class LicenseScout::DependencyManager::Bundler

Public Instance Methods

dependencies() click to toggle source
# File lib/license_scout/dependency_manager/bundler.rb, line 50
def dependencies
  dependency_data.map do |gem_data|
    dep_name = gem_data["name"]
    dep_version = gem_data["version"]
    dep_license = gem_data["license"]

    dep_path = if dep_name == "bundler"
                 # Bundler is weird. It inserts itself as a dependency, but is a
                 # special case, so rubygems cannot correctly report the license.
                 # Additionally, rubygems reports the gem path as a path inside
                 # bundler's lib/ dir, so we have to munge it.
                 "https://github.com/bundler/bundler"
               elsif dep_name == "json"
                 # json is different weird. When project is using the json that is prepackaged with
                 # Ruby, its included not as a full fledged gem but an *.rb file at:
                 # /opt/opscode/embedded/lib/ruby/2.2.0/json.rb
                 # Because of this its license is reported as nil and its license files can not be
                 # found. That is why we need to provide them manually here.
                 "https://github.com/flori/json"
               else
                 gem_data["path"]
               end

    dependency = new_dependency(dep_name, dep_version, dep_path)

    # If the gemspec has defined a license, include that as well.
    unless dep_license.nil?
      dependency.add_license(dep_license, "https://rubygems.org/gems/#{dep_name}/versions/#{dep_version}")
    end

    dependency
  end.compact
end
detected?() click to toggle source
# File lib/license_scout/dependency_manager/bundler.rb, line 40
def detected?
  # We check the existence of both Gemfile and Gemfile.lock. We need both
  # of them to be able to get a concrete set of dependencies which we can
  # search. We used to raise an error when Gemfile.lock did not exist but
  # that created issues with projects like oc_bifrost which is a rebar
  # project but have a Gemfile at its root to be able to run some rake
  # commands.
  File.exist?(gemfile_path) && File.exist?(lockfile_path)
end
install_command() click to toggle source
# File lib/license_scout/dependency_manager/bundler.rb, line 36
def install_command
  "bundle install"
end
name() click to toggle source
# File lib/license_scout/dependency_manager/bundler.rb, line 24
def name
  "ruby_bundler"
end
signature() click to toggle source
# File lib/license_scout/dependency_manager/bundler.rb, line 32
def signature
  "Gemfile and Gemfile.lock files"
end
type() click to toggle source
# File lib/license_scout/dependency_manager/bundler.rb, line 28
def type
  "ruby"
end

Private Instance Methods

dependency_data() click to toggle source
# File lib/license_scout/dependency_manager/bundler.rb, line 86
def dependency_data
  gemfile_to_json_path = File.expand_path("../../../bin/gemfile_json", File.dirname(__FILE__))

  Dir.chdir(directory) do
    json_dep_data = with_clean_env do
      s = Mixlib::ShellOut.new("#{LicenseScout::Config.ruby_bin} #{gemfile_to_json_path}", environment: LicenseScout::Config.environment)
      s.run_command
      s.error!
      s.stdout
    end

    FFI_Yajl::Parser.parse(json_dep_data)
  end
end
gemfile_path() click to toggle source
# File lib/license_scout/dependency_manager/bundler.rb, line 137
def gemfile_path
  File.join(directory, "Gemfile")
end
lockfile_path() click to toggle source
# File lib/license_scout/dependency_manager/bundler.rb, line 141
def lockfile_path
  File.join(directory, "Gemfile.lock")
end
with_clean_env() { || ... } click to toggle source

Execute the given command, removing any Ruby-specific environment variables. This is an “enhanced” version of Bundler.with_clean_env, which only removes Bundler-specific values. We need to remove all values, specifically:

  • _ORIGINAL_GEM_PATH

  • GEM_PATH

  • GEM_HOME

  • GEM_ROOT

  • BUNDLE_BIN_PATH

  • BUNDLE_GEMFILE

  • RUBYLIB

  • RUBYOPT

  • RUBY_ENGINE

  • RUBY_ROOT

  • RUBY_VERSION

The original environment restored at the end of this call.

@param [Proc] block

the block to execute with the cleaned environment
# File lib/license_scout/dependency_manager/bundler.rb, line 124
def with_clean_env(&block)
  original = ENV.to_hash

  ENV.delete("_ORIGINAL_GEM_PATH")
  ENV.delete_if { |k, _| k.start_with?("BUNDLE_") }
  ENV.delete_if { |k, _| k.start_with?("GEM_") }
  ENV.delete_if { |k, _| k.start_with?("RUBY") }

  yield
ensure
  ENV.replace(original.to_hash)
end