From e704c71c82c15307f7efe8dcd47b54e7101edd7c Mon Sep 17 00:00:00 2001 From: Jon Ruskin Date: Sun, 13 Feb 2022 14:28:24 -0700 Subject: [PATCH 1/4] allow custom licensee behavior overrides --- docs/configuration.md | 2 +- docs/configuration/customizing_licensee.md | 13 ++++++++++ lib/licensed/commands/cache.rb | 28 ++++++++++++++++++++++ test/commands/cache_test.rb | 11 +++++++++ 4 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 docs/configuration/customizing_licensee.md diff --git a/docs/configuration.md b/docs/configuration.md index f9f3d152..64423172 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -4,7 +4,7 @@ A configuration file specifies the details of enumerating and operating on licen Configuration can be specified in either YML or JSON formats, with examples given in YML. The example below describes common configuration values and their purposes. See [configuration options documentation](./configuration) -for in depth information. +for in depth information. Additionally, some dependency sources have their own specific configuration options. See the [source documentation](./sources) for details. diff --git a/docs/configuration/customizing_licensee.md b/docs/configuration/customizing_licensee.md new file mode 100644 index 00000000..f3b22a30 --- /dev/null +++ b/docs/configuration/customizing_licensee.md @@ -0,0 +1,13 @@ +# Customize Licensee's behavior + +Licensed uses [Licensee](https://github.com/licensee/licensee) to detect and evaluate OSS licenses for project dependencies found during source enumeration. Licensed can optionally [customize Licensee's behavior](https://github.com/licensee/licensee/blob/jonabc-patch-1/docs/customizing.md#customizing-licensees-behavior) based on options set in the configuration file. + +**NOTE** Matching licenses based on package manager metadata and README references is always enabled and cannot currently be configured. + +```yml +licensee: + # the confidence threshold is an integer between 1 and 100. the value represents + # the minimum percentage confidence that Licensee must have to report a matched license + # https://github.com/licensee/licensee/blob/jonabc-patch-1/docs/customizing.md#adjusting-the-confidence-threshold + confidence_threshold: 90 # default value: 98 +``` diff --git a/lib/licensed/commands/cache.rb b/lib/licensed/commands/cache.rb index 7ae57548..af5b8e4d 100644 --- a/lib/licensed/commands/cache.rb +++ b/lib/licensed/commands/cache.rb @@ -29,6 +29,18 @@ def run_command(report) files.clear end + # Run the command for an application configurations. + # Applies a licensee configuration for the duration of the operation. + # + # report - A Licensed::Report object for this command + # + # Returns whether the command succeeded + def run_app(app, report) + with_licensee_configuration(app, report) do + super + end + end + # Run the command for all enumerated dependencies found in a dependency source, # recording results in a report. # Enumerating dependencies in the source is skipped if a :sources option @@ -136,6 +148,22 @@ def cache_paths def files @files ||= Set.new end + + # Configure licensee for the duration of a yielded operation + def with_licensee_configuration(app, report) + licensee_configuration = app["licensee"] + return yield unless licensee_configuration + + report["licensee"] = licensee_configuration + + if new_threshold = licensee_configuration["confidence_threshold"] + old_threshold, Licensee.confidence_threshold = Licensee.confidence_threshold, new_threshold + end + + yield + ensure + Licensee.confidence_threshold = old_threshold if old_threshold + end end end end diff --git a/test/commands/cache_test.rb b/test/commands/cache_test.rb index f184fc69..8df5310c 100644 --- a/test/commands/cache_test.rb +++ b/test/commands/cache_test.rb @@ -273,6 +273,17 @@ end end + it "sets licensee configuration when evaluating an app" do + config.apps.each do |app| + app["licensee"] = { "confidence_threshold" => 50 } + end + + run_command + + report = reporter.report.all_reports.find { |r| r.target.is_a?