feat: add --allowed to check licenses (#848)

Author: alestiago

lib/src/commands/packages/commands/check/commands/licenses.dart

@@ -7,11 +7,26 @@ import 'package:meta/meta.dart';
 import 'package:path/path.dart' as path;
 import 'package:pubspec_lock/pubspec_lock.dart';
 import 'package:very_good_cli/src/pub_license/pub_license.dart';
+import 'package:very_good_cli/src/pub_license/spdx_license.gen.dart';
 
 /// The basename of the pubspec lock file.
 @visibleForTesting
 const pubspecLockBasename = 'pubspec.lock';
 
+/// The URI for the pub.dev license page for the given [packageName].
+@visibleForTesting
+Uri pubLicenseUri(String packageName) =>
+    Uri.parse('https://pub.dev/packages/$packageName/license');
+
+/// Defines a [Map] with dependencies as keys and their licenses as values.
+///
+/// If a dependency's license failed to be retrieved its license will be `null`.
+typedef _DependencyLicenseMap = Map<String, Set<String>?>;
+
+/// Defines a [Map] with banned dependencies as keys and their banned licenses
+/// as values.
+typedef _BannedDependencyLicenseMap = Map<String, Set<String>>;
+
 /// {@template packages_check_licenses_command}
 /// `very_good packages check licenses` command for checking packages licenses.
 /// {@endtemplate}
@@ -42,6 +57,10 @@ class PackagesCheckLicensesCommand extends Command<int> {
           'transitive': 'Check for transitive dependencies.',
         },
         defaultsTo: ['direct-main'],
+      )
+      ..addMultiOption(
+        'allowed',
+        help: 'Whitelist of allowed licenses.',
       );
   }
 
@@ -69,6 +88,14 @@ class PackagesCheckLicensesCommand extends Command<int> {
 
     final ignoreFailures = _argResults['ignore-failures'] as bool;
     final dependencyTypes = _argResults['dependency-type'] as List<String>;
+    final allowedLicenses = _argResults['allowed'] as List<String>;
+
+    final invalidLicenses = _invalidLicenses(allowedLicenses);
+    if (invalidLicenses.isNotEmpty) {
+      _logger.warn(
+        '''Some ${styleItalic.wrap('allowed')} licenses failed to be recognized: ${invalidLicenses.stringify()}. Refer to the documentation for a list of valid licenses.''',
+      );
+    }
 
     final target = _argResults.rest.length == 1 ? _argResults.rest[0] : '.';
     final targetPath = path.normalize(Directory(target).absolute.path);
@@ -114,7 +141,7 @@ class PackagesCheckLicensesCommand extends Command<int> {
     final licenses = <String, Set<String>?>{};
     for (final dependency in filteredDependencies) {
       progress.update(
-        'Collecting licenses of ${licenses.length}/${filteredDependencies.length} packages',
+        'Collecting licenses of ${licenses.length}/${filteredDependencies.length} packages.',
       );
 
       final dependencyName = dependency.package();
@@ -145,7 +172,21 @@ class PackagesCheckLicensesCommand extends Command<int> {
       }
     }
 
-    progress.complete(_composeReport(licenses));
+    final bannedDependencies = allowedLicenses.isNotEmpty
+        ? _bannedDependencies(licenses, allowedLicenses.contains)
+        : null;
+
+    progress.complete(
+      _composeReport(
+        licenses: licenses,
+        bannedDependencies: bannedDependencies,
+      ),
+    );
+
+    if (bannedDependencies != null) {
+      _logger.err(_composeBannedReport(bannedDependencies));
+      return ExitCode.config.code;
+    }
 
     return ExitCode.success.code;
   }
@@ -163,28 +204,119 @@ PubspecLock? _tryParsePubspecLock(File pubspecLockFile) {
   }
 }
 
