Merge branch '2517-categorize-license-check' into 'master'

Organize license reporting per component Closes #2517 See merge request !1679

Merge branch '2517-categorize-license-check' into 'master'
08158674 · Marin Jankovski · 3eca8776 · f5cf40b9 · 08158674 · 08158674
Commit 08158674 authored 7 years ago by Marin Jankovski
--- a/Gemfile.lock
+++ b/Gemfile.lock
 GIT
  remote: https://dev.gitlab.org/gitlab/omnibus.git
-  revision: a902aa9a1af91f2491d6e94b5c8a937f003362ac
+  revision: 4c17964a9b164485fe292d6220442b31c5345d8d
  branch: gitlab-omnibus-ad5d3f98
  specs:
    omnibus (5.5.0)

--- a/lib/gitlab/license_analyzer.rb
+++ b/lib/gitlab/license_analyzer.rb
@@ -66,23 +66,51 @@ class LicenseAnalyzer
    ['unacceptable', 'Unknown license']
  end
  
+  def self.print_status(dependency, version, license, status, reason, level)
+    # level is used to properly align the output. First level dependencies
+    # (level-0) have no indentation. Their dependencies, the level-1 ones,
+    # are indented.
+    case status
+    when 'acceptable'
+      if reason == 'Acceptable license'
+        puts "\t" * level + "✓ #{dependency} - #{version} uses #{license} - #{reason}"
+      elsif reason == 'Whitelisted software'
+        puts "\t" * level + "# #{dependency} - #{version} uses #{license} - #{reason}"
+      end
+    when 'unacceptable'
+      if reason == 'Unknown license'
+        puts "\t" * level + "! #{dependency} - #{version} uses #{license} - #{reason}"
+      else
+        puts "\t" * level + "⨉ #{dependency} - #{version} uses #{license} - #{reason}"
+      end
+    end
+  end
+
  def self.analyze(json_data)
    violations = []
-    json_data.each do |dependency, attributes|
-      license = attributes['license'].strip.delete('"').delete("'")
-      version = attributes['version']
-      status, reason = acceptable?(dependency, license.strip)
  
-      case status
-      when 'acceptable'
-        puts "Acceptable   : #{dependency} - #{version} uses #{license} - #{reason}"
-      when 'unacceptable'
-        violations << "#{dependency} - #{version} - #{license} - #{reason}"
-        if reason == 'Blacklisted software'
-          puts "Unacceptable ! #{dependency} - #{version} uses #{license} - #{reason}"
-        elsif reason == 'Unknown license'
-          puts "Unknown      ? #{dependency} - #{version} uses #{license} - #{reason}"
-        end
+    # We are currently considering dependencies in a two-level view only. This
+    # means some information will be repeated as there are softwares that are
+    # dependencies of multiple components and they get listed again and again.
+
+    # Handling level-0 dependencies
+    json_data.each do |library|
+      level = 0
+      name = library['name']
+      license = library['license'].strip.delete('"').delete("'")
+      version = library['version']
+      status, reason = acceptable?(name, license.strip)
+      print_status(name, version, license, status, reason, level)
+      violations << "#{name} - #{version} - #{license} - #{reason}" if status == 'unacceptable'
+
+      # Handling level-1 dependencies
+      library['dependencies'].each do |dependency|
+        level = 1
+        name = dependency['name']
+        license = dependency['license'].strip.delete('"').delete("'")
+        version = library['version']
+        status, reason = acceptable?(name, license.strip)
+        print_status(name, version, license, status, reason, level)
      end
    end
  

--- a/spec/gitlab/tasks/license_spec.rb
+++ b/spec/gitlab/tasks/license_spec.rb
@@ -11,95 +11,120 @@ describe 'license:check', type: :rake do
  end
  
  it 'detects good licenses correctly' do
-    license_info = '{
-      "chef-zero": {
+    license_info = '[
+      {
+        "name": "chef-zero",
        "version": "4.8.0",
-        "license": "Apache-2.0"
+        "license": "Apache-2.0",
+        "dependencies": [
+          {
+            "name": "sample",
+            "version": "1.0.0",
+            "license": "MIT"
+          }
+        ]
      }
-    }'
+     ]'
    allow(File).to receive(:read).and_return(license_info)
  
