Add license_finder to the project and run it in CI

paulfioravanti · Jul 14, 2017 · 54f7dca · 54f7dca
1 parent 85f8703
commit 54f7dca
Show file tree

Hide file tree

Showing 9 changed files with 105 additions and 0 deletions.
diff --git a/.scrutinizer.yml b/.scrutinizer.yml
@@ -24,6 +24,7 @@ build:
   tests:
     before:
       - bin/bundle-audit check --update
+      - bin/license_finder
       - bin/rubocop --display-cop-names
       - printf "yes\nno\n" | bin/resume
       - bin/resume -l it <<< "no\n"

diff --git a/.travis.yml b/.travis.yml
@@ -13,7 +13,10 @@ before_install:
   - gem update --system
   - gem install i18n rspec
 script:
+  # Ensure gem dependencies do not have known vulnerabilities
   - bin/bundle-audit check --update
+  # Ensure each dependency has a permissive license
+  - bin/license_finder
   - bin/rspec spec/ --no-drb --format progress
   - bin/rubocop --display-cop-names
   # NOTE: The 'no's below indicate not wanting to get CI to attempt to open

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -69,16 +69,27 @@ GEM
     guard-yard (2.2.0)
       guard (>= 1.1.0)
       yard (>= 0.7.0)
+    httparty (0.15.5)
+      multi_xml (>= 0.5.2)
     i18n (0.8.4)
     ice_nine (0.11.2)
     json (2.1.0)
     kramdown (1.14.0)
+    license_finder (3.0.1)
+      bundler
+      httparty
+      rubyzip
+      thor
+      with_env (> 1.0)
+      xml-simple
+      yajl-ruby
     listen (3.1.5)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
       ruby_dep (~> 1.2)
     lumberjack (1.0.12)
     method_source (0.8.2)
+    multi_xml (0.6.0)
     nenv (0.3.0)
     notiffany (0.1.1)
       nenv (~> 0.1)
@@ -158,6 +169,9 @@ GEM
       coercible (~> 1.0)
       descendants_tracker (~> 0.0, >= 0.0.3)
       equalizer (~> 0.0, >= 0.0.9)
+    with_env (1.1.0)
+    xml-simple (1.1.5)
+    yajl-ruby (1.3.0)
     yard (0.9.9)
 
 PLATFORMS
@@ -175,6 +189,7 @@ DEPENDENCIES
   guard-rubocop (~> 1.2)
   guard-yard (~> 2.2)
   kramdown (~> 1.8)
+  license_finder (~> 3.0)
   pry-byebug (~> 3.1)
   rake (~> 12.0)
   reek (~> 4.0)

diff --git a/appveyor.yml b/appveyor.yml
@@ -34,6 +34,7 @@ test_script:
   # NOTE: We can't run Unix executables under Windows,
   # so call them directly using Ruby.
   - ruby bin/bundle-audit check --update
+  - ruby bin/license_finder
   - ruby bin/rspec spec/ --no-drb --format progress
   - ruby bin/rubocop --display-cop-names
   - printf "yes\nno\n" | ruby bin/resume

diff --git a/bin/license_finder b/bin/license_finder
@@ -0,0 +1,17 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+#
+# This file was generated by Bundler.
+#
+# The application 'license_finder' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require "pathname"
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("license_finder", "license_finder")
diff --git a/bin/license_finder_pip.py b/bin/license_finder_pip.py
@@ -0,0 +1,17 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+#
+# This file was generated by Bundler.
+#
+# The application 'license_finder_pip.py' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require "pathname"
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("license_finder", "license_finder_pip.py")
diff --git a/circle.yml b/circle.yml
@@ -14,6 +14,7 @@ dependencies:
 test:
   override:
     - bin/bundle-audit check --update
+    - bin/license_finder
     - bin/rspec spec/ --no-drb --format progress
     - bin/rubocop --display-cop-names
     - bin/resume <<< "no\n"

diff --git a/doc/dependency_decisions.yml b/doc/dependency_decisions.yml
@@ -0,0 +1,49 @@
+---
+- - :whitelist
+  - MIT
+  - :who: 
+    :why: 
+    :versions: []
+    :when: 2017-07-14 03:19:56.782858000 Z
+- - :whitelist
+  - ruby
+  - :who: 
+    :why: 
+    :versions: []
+    :when: 2017-07-14 03:26:32.701669000 Z
+- - :whitelist
+  - Simplified BSD
+  - :who: 
+    :why: 
+    :versions: []
+    :when: 2017-07-14 03:27:21.302531000 Z
+- - :whitelist
+  - unknown
+  - :who: 
+    :why: 
+    :versions: []
+    :when: 2017-07-14 03:27:32.720183000 Z
+- - :whitelist
+  - New BSD
+  - :who: 
+    :why: 
+    :versions: []
+    :when: 2017-07-14 03:28:41.156630000 Z
+- - :whitelist
+  - Apache 2.0
+  - :who: 
+    :why: 
+    :versions: []
+    :when: 2017-07-14 03:29:02.373548000 Z
+- - :whitelist
+  - GPL-3.0
+  - :who: 
+    :why: 
+    :versions: []
+    :when: 2017-07-14 03:34:12.519121000 Z
+- - :whitelist
+  - GPLv3
+  - :who: 
+    :why: 
+    :versions: []
+    :when: 2017-07-14 03:34:28.217698000 Z
diff --git a/resume.gemspec b/resume.gemspec
@@ -32,6 +32,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "guard-rubocop", "~> 1.2"
   spec.add_development_dependency "guard-yard", "~> 2.2"
   spec.add_development_dependency "kramdown", "~> 1.8"
+  spec.add_development_dependency "license_finder", "~> 3.0"
   spec.add_development_dependency "pry-byebug", "~> 3.1"
   spec.add_development_dependency "rake", "~> 12.0"
   spec.add_development_dependency "reek", "~> 4.0"