Exclude dev dependencies

* Add test to install composer packages from custom TLS endpoint
* Remove dev dependencies from fixture files
* Install composer packages in vendor_path
* Bump version and update CHANGELOG

8 files changed, 97 insertions, 21 deletions

diff --git a/lib/license/finder/ext.rb b/lib/license/finder/ext.rb
index 1154a4a..e524771 100644
--- a/lib/license/finder/ext.rb
+++ b/lib/license/finder/ext.rb
@@ -2,6 +2,7 @@
 
 require 'license/finder/ext/bower'
 require 'license/finder/ext/bundler'
+require 'license/finder/ext/composer'
 require 'license/finder/ext/conan'
 require 'license/finder/ext/dependency'
 require 'license/finder/ext/dotnet'
diff --git a/lib/license/finder/ext/bundler.rb b/lib/license/finder/ext/bundler.rb
index a40a698..7d3fe30 100644
--- a/lib/license/finder/ext/bundler.rb
+++ b/lib/license/finder/ext/bundler.rb
@@ -3,8 +3,7 @@
 module LicenseFinder
   class Bundler < PackageManager
     def prepare
-      vendor_path = Pathname.pwd.join('.gitlab', 'cache', 'vendor')
-      shell.execute([:mkdir, '-p', vendor_path.to_s])
+      create_vendor_path
 
       with_clean_bundler do
         _stdout, _stderr, status = shell.execute([:asdf, :current, :ruby], env: default_env)
diff --git a/lib/license/finder/ext/composer.rb b/lib/license/finder/ext/composer.rb
new file mode 100644
index 0000000..e6b0733
--- /dev/null
+++ b/lib/license/finder/ext/composer.rb
@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+module LicenseFinder
+  class Composer < PackageManager
+    def prepare
+      create_vendor_path
+
+      within_project_path do
+        shell.execute([
+          :composer,
+          :install,
+          '--ignore-platform-reqs',
+          '--no-dev',
+          '--no-interaction',
+          '--no-plugins',
+          '--no-progress',
+          '--no-scripts',
+          '--verbose'
+        ], env: default_env)
+      end
+    end
+
+    def current_packages
+      within_project_path do
+        dependencies.map do |data|
+          map_from(data)
+        end
+      end
+    end
+
+    private
+
+    def default_env
+      @default_env ||= {
+        'COMPOSER_ALLOW_SUPER' => '1',
+        'COMPOSER_CACHE_DIR' => ENV.fetch('COMPOSER_CACHE_DIR', vendor_path.join('.cache')).to_s,
+        'COMPOSER_CAFILE' => ENV.fetch('COMPOSER_CACHE_DIR', shell.default_certificate_path).to_s,
+        'COMPOSER_VENDOR_DIR' => ENV.fetch('COMPOSER_VENDOR_DIR', vendor_path).to_s
+      }
+    end
+
+    def dependencies
+      stdout, _stderr, status = shell.execute([
+        :composer,
+        :licenses,
+        '--format=json'
+      ], env: default_env)
+      return [] unless status.success?
+
+      JSON.parse(stdout).fetch('dependencies', {}).map do |name, data|
+        data.merge('name' => name) if data.is_a?(Hash)
+      end.compact
+    end
+
+    def map_from(data)
+      Dependency.new(
+        'Composer',
+        data['name'],
+        data['version'],
+        spec_licenses: data['license'],
+        detection_path: detected_package_path,
+        install_path: path_to(data['name'])
+      )
+    end
+
+    def path_to(package_name)
+      stdout, _stderr, status = shell.execute([
+        :composer,
+        :show,
+        package_name,
+        "-P"
+      ], env: default_env)
+      status.success? ? stdout.split(' ').last : ''
+    end
+  end
+end
diff --git a/lib/license/finder/ext/dotnet.rb b/lib/license/finder/ext/dotnet.rb
index d2cb998..1a7eedb 100644
--- a/lib/license/finder/ext/dotnet.rb
+++ b/lib/license/finder/ext/dotnet.rb
@@ -14,7 +14,7 @@ module LicenseFinder
     end
 
     def prepare
-      shell.execute([:mkdir, '-p', vendor_path.to_s]) unless vendor_path.exist?
+      create_vendor_path
       shell.execute([
         '/opt/asdf/installs/dotnet/latest/dotnet',
         :restore, detected_package_path.to_s,
@@ -37,10 +37,6 @@ module LicenseFinder
 
     private
 
-    def vendor_path
-      @vendor_path ||= Pathname.pwd.join('.gitlab', 'cache', 'vendor')
-    end
-
     def map_from(name, version, data)
       Dependency.new(
         'NuGet',
diff --git a/lib/license/finder/ext/nuget.rb b/lib/license/finder/ext/nuget.rb
index 93985ba..17674e6 100644
--- a/lib/license/finder/ext/nuget.rb
+++ b/lib/license/finder/ext/nuget.rb
@@ -4,7 +4,7 @@ module LicenseFinder
   class Nuget
     def prepare
       shell.execute(['apt-get', :install, '-y', '/opt/toolcache/mono/*.deb'])
-      shell.execute([:mkdir, '-p', vendor_path.to_s]) unless vendor_path.exist?
+      create_vendor_path
       Dir.chdir(project_path) do
         shell.execute([
           :mono, '/usr/local/bin/nuget.exe',
@@ -46,11 +46,5 @@ module LicenseFinder
       ::License::Management.logger.error(e)
       []
     end
-
-    private
-
-    def vendor_path
-      @vendor_path ||= Pathname.pwd.join('.gitlab', 'cache', 'vendor')
-    end
   end
 end
diff --git a/lib/license/finder/ext/package_manager.rb b/lib/license/finder/ext/package_manager.rb
index 6752ce7..e343745 100644
--- a/lib/license/finder/ext/package_manager.rb
+++ b/lib/license/finder/ext/package_manager.rb
@@ -14,5 +14,19 @@ module LicenseFinder
 
       []
     end
+
+    protected
+
+    def vendor_path
+      @vendor_path ||= Pathname.pwd.join('.gitlab', 'cache', 'vendor')
+    end
+
+    def create_vendor_path
+      shell.execute([:mkdir, '-p', vendor_path]) unless vendor_path.exist?
+    end
+
+    def within_project_path
+      Dir.chdir(project_path) { yield }
+    end
   end
 end
diff --git a/lib/license/finder/ext/pip.rb b/lib/license/finder/ext/pip.rb
index bdeffc3..b329681 100644
--- a/lib/license/finder/ext/pip.rb
+++ b/lib/license/finder/ext/pip.rb
@@ -33,7 +33,7 @@ module LicenseFinder
     end
 
     def install_packages
-      within_project_dir do
+      within_project_path do
         shell.execute(['virtualenv -p', python_executable, '--activators=bash --seeder=app-data .venv'])
         shell.sh([". .venv/bin/activate", "&&", pip_install_command], env: python.default_env)
       end
@@ -48,11 +48,7 @@ module LicenseFinder
     end
 
     def virtual_env?
-      within_project_dir { File.exist?('.venv/bin/activate') }
-    end
-
-    def within_project_dir
-      Dir.chdir(project_path) { yield }
+      within_project_path { File.exist?('.venv/bin/activate') }
     end
 
     def legacy_results
diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb
index 6ca1993..c5742b1 100644
--- a/lib/license/management/version.rb
+++ b/lib/license/management/version.rb
@@ -2,6 +2,6 @@
 
 module License
   module Management
-    VERSION = '3.19.3'
+    VERSION = '3.19.4'
   end
 end