prepare="--no-prepare" fi + license_management ignored_groups add development + license_management ignored_groups add test echo "Preparing JSON report..." license_management report ${prepare} --format=json --save=gl-license-management-report.json ${LICENSE_FINDER_CLI_OPTS} popd > /dev/null diff --git a/spec/integration/ruby/bundler_spec.rb b/spec/integration/ruby/bundler_spec.rb index 2cb8f7d..d9b9c85 100644 --- a/spec/integration/ruby/bundler_spec.rb +++ b/spec/integration/ruby/bundler_spec.rb @@ -13,7 +13,6 @@ gem 'saml-kit' end report = runner.scan - expect(report).not_to be_empty expect(report).to match_schema(version: '2.0') expect(report[:licenses]).not_to be_empty expect(report[:dependencies].map { |x| x[:name] }).to include("saml-kit") @@ -87,4 +86,44 @@ BUNDLED WITH expect(report[:dependencies].map { |x| x[:name] }).to include("saml-kit") end end + + context "when a project depends on bundler `~> 2.0`" do + it 'produces a valid report' do + runner.add_file('Gemfile') do + <<~RAW +source 'https://rubygems.org' + +gem 'net-hippie' + RAW + end + runner.add_file('Gemfile.lock') do + <<~RAW +GEM + remote: https://rubygems.org/ + specs: + net-hippie (0.3.2) + +PLATFORMS + ruby + +DEPENDENCIES + net-hippie + +BUNDLED WITH + 2.1.4 + RAW + end + + report = runner.scan + expect(report).to match_schema(version: '2.0') + expect(report[:licenses]).not_to be_empty + expect(find_in(report, 'net-hippie')).to eql({ + name: 'net-hippie', + description: "net/http for hippies. ☮️", + url: "https://github.com/mokhan/net-hippie/", + paths: ['.'], + licenses: ['MIT'] + }) + end + end end diff --git a/spec/support/matchers.rb b/spec/support/matchers.rb index 12bbdf7..595cd17 100644 --- a/spec/support/matchers.rb +++ b/spec/support/matchers.rb @@ -3,7 +3,7 @@ RSpec::Matchers.define :match_schema do |version: '2.0'| License::Management.root.join("spec/fixtures/schema/v#{version}.json").to_s end match do |actual| - !actual.nil? && JSON::Validator.fully_validate(schema_for(version), actual).empty? + !actual.nil? && (@errors = JSON::Validator.fully_validate(schema_for(version), actual)).empty? end failure_message do |response| diff --git a/test/results/java-maven-v1.1.json b/test/results/java-maven-v1.1.json index 0195bee..e337e49 100644 --- a/test/results/java-maven-v1.1.json +++ b/test/results/java-maven-v1.1.json @@ -2,28 +2,20 @@ "version": "1.1", "licenses": [ { - "count": 25, + "count": 19, "name": "Apache 2.0" }, { - "count": 3, - "name": "MIT" - }, - { "count": 2, "name": "CDDL + GPLv2 with classpath exception" }, { - "count": 1, - "name": "BSD" - }, - { - "count": 1, - "name": "BSD style" + "count": 2, + "name": "MIT" }, { "count": 1, - "name": "Common Public License Version 1.0" + "name": "BSD" }, { "count": 1, @@ -31,10 +23,6 @@ }, { "count": 1, - "name": "MPL 1.1, GNU Lesser General Public License version 2.1, Apache 2.0" - }, - { - "count": 1, "name": "Mozilla Public License 2.0" } ], @@ -232,24 +220,6 @@ { "licenses": [ { - "name": "BSD style", - "url": "" - } - ], - "license": { - "name": "BSD style" - }, - "dependency": { - "name": "hamcrest-core", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "licenses": [ - { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" } @@ -307,33 +277,6 @@ { "licenses": [ { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - { - "name": "GNU Lesser General Public License version 2.1", - "url": "https://opensource.org/licenses/LGPL-2.1" - }, - { - "name": "MPL 1.1", - "url": "" - } - ], - "license": { - "name": "MPL 1.1, GNU Lesser General Public License version 2.1, Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "javassist", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "licenses": [ - { "name": "CDDL + GPLv2 with classpath exception", "url": "" } @@ -430,24 +373,6 @@ { "licenses": [ { - "name": "Common Public License Version 1.0", - "url": "" - } - ], - "license": { - "name": "Common Public License Version 1.0" - }, - "dependency": { - "name": "junit", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "licenses": [ - { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" } @@ -505,25 +430,6 @@ { "licenses": [ { - "name": "MIT", - "url": "http://opensource.org/licenses/mit-license" - } - ], - "license": { - "name": "MIT", - "url": "http://opensource.org/licenses/mit-license" - }, - "dependency": { - "name": "mockito-core", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "licenses": [ - { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" } @@ -552,25 +458,6 @@ "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" }, "dependency": { - "name": "objenesis", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "licenses": [ - { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - } - ], - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { "name": "plexus-utils", "description": "", "pathes": [ @@ -581,101 +468,6 @@ { "licenses": [ { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - } - ], - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-api-mockito", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "licenses": [ - { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - } - ], - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-api-mockito-common", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "licenses": [ - { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - } - ], - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-api-support", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "licenses": [ - { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - } - ], - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-core", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "licenses": [ - { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - } - ], - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-reflect", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "licenses": [ - { "name": "Mozilla Public License 2.0", "url": "https://www.mozilla.org/media/MPL/2.0/index.815ca599c9df.txt" } diff --git a/test/results/java-maven-v1.json b/test/results/java-maven-v1.json index 6dbc2f3..f0bb0f5 100644 --- a/test/results/java-maven-v1.json +++ b/test/results/java-maven-v1.json @@ -1,28 +1,20 @@ { "licenses": [ { - "count": 25, + "count": 19, "name": "Apache 2.0" }, { - "count": 3, - "name": "MIT" - }, - { "count": 2, "name": "CDDL + GPLv2 with classpath exception" }, { - "count": 1, - "name": "BSD" - }, - { - "count": 1, - "name": "BSD style" + "count": 2, + "name": "MIT" }, { "count": 1, - "name": "Common Public License Version 1.0" + "name": "BSD" }, { "count": 1, @@ -30,10 +22,6 @@ }, { "count": 1, - "name": "MPL 1.1, GNU Lesser General Public License version 2.1, Apache 2.0" - }, - { - "count": 1, "name": "Mozilla Public License 2.0" } ], @@ -170,18 +158,6 @@ }, { "license": { - "name": "BSD style" - }, - "dependency": { - "name": "hamcrest-core", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "license": { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" }, @@ -221,19 +197,6 @@ }, { "license": { - "name": "MPL 1.1, GNU Lesser General Public License version 2.1, Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "javassist", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "license": { "name": "CDDL + GPLv2 with classpath exception" }, "dependency": { @@ -296,18 +259,6 @@ }, { "license": { - "name": "Common Public License Version 1.0" - }, - "dependency": { - "name": "junit", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "license": { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" }, @@ -347,19 +298,6 @@ }, { "license": { - "name": "MIT", - "url": "http://opensource.org/licenses/mit-license" - }, - "dependency": { - "name": "mockito-core", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "license": { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" }, @@ -377,19 +315,6 @@ "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" }, "dependency": { - "name": "objenesis", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { "name": "plexus-utils", "description": "", "pathes": [ @@ -399,71 +324,6 @@ }, { "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-api-mockito", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-api-mockito-common", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-api-support", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-core", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-reflect", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "license": { "name": "Mozilla Public License 2.0", "url": "https://www.mozilla.org/media/MPL/2.0/index.815ca599c9df.txt" }, diff --git a/test/results/java-maven-v2.json b/test/results/java-maven-v2.json index ce83702..4b4a06c 100644 --- a/test/results/java-maven-v2.json +++ b/test/results/java-maven-v2.json @@ -5,13 +5,7 @@ "id": "Apache-2.0", "name": "Apache License 2.0", "url": "https://opensource.org/licenses/Apache-2.0", - "count": 27 - }, - { - "id": "MIT", - "name": "MIT License", - "url": "https://opensource.org/licenses/MIT", - "count": 3 + "count": 20 }, { "id": "cddl + gplv2 with classpath exception", @@ -20,33 +14,21 @@ "count": 2 }, { - "id": "LGPL-2.1", - "name": "GNU Lesser General Public License v2.1 only", - "url": "https://opensource.org/licenses/LGPL-2.1", + "id": "MIT", + "name": "MIT License", + "url": "https://opensource.org/licenses/MIT", "count": 2 }, { - "id": "BSD-3-Clause", - "name": "BSD 3-Clause \"New\" or \"Revised\" License", - "url": "https://opensource.org/licenses/BSD-3-Clause", - "count": 1 - }, - { "id": "BSD-4-Clause", "name": "BSD 4-Clause \"Original\" or \"Old\" License", "url": "http://directory.fsf.org/wiki/License:BSD_4Clause", "count": 1 }, { - "id": "CPL-1.0", - "name": "Common Public License 1.0", - "url": "https://opensource.org/licenses/CPL-1.0", - "count": 1 - }, - { - "id": "MPL-1.1", - "name": "Mozilla Public License 1.1", - "url": "https://opensource.org/licenses/MPL-1.1", + "id": "LGPL-2.1", + "name": "GNU Lesser General Public License v2.1 only", + "url": "https://opensource.org/licenses/LGPL-2.1", "count": 1 }, { @@ -168,17 +150,6 @@ ] }, { - "name": "hamcrest-core", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "BSD-3-Clause" - ] - }, - { "name": "jackson-annotations", "url": "", "description": "", @@ -212,19 +183,6 @@ ] }, { - "name": "javassist", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "Apache-2.0", - "LGPL-2.1", - "MPL-1.1" - ] - }, - { "name": "javax.resource-api", "url": "", "description": "", @@ -281,17 +239,6 @@ ] }, { - "name": "junit", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "CPL-1.0" - ] - }, - { "name": "log4j-api", "url": "", "description": "", @@ -325,17 +272,6 @@ ] }, { - "name": "mockito-core", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "MIT" - ] - }, - { "name": "netty", "url": "", "description": "", @@ -347,17 +283,6 @@ ] }, { - "name": "objenesis", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "Apache-2.0" - ] - }, - { "name": "plexus-utils", "url": "", "description": "", @@ -369,61 +294,6 @@ ] }, { - "name": "powermock-api-mockito", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "Apache-2.0" - ] - }, - { - "name": "powermock-api-mockito-common", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "Apache-2.0" - ] - }, - { - "name": "powermock-api-support", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "Apache-2.0" - ] - }, - { - "name": "powermock-core", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "Apache-2.0" - ] - }, - { - "name": "powermock-reflect", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "Apache-2.0" - ] - }, - { "name": "rhino", "url": "", "description": "", |