Pull package info from sources in Pipfile.lock

* Exclude dependencies in "develop" group"
* Install pipenv by default
* Use .venv to match the default location as pipenv
* Use pip-licenses to detect licenses in Pipfile project
* Add variation of the MIT License
* Redirect asdf install stdout to /dev/null
* Add CHANGELOG entry and bump version

6 files changed, 128 insertions, 37 deletions

diff --git a/lib/license/finder/ext.rb b/lib/license/finder/ext.rb
index 8731e4f..fffa1c7 100644
--- a/lib/license/finder/ext.rb
+++ b/lib/license/finder/ext.rb
@@ -4,6 +4,7 @@ require 'license/finder/ext/license'
 require 'license/finder/ext/maven'
 require 'license/finder/ext/nuget'
 require 'license/finder/ext/pip'
+require 'license/finder/ext/pipenv'
 require 'license/finder/ext/shared_helpers'
 
 # Apply patch to the JsonReport found in the `license_finder` gem.
diff --git a/lib/license/finder/ext/pip.rb b/lib/license/finder/ext/pip.rb
index e83f64c..b57d7c8 100644
--- a/lib/license/finder/ext/pip.rb
+++ b/lib/license/finder/ext/pip.rb
@@ -5,18 +5,8 @@ module LicenseFinder
     def current_packages
       return legacy_results unless virtual_env?
 
-      _stdout, _stderr, status = pip_licenses
-      return legacy_results unless status.success?
-
-      JSON.parse(IO.read('pip-licenses.json')).map do |dependency|
-        Package.new(
-          dependency['Name'],
-          dependency['Version'],
-          description: dependency['Description'],
-          homepage: dependency['URL'],
-          spec_licenses: [dependency['License']]
-        )
-      end
+      dependencies = python.pip_licenses
+      dependencies.any? ? dependencies : legacy_results
     end
 
     def possible_package_paths
@@ -38,39 +28,23 @@ module LicenseFinder
 
     private
 
+    def python
+      @python ||= ::License::Management::Python.new
+    end
+
     def install_packages
       within_project_dir do
-        shell.execute(['virtualenv -p', python_executable, '--activators=bash --seeder=app-data venv'])
-        shell.sh([". venv/bin/activate", "&&", :pip, :install, '-i', pip_index_url, '-r', @requirements_path])
+        shell.execute(['virtualenv -p', python_executable, '--activators=bash --seeder=app-data .venv'])
+        shell.sh([". .venv/bin/activate", "&&", :pip, :install, '-i', python.pip_index_url, '-r', @requirements_path])
       end
     end
 
-    def pip_licenses
-      shell.sh([
-        ". venv/bin/activate &&",
-        :pip, :install,
-        '--no-index',
-        '--find-links $HOME/.config/virtualenv/app-data', 'pip-licenses', '&&',
-        'pip-licenses',
-        '--ignore-packages prettytable',
-        '--with-description',
-        '--with-urls',
-        '--from=meta',
-        '--format=json',
-        '--output-file pip-licenses.json'
-      ], env: { 'PATH' => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' })
-    end
-
     def python_executable
       '"$(asdf where python)/bin/python"'
     end
 
-    def pip_index_url
-      ENV.fetch('PIP_INDEX_URL', 'https://pypi.org/simple/')
-    end
-
     def virtual_env?
-      within_project_dir { File.exist?('venv/bin/activate') }
+      within_project_dir { File.exist?('.venv/bin/activate') }
     end
 
