1 files changed, 45 insertions, 8 deletions

diff --git a/lib/license/finder/ext/pipenv.rb b/lib/license/finder/ext/pipenv.rb
index 687c6fc..2dfad64 100644
--- a/lib/license/finder/ext/pipenv.rb
+++ b/lib/license/finder/ext/pipenv.rb
@@ -3,22 +3,43 @@
 module LicenseFinder
   class Pipenv
     def prepare
-      return unless pipfile?
+      create_vendor_path
+      within_project_path do
+        return unless pipfile?
 
-      shell.execute([:pipenv, '--python', python.version], env: python.default_env)
-      shell.execute([:pipenv, :run, :pipenv, :sync, '--pypi-mirror', python.pip_index_url], env: python.default_env)
+        tool_box.install(tool: :python, version: python_version, env: default_env)
+        shell.execute([:asdf, :exec, :pipenv, '--python', python_version], env: default_env)
+        shell.execute([:asdf, :exec, :pipenv, :sync], env: default_env)
+      end
     end
 
     def current_packages
-      return legacy_results unless pipfile?
+      within_project_path do
+        return legacy_results unless pipfile?
 
-      python.pip_licenses(detection_path: detected_package_path)
+        dependencies = pip_licenses.map do |dependency|
+          ::LicenseFinder::Dependency.new(
+            'Pip',
+            dependency['Name'],
+            dependency['Version'],
+            description: dependency['Description'],
+            detection_path: detected_package_path,
+            homepage: dependency['URL'],
+            spec_licenses: [dependency['License']]
+          )
+        end
+        dependencies.any? ? dependencies : legacy_results
+      end
     end
 
     private
 
-    def python
-      @python ||= ::License::Management::Python.new
+    def python_version(env: ENV)
+      @python_version ||=
+        begin
+          version = lockfile_hash.dig('_meta', 'requires', 'python_version')
+          version ? tool_box.closest_match_to(tool: :python, version: version) || version : tool_box.version_of(:python, env: env)
+        end
     end
 
     def pipfile?
@@ -38,7 +59,23 @@ module LicenseFinder
     end
 
     def lockfile_hash
-      @lockfile_hash ||= JSON.parse(IO.read(detected_package_path))
+      @lockfile_hash ||= JSON.parse(detected_package_path.read)
+    end
+
+    def pip_licenses
+      _, _, status = shell.sh([". .venv/bin/activate", '&&', 'pip', 'install', '--no-index', "--find-links /opt/gitlab/.config/virtualenv/app-data", 'pip-licenses'], env: default_env)
+      shell.sh([". .venv/bin/activate", '&&', 'pip', 'install', 'pip-licenses'], env: default_env) unless status.success?
+      stdout, _stderr, status = shell.sh([". .venv/bin/activate", '&&', 'pip-licenses', '--with-description', '--with-urls', '--format=json'], env: default_env)
+      status.success? ? JSON.parse(stdout[stdout.index('[')..-1]) : []
+    end
+
+    def default_env
+      @default_env ||= {
+        'PIPENV_PYPI_MIRROR' => ENV.fetch('PIP_INDEX_URL', 'https://pypi.org/simple/'),
+        'PIP_CERT' => ENV.fetch('PIP_CERT', shell.default_certificate_path).to_s,
+        'PIP_DISABLE_PIP_VERSION_CHECK' => '1',
+        'PIP_NO_PYTHON_VERSION_WARNING' => '1'
+      }
     end
   end
 end