(Licensed::AppConfiguration) } + assert_equal({ "confidence_threshold" => 50 }, report["licensee"]) + end + describe "with multiple apps" do let(:apps) do [ From cfee7475251527430186820565ee12ace52bfb7e Mon Sep 17 00:00:00 2001 From: licensed-ci Date: Sun, 13 Feb 2022 21:41:53 +0000 Subject: [PATCH 2/4] Auto-update license files --- .licenses/bundler/bundler.dep.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.licenses/bundler/bundler.dep.yml b/.licenses/bundler/bundler.dep.yml index dcb2ac3d..31abe92c 100644 --- a/.licenses/bundler/bundler.dep.yml +++ b/.licenses/bundler/bundler.dep.yml @@ -1,6 +1,6 @@ --- name: bundler -version: 2.3.6 +version: 2.3.7 type: bundler summary: The best way to manage your application's dependencies homepage: https://bundler.io From 821b39bdb6dd6a78c60f68f30f599093c8608c1d Mon Sep 17 00:00:00 2001 From: Jon Ruskin Date: Thu, 24 Feb 2022 10:34:09 -0700 Subject: [PATCH 3/4] enforce using licensee >= 9.15.2 --- licensed.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/licensed.gemspec b/licensed.gemspec index f0cfba53..7f208c31 100644 --- a/licensed.gemspec +++ b/licensed.gemspec @@ -23,7 +23,7 @@ Gem::Specification.new do |spec| spec.required_ruby_version = ">= 2.3.0" - spec.add_dependency "licensee", ">= 9.14.0", "< 10.0.0" + spec.add_dependency "licensee", ">= 9.15.2", "< 10.0.0" spec.add_dependency "thor", ">= 0.19" spec.add_dependency "pathname-common_prefix", "~> 0.0.1" spec.add_dependency "tomlrb", ">= 1.2", "< 3.0" From f6d3cf7dba06dca1addbd8b3c6f76d18c4596171 Mon Sep 17 00:00:00 2001 From: licensed-ci Date: Thu, 24 Feb 2022 17:35:46 +0000 Subject: [PATCH 4/4] Auto-update license files --- .licenses/bundler/bundler.dep.yml | 2 +- .licenses/bundler/faraday.dep.yml | 2 +- .licenses/bundler/licensee.dep.yml | 2 +- .licenses/bundler/nokogiri.dep.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.licenses/bundler/bundler.dep.yml b/.licenses/bundler/bundler.dep.yml index 31abe92c..1301be0e 100644 --- a/.licenses/bundler/bundler.dep.yml +++ b/.licenses/bundler/bundler.dep.yml @@ -1,6 +1,6 @@ --- name: bundler -version: 2.3.7 +version: 2.3.8 type: bundler summary: The best way to manage your application's dependencies homepage: https://bundler.io diff --git a/.licenses/bundler/faraday.dep.yml b/.licenses/bundler/faraday.dep.yml index 0b2a163d..f3ab0ec7 100644 --- a/.licenses/bundler/faraday.dep.yml +++ b/.licenses/bundler/faraday.dep.yml @@ -1,6 +1,6 @@ --- name: faraday -version: 1.9.3 +version: 1.10.0 type: bundler summary: HTTP/REST API client library. homepage: https://lostisland.github.io/faraday diff --git a/.licenses/bundler/licensee.dep.yml b/.licenses/bundler/licensee.dep.yml index 3e5f9579..5557a727 100644 --- a/.licenses/bundler/licensee.dep.yml +++ b/.licenses/bundler/licensee.dep.yml @@ -1,6 +1,6 @@ --- name: licensee -version: 9.15.1 +version: 9.15.2 type: bundler summary: A Ruby Gem to detect open source project licenses homepage: https://github.com/benbalter/licensee diff --git a/.licenses/bundler/nokogiri.dep.yml b/.licenses/bundler/nokogiri.dep.yml index 8f2ea31e..74d0ed53 100644 --- a/.licenses/bundler/nokogiri.dep.yml +++ b/.licenses/bundler/nokogiri.dep.yml @@ -1,6 +1,6 @@ --- name: nokogiri -version: 1.13.1 +version: 1.13.3 type: bundler summary: Nokogiri (鋸) makes it easy and painless to work with XML and HTML from Ruby. homepage: https://nokogiri.org