     def within_project_dir
@@ -85,7 +59,7 @@ module LicenseFinder
       @pypi ||= Spandx::Python::PyPI.new(sources: [
         Spandx::Python::Source.new({
           'name' => 'pypi',
-          'url' => pip_index_url,
+          'url' => python.pip_index_url,
           'verify_ssl' => true
         })
       ])
diff --git a/lib/license/finder/ext/pipenv.rb b/lib/license/finder/ext/pipenv.rb
new file mode 100644
index 0000000..ebcc524
--- /dev/null
+++ b/lib/license/finder/ext/pipenv.rb
@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class Pipenv
+    def prepare
+      return unless pipfile?
+
+      shell.execute([
+        :pipenv,
+        :install,
+        '--python',
+        python.major_version,
+        '--ignore-pipfile',
+        '--index',
+        python.pip_index_url
+      ])
+    end
+
+    def current_packages
+      return legacy_results unless pipfile?
+
+      python.pip_licenses
+    end
+
+    private
+
+    def shell
+      @shell ||= ::License::Management::Shell.new
+    end
+
+    def python
+      @python ||= ::License::Management::Python.new
+    end
+
+    def pipfile?
+      detected_package_path.dirname.join('Pipfile').exist?
+    end
+
+    def legacy_results
+      packages = {}
+      each_dependency(groups: allowed_groups) do |name, data, group|
+        version = canonicalize(data['version'])
+        package = packages.fetch(key_for(name, version)) do |key|
+          packages[key] = build_package_for(name, version)
+        end
+        package.groups << group
+      end
+      packages.values
+    end
+
+    def build_package_for(name, version)
+      PipPackage.new(name, version, pypi.definition_for(name, version))
+    end
+
+    def pypi
+      @pypi ||= ::Spandx::Python::PyPI.new(sources: ::Spandx::Python::Source.sources_from(lockfile_hash))
+    end
+
+    def lockfile_hash
+      @lockfile_hash ||= JSON.parse(IO.read(detected_package_path))
+    end
+  end
+end
diff --git a/lib/license/management.rb b/lib/license/management.rb
index e7a5b23..930fa08 100644
--- a/lib/license/management.rb
+++ b/lib/license/management.rb
@@ -9,6 +9,7 @@ require 'yaml'
 require 'license_finder'
 require 'license/management/loggable'
 require 'license/management/verifiable'
+require 'license/management/python'
 require 'license/management/repository'
 require 'license/management/report'
 require 'license/management/shell'
diff --git a/lib/license/management/python.rb b/lib/license/management/python.rb
new file mode 100644
index 0000000..37771ba
--- /dev/null
+++ b/lib/license/management/python.rb
@@ -0,0 +1,52 @@
+# frozen_string_literal: true
+
+module License
+  module Management
+    class Python
+      attr_reader :shell
+
+      def initialize(shell: Shell.new)
+        @shell = shell
+      end
+
+      def major_version
+        version.split('.')[0]
+      end
+
+      def version
+        ENV.fetch('LM_PYTHON_VERSION', '3')
+      end
+
+      def pip_index_url
+        ENV.fetch('PIP_INDEX_URL', 'https://pypi.org/simple/')
+      end
+
+      def pip_licenses(venv: '.venv')
+        _stdout, _stderr, status = shell.sh([
+          ". #{venv}/bin/activate &&",
+          :pip, :install,
+          '--no-index',
+          '--find-links $HOME/.config/virtualenv/app-data', 'pip-licenses', '&&',
+          'pip-licenses',
+          '--ignore-packages prettytable',
+          '--with-description',
+          '--with-urls',
+          '--from=meta',
+          '--format=json',
+          '--output-file pip-licenses.json'
+        ], env: { 'PATH' => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' })
+        return [] unless status.success?
+
+        JSON.parse(IO.read('pip-licenses.json')).map do |dependency|
+          ::LicenseFinder::Package.new(
+            dependency['Name'],
+            dependency['Version'],
+            description: dependency['Description'],
+            homepage: dependency['URL'],
+            spec_licenses: [dependency['License']]
+          )
+        end
+      end
+    end
+  end
+end
diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb
index e535634..cee6d57 100644
--- a/lib/license/management/version.rb
+++ b/lib/license/management/version.rb
@@ -2,6 +2,6 @@
 
 module License
   module Management
-    VERSION = '3.3.1'
+    VERSION = '3.4.0'
   end
 end