diff options
| author | mo khan <mo.khan@gmail.com> | 2020-11-11 20:21:42 -0700 |
|---|---|---|
| committer | mo khan <mo.khan@gmail.com> | 2020-11-11 20:21:42 -0700 |
| commit | 896133a9ad88f3f888f51fcf4153106f5201ce59 (patch) | |
| tree | 20cd93c2edefb85f14f6585be6ea478f4974fbea | |
| parent | 6b5fdb3f392c830f85c8b9c6e9823a7a7321c456 (diff) | |
docs: add indentation
| -rw-r--r-- | README.md | 156 |
1 files changed, 78 insertions, 78 deletions
@@ -173,122 +173,122 @@ Please check the [Release Process documentation](https://gitlab.com/gitlab-org/s 1. Run the Docker image: - ```sh - docker run \ - --volume "$PWD":/code \ - --env=LM_REPORT_VERSION="2.1" \ - --env=CI_PROJECT_DIR=/code \ - registry.gitlab.com/gitlab-org/security-products/analyzers/license-finder:latest - ``` + ```sh + docker run \ + --volume "$PWD":/code \ + --env=LM_REPORT_VERSION="2.1" \ + --env=CI_PROJECT_DIR=/code \ + registry.gitlab.com/gitlab-org/security-products/analyzers/license-finder:latest + ``` 1. The `ENTRYPOINT` for the container will execute [run.sh](https://gitlab.com/gitlab-org/security-products/analyzers/license-finder/-/blob/191185c4303768c6d9a1431c35143501c06ee4d7/run.sh): - ```Dockerfile - ENTRYPOINT ["/run.sh"] - ``` + ```Dockerfile + ENTRYPOINT ["/run.sh"] + ``` 1. This shell script sets up the runtime environment then invokes the `license_management` executable: - ```sh - #!/bin/bash -l - export LM_JAVA_VERSION=${LM_JAVA_VERSION:-"8"} - export LM_PYTHON_VERSION=${LM_PYTHON_VERSION:-"3"} - export LM_REPORT_FILE=${LM_REPORT_FILE:-'gl-license-scanning-report.json'} - ... - license_management report $@ - ``` + ```sh + #!/bin/bash -l + export LM_JAVA_VERSION=${LM_JAVA_VERSION:-"8"} + export LM_PYTHON_VERSION=${LM_PYTHON_VERSION:-"3"} + export LM_REPORT_FILE=${LM_REPORT_FILE:-'gl-license-scanning-report.json'} + ... + license_management report $@ + ``` 1. The `license_management` executable loads monkey patches for [license_finder][license_finder] then invokes the CLI: - ```ruby - require 'license/management' + ```ruby + require 'license/management' - LicenseFinder::CLI::Main.start(ARGV) - ``` + LicenseFinder::CLI::Main.start(ARGV) + ``` 1. [license_finder][license_finder] searches for lockfiles in the project. - ```ruby - def active? - project_path.join('pom.xml').exist? - end - ``` + ```ruby + def active? + project_path.join('pom.xml').exist? + end + ``` 1. When a [license_finder][license_finder] determines that a package manager is active, it then invokes the `prepare` step for that package manager. - ```ruby - def prepare - within_project_path do - tool_box.install(tool: :java, version: java_version, env: default_env) + ```ruby + def prepare + within_project_path do + tool_box.install(tool: :java, version: java_version, env: default_env) + end end - end - ``` + ``` 1. The `tool_box` determines the required version of tools (i.e Java, Ruby, Python etc) for the package manager and then installs it by looking in `/opt/toolcache/` for a matching `*.deb` file or falls back to `asdf` to install the tool from source. - ```ruby - def install(tool:, version: , env: {}) - Dir.chdir project_path do - deb = deb_for(tool, version) - shell.execute([:dpkg, '-i', deb]) if deb&.exist? - shell.execute([:asdf, :install, tool.to_s, version], env: env) + ```ruby + def install(tool:, version: , env: {}) + Dir.chdir project_path do + deb = deb_for(tool, version) + shell.execute([:dpkg, '-i', deb]) if deb&.exist? + shell.execute([:asdf, :install, tool.to_s, version], env: env) + end end - end - def deb_for(tool, version) - Pathname.glob("/opt/toolcache/#{tool}-#{version}*.deb")[0] - end - ``` + def deb_for(tool, version) + Pathname.glob("/opt/toolcache/#{tool}-#{version}*.deb")[0] + end + ``` 1. After the tool(s) are installed the package manager class builds a list of dependencies identified in the project. If an `install_path` is provided then the files in this directory is scanned for software licenses. - ```ruby - def current_packages - within_project_path do - return [] unless shell.execute(detect_licenses_command, env: default_env)[-1].success? + ```ruby + def current_packages + within_project_path do + return [] unless shell.execute(detect_licenses_command, env: default_env)[-1].success? - resource_files.flat_map { |file| map_from(file.read) }.uniq + resource_files.flat_map { |file| map_from(file.read) }.uniq + end end - end - ``` + ``` 1. Once all the dependencies and their licenses are identified a JSON report is generated for the desired version of the report. The `Report` class is backwards compatible and able to generate any previous version of the report. - ```ruby - def to_s - JSON.pretty_generate(version_for(report_version).to_h) - end + ```ruby + def to_s + JSON.pretty_generate(version_for(report_version).to_h) + end - def version_for(version) - VERSIONS.fetch(version.to_s).new(dependencies) - end - ``` + def version_for(version) + VERSIONS.fetch(version.to_s).new(dependencies) + end + ``` 1. The final JSON report is written to [gl-license-scanning-report.json](https://gitlab.com/gitlab-org/security-products/analyzers/license-finder/-/blob/191185c4303768c6d9a1431c35143501c06ee4d7/spec/fixtures/schema/v2.1.json) in the root of the project. -```json -{ - "version": "2.1", - "licenses": [ - { - "id": "MPL-2.0", - "name": "Mozilla Public License 2.0", - "url": "https://opensource.org/licenses/MPL-2.0" - } - ], - "dependencies": [ + ```json { - "name": "rhino", - "version": "1.7.10", - "package_manager": "maven", - "path": "pom.xml", + "version": "2.1", "licenses": [ - "MPL-2.0" + { + "id": "MPL-2.0", + "name": "Mozilla Public License 2.0", + "url": "https://opensource.org/licenses/MPL-2.0" + } + ], + "dependencies": [ + { + "name": "rhino", + "version": "1.7.10", + "package_manager": "maven", + "path": "pom.xml", + "licenses": [ + "MPL-2.0" + ] + } ] } - ] -} -``` + ``` # Contributing |