-    expect { Rake::Task['license:check'].invoke }.to output(/Acceptable.*chef-zero - 4.8.0.*Apache-2.0/).to_stdout
+    expect { Rake::Task['license:check'].invoke }.to output(/✓.*chef-zero - 4.8.0.*Apache-2.0/).to_stdout
  end
  
  it 'detects blacklisted softwares with good licenses correctly' do
-    license_info = '{
-      "chef-zero": {
+    license_info = '[
+      {
+        "name": "readline",
        "version": "4.8.0",
-        "license": "Apache-2.0"
-      },
-      "readline": {
-        "version": "2.3.0",
-        "license": "Apache-2.0"
+        "license": "Apache-2.0",
+        "dependencies": [
+          {
+            "name": "sample",
+            "version": "1.0.0",
+            "license": "MIT"
+          }
+        ]
      }
-    }'
+     ]'
    allow(File).to receive(:read).and_return(license_info)
  
    expect { Rake::Task['license:check'].invoke }.to output(/readline.*Blacklisted software/).to_stdout.and raise_error(RuntimeError, "Build Aborted due to license violations")
  end
  
  it 'detects bad licenses correctly' do
-    license_info = '{
-      "chef-zero": {
+    license_info = '[
+      {
+        "name": "foo",
        "version": "4.8.0",
-        "license": "Apache-2.0"
-      },
-      "bar": {
-        "version": "2.3.0",
-        "license": "jargon"
-      },
-      "foo": {
-        "version": "1.2.11",
-        "license": "GPL-3.0+"
+        "license": "GPL-3.0",
+        "dependencies": [
+          {
+            "name": "sample",
+            "version": "1.0.0",
+            "license": "GPL-3.0"
+          }
+        ]
      }
-    }'
+     ]'
+
    allow(File).to receive(:read).and_return(license_info)
    expect { Rake::Task['license:check'].invoke }.to output(/foo.*Unacceptable license/).to_stdout.and raise_error(RuntimeError, "Build Aborted due to license violations")
  end
  
  it 'detects whitelisted softwares with bad licenses correctly' do
-    license_info = '{
-      "chef-zero": {
+    license_info = '[
+      {
+        "name": "git",
        "version": "4.8.0",
-        "license": "Apache-2.0"
-      },
-      "git": {
-        "version": "1.2.11",
-        "license": "GPL-3.0+"
+        "license": "GPL-3.0",
+        "dependencies": [
+          {
+            "name": "sample",
+            "version": "1.0.0",
+            "license": "GPL-3.0"
+          }
+        ]
      }
-    }'
+     ]'
    allow(File).to receive(:read).and_return(license_info)
  
    expect { Rake::Task['license:check'].invoke }.to output(/git.*Whitelisted software/).to_stdout
  end
  
  it 'detects blacklisted softwares with unknown licenses correctly' do
-    license_info = '{
-      "chef-zero": {
+    license_info = '[
+      {
+        "name": "readline",
        "version": "4.8.0",
-        "license": "Apache-2.0"
-      },
-      "readline": {
-        "version": "2.3.0",
-        "license": "jargon"
+        "license": "jargon",
+        "dependencies": [
+          {
+            "name": "sample",
+            "version": "1.0.0",
+            "license": "MIT"
+          }
+        ]
      }
-    }'
+     ]'
    allow(File).to receive(:read).and_return(license_info)
  
    expect { Rake::Task['license:check'].invoke }.to output(/readline.*Blacklisted software/).to_stdout.and raise_error(RuntimeError, "Build Aborted due to license violations")
  end
  
  it 'detects whitelisted software with unknown licenses correctly' do
-    license_info = '{
-      "chef-zero": {
+    license_info = '[
+      {
+        "name": "git",
        "version": "4.8.0",
-        "license": "Apache-2.0"
-      },
-      "git": {
-        "version": "1.2.11",
-        "license": "jargon"
+        "license": "jargon",
+        "dependencies": [
+          {
+            "name": "sample",
+            "version": "1.0.0",
+            "license": "MIT"
+          }
+        ]
      }
-    }'
+     ]'
    allow(File).to receive(:read).and_return(license_info)
    expect { Rake::Task['license:check'].invoke }.to output(/git.*Whitelisted software/).to_stdout
  end