From 54f7dcacfeefb828a0cb62cd8edb3b3afc3e07cf Mon Sep 17 00:00:00 2001 From: Paul Fioravanti Date: Fri, 14 Jul 2017 13:39:54 +1000 Subject: [PATCH] Add license_finder to the project and run it in CI --- .scrutinizer.yml | 1 + .travis.yml | 3 +++ Gemfile.lock | 15 +++++++++++ appveyor.yml | 1 + bin/license_finder | 17 +++++++++++++ bin/license_finder_pip.py | 17 +++++++++++++ circle.yml | 1 + doc/dependency_decisions.yml | 49 ++++++++++++++++++++++++++++++++++++ resume.gemspec | 1 + 9 files changed, 105 insertions(+) create mode 100755 bin/license_finder create mode 100755 bin/license_finder_pip.py create mode 100644 doc/dependency_decisions.yml diff --git a/.scrutinizer.yml b/.scrutinizer.yml index 5604b7cd..1a633657 100644 --- a/.scrutinizer.yml +++ b/.scrutinizer.yml @@ -24,6 +24,7 @@ build: tests: before: - bin/bundle-audit check --update + - bin/license_finder - bin/rubocop --display-cop-names - printf "yes\nno\n" | bin/resume - bin/resume -l it <<< "no\n" diff --git a/.travis.yml b/.travis.yml index c2a23fc0..9595c613 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,10 @@ before_install: - gem update --system - gem install i18n rspec script: + # Ensure gem dependencies do not have known vulnerabilities - bin/bundle-audit check --update + # Ensure each dependency has a permissive license + - bin/license_finder - bin/rspec spec/ --no-drb --format progress - bin/rubocop --display-cop-names # NOTE: The 'no's below indicate not wanting to get CI to attempt to open diff --git a/Gemfile.lock b/Gemfile.lock index a232fc02..6714fd5f 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -69,16 +69,27 @@ GEM guard-yard (2.2.0) guard (>= 1.1.0) yard (>= 0.7.0) + httparty (0.15.5) + multi_xml (>= 0.5.2) i18n (0.8.4) ice_nine (0.11.2) json (2.1.0) kramdown (1.14.0) + license_finder (3.0.1) + bundler + httparty + rubyzip + thor + with_env (> 1.0) + xml-simple + yajl-ruby listen (3.1.5) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) ruby_dep (~> 1.2) lumberjack (1.0.12) method_source (0.8.2) + multi_xml (0.6.0) nenv (0.3.0) notiffany (0.1.1) nenv (~> 0.1) @@ -158,6 +169,9 @@ GEM coercible (~> 1.0) descendants_tracker (~> 0.0, >= 0.0.3) equalizer (~> 0.0, >= 0.0.9) + with_env (1.1.0) + xml-simple (1.1.5) + yajl-ruby (1.3.0) yard (0.9.9) PLATFORMS @@ -175,6 +189,7 @@ DEPENDENCIES guard-rubocop (~> 1.2) guard-yard (~> 2.2) kramdown (~> 1.8) + license_finder (~> 3.0) pry-byebug (~> 3.1) rake (~> 12.0) reek (~> 4.0) diff --git a/appveyor.yml b/appveyor.yml index 667687d6..6a3a2ba5 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -34,6 +34,7 @@ test_script: # NOTE: We can't run Unix executables under Windows, # so call them directly using Ruby. - ruby bin/bundle-audit check --update + - ruby bin/license_finder - ruby bin/rspec spec/ --no-drb --format progress - ruby bin/rubocop --display-cop-names - printf "yes\nno\n" | ruby bin/resume diff --git a/bin/license_finder b/bin/license_finder new file mode 100755 index 00000000..d5ef03fc --- /dev/null +++ b/bin/license_finder @@ -0,0 +1,17 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true +# +# This file was generated by Bundler. +# +# The application 'license_finder' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +require "pathname" +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", + Pathname.new(__FILE__).realpath) + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("license_finder", "license_finder") diff --git a/bin/license_finder_pip.py b/bin/license_finder_pip.py new file mode 100755 index 00000000..6a1c91be --- /dev/null +++ b/bin/license_finder_pip.py @@ -0,0 +1,17 @@ +#!/usr/bin/env ruby +# frozen_string_literal: true +# +# This file was generated by Bundler. +# +# The application 'license_finder_pip.py' is installed as part of a gem, and +# this file is here to facilitate running it. +# + +require "pathname" +ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", + Pathname.new(__FILE__).realpath) + +require "rubygems" +require "bundler/setup" + +load Gem.bin_path("license_finder", "license_finder_pip.py") diff --git a/circle.yml b/circle.yml index f9512e66..be66f3d3 100644 --- a/circle.yml +++ b/circle.yml @@ -14,6 +14,7 @@ dependencies: test: override: - bin/bundle-audit check --update + - bin/license_finder - bin/rspec spec/ --no-drb --format progress - bin/rubocop --display-cop-names - bin/resume <<< "no\n" diff --git a/doc/dependency_decisions.yml b/doc/dependency_decisions.yml new file mode 100644 index 00000000..ac573f8d --- /dev/null +++ b/doc/dependency_decisions.yml @@ -0,0 +1,49 @@ +--- +- - :whitelist + - MIT + - :who: + :why: + :versions: [] + :when: 2017-07-14 03:19:56.782858000 Z +- - :whitelist + - ruby + - :who: + :why: + :versions: [] + :when: 2017-07-14 03:26:32.701669000 Z +- - :whitelist + - Simplified BSD + - :who: + :why: + :versions: [] + :when: 2017-07-14 03:27:21.302531000 Z +- - :whitelist + - unknown + - :who: + :why: + :versions: [] + :when: 2017-07-14 03:27:32.720183000 Z +- - :whitelist + - New BSD + - :who: + :why: + :versions: [] + :when: 2017-07-14 03:28:41.156630000 Z +- - :whitelist + - Apache 2.0 + - :who: + :why: + :versions: [] + :when: 2017-07-14 03:29:02.373548000 Z +- - :whitelist + - GPL-3.0 + - :who: + :why: + :versions: [] + :when: 2017-07-14 03:34:12.519121000 Z +- - :whitelist + - GPLv3 + - :who: + :why: + :versions: [] + :when: 2017-07-14 03:34:28.217698000 Z diff --git a/resume.gemspec b/resume.gemspec index d39f05d7..b8be3b9e 100644 --- a/resume.gemspec +++ b/resume.gemspec @@ -32,6 +32,7 @@ Gem::Specification.new do |spec| spec.add_development_dependency "guard-rubocop", "~> 1.2" spec.add_development_dependency "guard-yard", "~> 2.2" spec.add_development_dependency "kramdown", "~> 1.8" + spec.add_development_dependency "license_finder", "~> 3.0" spec.add_development_dependency "pry-byebug", "~> 3.1" spec.add_development_dependency "rake", "~> 12.0" spec.add_development_dependency "reek", "~> 4.0"