From 39afdc40296871d9f7c1732ff3f7e1e3b7b28bbe Mon Sep 17 00:00:00 2001 From: mo khan Date: Mon, 24 Feb 2020 09:59:15 -0700 Subject: Exclude development/test dependencies * Remove develoment and test dependencies from java-maven fixtures * Ensure that ruby projects with bundler 2.0 are scannable * Update CHANGELOG * Assign @errors ivar for error message * Remove --cache-from * Use default ruby and install bundler conservatively * Install gems to local path * Add --no-prepare when gems are installed * Print ruby, rubygems and bundler version --- .gitlab-ci.yml | 3 +- CHANGELOG.md | 4 + Gemfile.lock | 2 +- lib/license/management/version.rb | 2 +- run.sh | 18 +-- spec/integration/ruby/bundler_spec.rb | 41 ++++++- spec/support/matchers.rb | 2 +- test/results/java-maven-v1.1.json | 216 +--------------------------------- test/results/java-maven-v1.json | 148 +---------------------- test/results/java-maven-v2.json | 144 ++--------------------- 10 files changed, 74 insertions(+), 506 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b29663d..deb4123 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -27,8 +27,7 @@ build commit: script: - docker info - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY - - docker pull $CI_REGISTRY_IMAGE:edge || true - - docker build --cache-from $CI_REGISTRY_IMAGE:edge -t $TMP_IMAGE . + - docker build -t $TMP_IMAGE . - docker push $TMP_IMAGE container_scanning: diff --git a/CHANGELOG.md b/CHANGELOG.md index cf7d4be..1d5aae6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # GitLab License management changelog +## v2.5.2 + +- Exclude development/test dependencies by default (!117) + ## v2.5.1 - Install bundler `1.x` and `2.x` (!116) diff --git a/Gemfile.lock b/Gemfile.lock index 0a3b33a..66377a0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - license-management (2.5.1) + license-management (2.5.2) license_finder (~> 6.0.0) GEM diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb index 5717fbe..ab693f3 100644 --- a/lib/license/management/version.rb +++ b/lib/license/management/version.rb @@ -2,6 +2,6 @@ module License module Management - VERSION = '2.5.1' + VERSION = '2.5.2' end end diff --git a/run.sh b/run.sh index 7296e00..8c7389b 100755 --- a/run.sh +++ b/run.sh @@ -117,19 +117,19 @@ case "$COMMAND" in # This always end in the cryptic "bash: Searching: command not found" error but Ruby is installed # So we ignore the error. $($rvm_recommended_ruby) 2>/dev/null || true - rvm use . - gem install --no-document 'bundler:~> 1.7' 'bundler:~> 2.0' - bundler_version=$(grep -A1 "BUNDLED WITH" Gemfile.lock | tail -n 1) - gem install bundler -v "${bundler_version}" || gem install bundler + rvm use . || rvm use default + gem install --conservative --no-document 'bundler:~> 1.7' 'bundler:~> 2.0' # rvm pulls outdated gems # need this to update system bundler # We need to install the license_finder gem into this Ruby version too. gem install --no-document /opt/license-management/*.gem fi - # Ignore test and development dependencies. - license_finder ignored_groups add development - license_finder ignored_groups add test + ruby -v + gem --version + bundle --version + bundle config --local path 'vendor/bundle' + bundle config --local without 'development test' bundle install --jobs $(nproc) skip_prepare=true fi @@ -191,7 +191,11 @@ case "$COMMAND" in echo "Running license_finder $@ in $PWD" if [ "$skip_prepare" != true ]; then prepare="--prepare-no-fail" + else + prepare="--no-prepare" fi + license_management ignored_groups add development + license_management ignored_groups add test echo "Preparing JSON report..." license_management report ${prepare} --format=json --save=gl-license-management-report.json ${LICENSE_FINDER_CLI_OPTS} popd > /dev/null diff --git a/spec/integration/ruby/bundler_spec.rb b/spec/integration/ruby/bundler_spec.rb index 2cb8f7d..d9b9c85 100644 --- a/spec/integration/ruby/bundler_spec.rb +++ b/spec/integration/ruby/bundler_spec.rb @@ -13,7 +13,6 @@ gem 'saml-kit' end report = runner.scan - expect(report).not_to be_empty expect(report).to match_schema(version: '2.0') expect(report[:licenses]).not_to be_empty expect(report[:dependencies].map { |x| x[:name] }).to include("saml-kit") @@ -87,4 +86,44 @@ BUNDLED WITH expect(report[:dependencies].map { |x| x[:name] }).to include("saml-kit") end end + + context "when a project depends on bundler `~> 2.0`" do + it 'produces a valid report' do + runner.add_file('Gemfile') do + <<~RAW +source 'https://rubygems.org' + +gem 'net-hippie' + RAW + end + runner.add_file('Gemfile.lock') do + <<~RAW +GEM + remote: https://rubygems.org/ + specs: + net-hippie (0.3.2) + +PLATFORMS + ruby + +DEPENDENCIES + net-hippie + +BUNDLED WITH + 2.1.4 + RAW + end + + report = runner.scan + expect(report).to match_schema(version: '2.0') + expect(report[:licenses]).not_to be_empty + expect(find_in(report, 'net-hippie')).to eql({ + name: 'net-hippie', + description: "net/http for hippies. ☮️", + url: "https://github.com/mokhan/net-hippie/", + paths: ['.'], + licenses: ['MIT'] + }) + end + end end diff --git a/spec/support/matchers.rb b/spec/support/matchers.rb index 12bbdf7..595cd17 100644 --- a/spec/support/matchers.rb +++ b/spec/support/matchers.rb @@ -3,7 +3,7 @@ RSpec::Matchers.define :match_schema do |version: '2.0'| License::Management.root.join("spec/fixtures/schema/v#{version}.json").to_s end match do |actual| - !actual.nil? && JSON::Validator.fully_validate(schema_for(version), actual).empty? + !actual.nil? && (@errors = JSON::Validator.fully_validate(schema_for(version), actual)).empty? end failure_message do |response| diff --git a/test/results/java-maven-v1.1.json b/test/results/java-maven-v1.1.json index 0195bee..e337e49 100644 --- a/test/results/java-maven-v1.1.json +++ b/test/results/java-maven-v1.1.json @@ -2,37 +2,25 @@ "version": "1.1", "licenses": [ { - "count": 25, + "count": 19, "name": "Apache 2.0" }, - { - "count": 3, - "name": "MIT" - }, { "count": 2, "name": "CDDL + GPLv2 with classpath exception" }, { - "count": 1, - "name": "BSD" - }, - { - "count": 1, - "name": "BSD style" + "count": 2, + "name": "MIT" }, { "count": 1, - "name": "Common Public License Version 1.0" + "name": "BSD" }, { "count": 1, "name": "LGPL, version 2.1, ASL, version 2" }, - { - "count": 1, - "name": "MPL 1.1, GNU Lesser General Public License version 2.1, Apache 2.0" - }, { "count": 1, "name": "Mozilla Public License 2.0" @@ -229,24 +217,6 @@ ] } }, - { - "licenses": [ - { - "name": "BSD style", - "url": "" - } - ], - "license": { - "name": "BSD style" - }, - "dependency": { - "name": "hamcrest-core", - "description": "", - "pathes": [ - "." - ] - } - }, { "licenses": [ { @@ -304,33 +274,6 @@ ] } }, - { - "licenses": [ - { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - { - "name": "GNU Lesser General Public License version 2.1", - "url": "https://opensource.org/licenses/LGPL-2.1" - }, - { - "name": "MPL 1.1", - "url": "" - } - ], - "license": { - "name": "MPL 1.1, GNU Lesser General Public License version 2.1, Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "javassist", - "description": "", - "pathes": [ - "." - ] - } - }, { "licenses": [ { @@ -427,24 +370,6 @@ ] } }, - { - "licenses": [ - { - "name": "Common Public License Version 1.0", - "url": "" - } - ], - "license": { - "name": "Common Public License Version 