+/// Verifies that all [licenses] are valid license inputs.
+///
+/// Valid license inputs are:
+/// - [SpdxLicense] values.
+///
+/// Returns a [List] of invalid licenses, if all licenses are valid the list
+/// will be empty.
+List<String> _invalidLicenses(List<String> licenses) {
+  final invalidLicenses = <String>[];
+  for (final license in licenses) {
+    final parsedLicense = SpdxLicense.tryParse(license);
+    if (parsedLicense == null) {
+      invalidLicenses.add(license);
+    }
+  }
+
+  return invalidLicenses;
+}
+
+/// Returns a [Map] of banned dependencies and their banned licenses.
+///
+/// The [Map] is lazily initialized, if no dependencies are banned `null` is
+/// returned.
+_BannedDependencyLicenseMap? _bannedDependencies(
+  _DependencyLicenseMap licenses,
+  bool Function(String license) isAllowed,
+) {
+  _BannedDependencyLicenseMap? bannedDependencies;
+  for (final dependency in licenses.entries) {
+    final name = dependency.key;
+    final license = dependency.value;
+    if (license == null) continue;
+
+    for (final licenseType in license) {
+      if (isAllowed(licenseType)) continue;
+
+      bannedDependencies ??= <String, Set<String>>{};
+      bannedDependencies.putIfAbsent(name, () => <String>{});
+      bannedDependencies[name]!.add(licenseType);
+    }
+  }
+
+  return bannedDependencies;
+}
+
 /// Composes a human friendly [String] to report the result of the retrieved
 /// licenses.
-String _composeReport(Map<String, Set<String>?> licenses) {
+///
+/// If [bannedDependencies] is provided those banned licenses will be
+/// highlighted in red.
+String _composeReport({
+  required _DependencyLicenseMap licenses,
+  required _BannedDependencyLicenseMap? bannedDependencies,
+}) {
+  final bannedLicenseTypes =
+      bannedDependencies?.values.fold(<String>{}, (previousValue, licenses) {
+    if (licenses.isEmpty) return previousValue;
+    return previousValue..addAll(licenses);
+  });
   final licenseTypes =
-      licenses.values.fold(<String>{}, (previousValue, element) {
-    if (element == null) return previousValue;
-    return previousValue..addAll(element);
+      licenses.values.fold(<String>{}, (previousValue, licenses) {
+    if (licenses == null) return previousValue;
+    return previousValue..addAll(licenses);
+  });
+  final coloredLicenseTypes = licenseTypes.map((license) {
+    if (bannedLicenseTypes != null && bannedLicenseTypes.contains(license)) {
+      return red.wrap(license)!;
+    }
+    return green.wrap(license)!;
   });
+
   final licenseCount = licenses.values.fold<int>(0, (previousValue, element) {
     if (element == null) return previousValue;
     return previousValue + element.length;
   });
 
   final licenseWord = licenseCount == 1 ? 'license' : 'licenses';
   final packageWord = licenses.length == 1 ? 'package' : 'packages';
-  final suffix = licenseTypes.isEmpty
+  final suffix = coloredLicenseTypes.isEmpty
       ? ''
-      : ' of type: ${licenseTypes.toList().stringify()}';
+      : ' of type: ${coloredLicenseTypes.toList().stringify()}';
 
   return '''Retrieved $licenseCount $licenseWord from ${licenses.length} $packageWord$suffix.''';
 }
 
+String _composeBannedReport(_BannedDependencyLicenseMap bannedDependencies) {
+  final bannedDependenciesList = bannedDependencies.entries.fold(
+    <String>[],
+    (previousValue, element) {
+      final dependencyName = element.key;
+      final dependencyLicenses = element.value;
+
+      final text = '$dependencyName (${link(
+        uri: pubLicenseUri(dependencyName),
+        message: dependencyLicenses.toList().stringify(),
+      )})';
+      return previousValue..add(text);
+    },
+  );
+  final bannedLicenseTypes =
+      bannedDependencies.values.fold(<String>{}, (previousValue, licenses) {
+    if (licenses.isEmpty) return previousValue;
+    return previousValue..addAll(licenses);
+  });
+
+  final prefix =
+      bannedDependencies.length == 1 ? 'dependency has' : 'dependencies have';
+  final suffix =
+      bannedLicenseTypes.length == 1 ? 'a banned license' : 'banned licenses';
+
+  return '''${bannedDependencies.length} $prefix $suffix: ${bannedDependenciesList.stringify()}.''';
+}
+
 extension on List<Object> {
   String stringify() {
     if (isEmpty) return '';