diff options
| -rw-r--r-- | CHANGELOG.md | 4 | ||||
| -rw-r--r-- | Gemfile.lock | 2 | ||||
| -rw-r--r-- | lib/license/finder/ext/bundler.rb | 25 | ||||
| -rw-r--r-- | lib/license/management/version.rb | 2 | ||||
| -rw-r--r-- | spec/fixtures/ruby/bundler-v2.1-gems.lock/gems.locked | 40 | ||||
| -rw-r--r-- | spec/fixtures/ruby/bundler-v2.1-gems.lock/gems.rb | 5 | ||||
| -rw-r--r-- | spec/integration/ruby/bundler_spec.rb | 13 |
7 files changed, 89 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index bfd2648..322b38b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # GitLab License management changelog +## v3.15.0 + +- Detect `gems.rb` and `gems.locked` in `Bundler` projects. (!186) + ## v3.14.0 - Export `BUNDLE_SSL_CA_CERT` when a `ADDITIONAL_CA_CERT_BUNDLE` is provided. (!177) diff --git a/Gemfile.lock b/Gemfile.lock index ee88458..cc7f42d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - license-management (3.14.0) + license-management (3.15.0) license_finder (~> 6.6.0) GEM diff --git a/lib/license/finder/ext/bundler.rb b/lib/license/finder/ext/bundler.rb index 08ab3ac..ddf30f5 100644 --- a/lib/license/finder/ext/bundler.rb +++ b/lib/license/finder/ext/bundler.rb @@ -32,8 +32,33 @@ module LicenseFinder end end + def possible_package_paths + if ENV['BUNDLE_GEMFILE'] && File.exist?(ENV['BUNDLE_GEMFILE']) + [project_path.join(File.basename(ENV['BUNDLE_GEMFILE']))] + else + [project_path.join('Gemfile'), project_path.join('gems.rb')] + end + end + private + def gemfile + if ENV['BUNDLE_GEMFILE'] + custom_gemfile = project_path.join(File.basename(ENV['BUNDLE_GEMFILE'])) + return custom_gemfile.basename.to_s if custom_gemfile.exist? + end + + if project_path.join("gems.rb").exist? + "gems.rb" + else + "Gemfile" + end + end + + def lockfile + gemfile == 'gems.rb' ? 'gems.locked' : "#{gemfile}.lock" + end + def default_env @default_env ||= { 'BUNDLE_ALLOW_OFFLINE_INSTALL' => 'true', diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb index de5715a..50e69a0 100644 --- a/lib/license/management/version.rb +++ b/lib/license/management/version.rb @@ -2,6 +2,6 @@ module License module Management - VERSION = '3.14.0' + VERSION = '3.15.0' end end diff --git a/spec/fixtures/ruby/bundler-v2.1-gems.lock/gems.locked b/spec/fixtures/ruby/bundler-v2.1-gems.lock/gems.locked new file mode 100644 index 0000000..da671a2 --- /dev/null +++ b/spec/fixtures/ruby/bundler-v2.1-gems.lock/gems.locked @@ -0,0 +1,40 @@ +GEM + remote: https://rubygems.org/ + specs: + addressable (2.7.0) + public_suffix (>= 2.0.2, < 5.0) + mini_portile2 (2.4.0) + net-hippie (0.3.2) + nokogiri (1.10.10) + mini_portile2 (~> 2.4.0) + oj (3.10.6) + parslet (2.0.0) + public_suffix (4.0.5) + spandx (0.13.5) + addressable (~> 2.7) + bundler (>= 1.16, < 3.0.0) + net-hippie (~> 0.3) + nokogiri (~> 1.10) + oj (~> 3.10) + parslet (~> 2.0) + terminal-table (~> 1.8) + thor + tty-spinner (~> 0.9) + zeitwerk (~> 2.3) + terminal-table (1.8.0) + unicode-display_width (~> 1.1, >= 1.1.1) + thor (1.0.1) + tty-cursor (0.7.1) + tty-spinner (0.9.3) + tty-cursor (~> 0.7) + unicode-display_width (1.7.0) + zeitwerk (2.3.1) + +PLATFORMS + ruby + +DEPENDENCIES + spandx + +BUNDLED WITH + 2.1.4 diff --git a/spec/fixtures/ruby/bundler-v2.1-gems.lock/gems.rb b/spec/fixtures/ruby/bundler-v2.1-gems.lock/gems.rb new file mode 100644 index 0000000..f7aca87 --- /dev/null +++ b/spec/fixtures/ruby/bundler-v2.1-gems.lock/gems.rb @@ -0,0 +1,5 @@ +# frozen_string_literal: true + +source "https://rubygems.org" + +gem "spandx" diff --git a/spec/integration/ruby/bundler_spec.rb b/spec/integration/ruby/bundler_spec.rb index 6961067..30cf776 100644 --- a/spec/integration/ruby/bundler_spec.rb +++ b/spec/integration/ruby/bundler_spec.rb @@ -127,4 +127,17 @@ RSpec.describe "bundler" do expect(subject.licenses_for('net-hippie')).to match_array(['MIT']) end end + + context "when scanning a projects with a gems.lock" do + before do + runner.mount(dir: fixture_file('ruby/bundler-v2.1-gems.lock')) + end + + specify do + expect(subject).to match_schema + expect(subject[:licenses]).not_to be_empty + expect(subject.dependency_names).to include('spandx') + expect(subject.licenses_for('spandx')).to match_array(['MIT']) + end + end end |