1.0" - }, - "dependency": { - "name": "junit", - "description": "", - "pathes": [ - "." - ] - } - }, { "licenses": [ { @@ -502,25 +427,6 @@ ] } }, - { - "licenses": [ - { - "name": "MIT", - "url": "http://opensource.org/licenses/mit-license" - } - ], - "license": { - "name": "MIT", - "url": "http://opensource.org/licenses/mit-license" - }, - "dependency": { - "name": "mockito-core", - "description": "", - "pathes": [ - "." - ] - } - }, { "licenses": [ { @@ -540,25 +446,6 @@ ] } }, - { - "licenses": [ - { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - } - ], - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "objenesis", - "description": "", - "pathes": [ - "." - ] - } - }, { "licenses": [ { @@ -578,101 +465,6 @@ ] } }, - { - "licenses": [ - { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - } - ], - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-api-mockito", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "licenses": [ - { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - } - ], - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-api-mockito-common", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "licenses": [ - { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - } - ], - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-api-support", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "licenses": [ - { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - } - ], - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-core", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "licenses": [ - { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - } - ], - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-reflect", - "description": "", - "pathes": [ - "." - ] - } - }, { "licenses": [ { diff --git a/test/results/java-maven-v1.json b/test/results/java-maven-v1.json index 6dbc2f3..f0bb0f5 100644 --- a/test/results/java-maven-v1.json +++ b/test/results/java-maven-v1.json @@ -1,37 +1,25 @@ { "licenses": [ { - "count": 25, + "count": 19, "name": "Apache 2.0" }, - { - "count": 3, - "name": "MIT" - }, { "count": 2, "name": "CDDL + GPLv2 with classpath exception" }, { - "count": 1, - "name": "BSD" - }, - { - "count": 1, - "name": "BSD style" + "count": 2, + "name": "MIT" }, { "count": 1, - "name": "Common Public License Version 1.0" + "name": "BSD" }, { "count": 1, "name": "LGPL, version 2.1, ASL, version 2" }, - { - "count": 1, - "name": "MPL 1.1, GNU Lesser General Public License version 2.1, Apache 2.0" - }, { "count": 1, "name": "Mozilla Public License 2.0" @@ -168,18 +156,6 @@ ] } }, - { - "license": { - "name": "BSD style" - }, - "dependency": { - "name": "hamcrest-core", - "description": "", - "pathes": [ - "." - ] - } - }, { "license": { "name": "Apache 2.0", @@ -219,19 +195,6 @@ ] } }, - { - "license": { - "name": "MPL 1.1, GNU Lesser General Public License version 2.1, Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "javassist", - "description": "", - "pathes": [ - "." - ] - } - }, { "license": { "name": "CDDL + GPLv2 with classpath exception" @@ -294,18 +257,6 @@ ] } }, - { - "license": { - "name": "Common Public License Version 1.0" - }, - "dependency": { - "name": "junit", - "description": "", - "pathes": [ - "." - ] - } - }, { "license": { "name": "Apache 2.0", @@ -345,19 +296,6 @@ ] } }, - { - "license": { - "name": "MIT", - "url": "http://opensource.org/licenses/mit-license" - }, - "dependency": { - "name": "mockito-core", - "description": "", - "pathes": [ - "." - ] - } - }, { "license": { "name": "Apache 2.0", @@ -371,19 +309,6 @@ ] } }, - { - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "objenesis", - "description": "", - "pathes": [ - "." - ] - } - }, { "license": { "name": "Apache 2.0", @@ -397,71 +322,6 @@ ] } }, - { - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-api-mockito", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-api-mockito-common", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-api-support", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-core", - "description": "", - "pathes": [ - "." - ] - } - }, - { - "license": { - "name": "Apache 2.0", - "url": "http://www.apache.org/licenses/LICENSE-2.0.txt" - }, - "dependency": { - "name": "powermock-reflect", - "description": "", - "pathes": [ - "." - ] - } - }, { "license": { "name": "Mozilla Public License 2.0", diff --git a/test/results/java-maven-v2.json b/test/results/java-maven-v2.json index ce83702..4b4a06c 100644 --- a/test/results/java-maven-v2.json +++ b/test/results/java-maven-v2.json @@ -5,13 +5,7 @@ "id": "Apache-2.0", "name": "Apache License 2.0", "url": "https://opensource.org/licenses/Apache-2.0", - "count": 27 - }, - { - "id": "MIT", - "name": "MIT License", - "url": "https://opensource.org/licenses/MIT", - "count": 3 + "count": 20 }, { "id": "cddl + gplv2 with classpath exception", @@ -20,17 +14,11 @@ "count": 2 }, { - "id": "LGPL-2.1", - "name": "GNU Lesser General Public License v2.1 only", - "url": "https://opensource.org/licenses/LGPL-2.1", + "id": "MIT", + "name": "MIT License", + "url": "https://opensource.org/licenses/MIT", "count": 2 }, - { - "id": "BSD-3-Clause", - "name": "BSD 3-Clause \"New\" or \"Revised\" License", - "url": "https://opensource.org/licenses/BSD-3-Clause", - "count": 1 - }, { "id": "BSD-4-Clause", "name": "BSD 4-Clause \"Original\" or \"Old\" License", @@ -38,15 +26,9 @@ "count": 1 }, { - "id": "CPL-1.0", - "name": "Common Public License 1.0", - "url": "https://opensource.org/licenses/CPL-1.0", - "count": 1 - }, - { - "id": "MPL-1.1", - "name": "Mozilla Public License 1.1", - "url": "https://opensource.org/licenses/MPL-1.1", + "id": "LGPL-2.1", + "name": "GNU Lesser General Public License v2.1 only", + "url": "https://opensource.org/licenses/LGPL-2.1", "count": 1 }, { @@ -167,17 +149,6 @@ "Apache-2.0" ] }, - { - "name": "hamcrest-core", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "BSD-3-Clause" - ] - }, { "name": "jackson-annotations", "url": "", @@ -211,19 +182,6 @@ "Apache-2.0" ] }, - { - "name": "javassist", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "Apache-2.0", - "LGPL-2.1", - "MPL-1.1" - ] - }, { "name": "javax.resource-api", "url": "", @@ -280,17 +238,6 @@ "MIT" ] }, - { - "name": "junit", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "CPL-1.0" - ] - }, { "name": "log4j-api", "url": "", @@ -324,17 +271,6 @@ "Apache-2.0" ] }, - { - "name": "mockito-core", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "MIT" - ] - }, { "name": "netty", "url": "", @@ -346,17 +282,6 @@ "Apache-2.0" ] }, - { - "name": "objenesis", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "Apache-2.0" - ] - }, { "name": "plexus-utils", "url": "", @@ -368,61 +293,6 @@ "Apache-2.0" ] }, - { - "name": "powermock-api-mockito", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "Apache-2.0" - ] - }, - { - "name": "powermock-api-mockito-common", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "Apache-2.0" - ] - }, - { - "name": "powermock-api-support", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "Apache-2.0" - ] - }, - { - "name": "powermock-core", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "Apache-2.0" - ] - }, - { - "name": "powermock-reflect", - "url": "", - "description": "", - "paths": [ - "." - ], - "licenses": [ - "Apache-2.0" - ] - }, { "name": "rhino", "url": "", -- cgit v1.2.3