Merge pull request #48 from fosslight/develop

Support carthage package manager

Author: dd-jy

.github/workflows/pull-request.yml

@@ -76,6 +76,7 @@ jobs:
         fosslight_dependency -p tests/test_pub -o tests/result/pub
         fosslight_dependency -p tests/test_cocoapods/cocoapods-tips/JWSCocoapodsTips -o tests/result/Cocoapods
         fosslight_dependency -p tests/test_swift -o tests/result/swift -t ${{ secrets.TOKEN }}
+        fosslight_dependency -p tests/test_carthage -o tests/result/carthage -t ${{ secrets.TOKEN }}
   reuse:
     runs-on: ubuntu-latest
     steps: 

.reuse/dep5

@@ -76,4 +76,8 @@ License: Apache-2.0
 
 Files: tests/test_swift/*
 Copyright: 2021 LG Electronics
+License: Apache-2.0
+
+Files: tests/test_carthage/*
+Copyright: 2021 LG Electronics
 License: Apache-2.0

README.md

@@ -20,6 +20,7 @@ Currently, it supports the following package managers.
 - [Pub](https://pub.dev/) (Dart with flutter)
 - [Cocoapods](https://cocoapods.org/) (Swift/Obj-C)
 - [Swift](https://swift.org/package-manager/) (Swift)
+- [Carthage](https://github.com/Carthage/Carthage) (Carthage)
 
 ## 🧐 How to analyze the dependencies
 

src/fosslight_dependency/_help.py

@@ -19,21 +19,23 @@
         Pub (Dart with flutter)
         Cocoapods (Swift/Obj-C)
         Swift (Swift)
+        Carthage (Swift/Obj-C)
 
     Options:
         Optional
             -h\t\t\t\t    Print help message.
             -v\t\t\t\t    Print the version of the script.
-            -m <package_manager>\t    Enter the package manager(npm, maven, gradle, pip, pub, cocoapods, android, swift).
+            -m <package_manager>\t    Enter the package manager.
+                                        \t(npm, maven, gradle, pip, pub, cocoapods, android, swift, carthage)
             -p <input_path>\t\t    Enter the path where the script will be run.
             -o <output_path>\t\t    Enter the path where the result file will be generated.
 
         Required only for pypi
             -a <activate_cmd>\t\t    Virtual environment activate command(ex, 'conda activate (venv name)')
             -d <deactivate_cmd>\t\t    Virtual environment deactivate command(ex, 'conda deactivate')
 
-        Required only for swift
-            -t <token>\t\t      Enter the github personal access token.
+        Required only for swift, carthage
+            -t <token>\t\t\t    Enter the github personal access token.
 
         Optional only for gradle, maven
             -c <dir_name>\t\t    Enter the customized build output directory name

src/fosslight_dependency/analyze_dependency.py

@@ -32,10 +32,10 @@
 _PKG_NAME = "fosslight_dependency"
 
 # Check the manifest file
-SUPPORT_PACKAE = ["pip", "npm", "maven", "gradle", "pub", "cocoapods", "android", "swift"]
+SUPPORT_PACKAE = ["pip", "npm", "maven", "gradle", "pub", "cocoapods", "android", "swift", "carthage"]
 manifest_array = [[SUPPORT_PACKAE[0], "requirements.txt"], [SUPPORT_PACKAE[1], "package.json"], [SUPPORT_PACKAE[2], "pom.xml"],
                   [SUPPORT_PACKAE[3], "build.gradle"], [SUPPORT_PACKAE[4], "pubspec.yaml"], [SUPPORT_PACKAE[5], "Podfile.lock"],
-                  [SUPPORT_PACKAE[7], "Package.resolved"]]
+                  [SUPPORT_PACKAE[7], "Package.resolved"], [SUPPORT_PACKAE[8], "Cartfile.resolved"]]
 
 # binary url to check license text
 license_scanner_url_linux = "third_party/nomos/nomossa"
@@ -999,7 +999,69 @@ def parse_and_generate_output_swift(input_fp):
             except Exception:
                 logger.info("Cannot find the license name with github api.")
 
-            if license_name == "":
+            if license_name == "" or license_name == "NOASSERTION":
+                try:
+                    license_txt_data = base64.b64decode(repository.get_license().content).decode('utf-8')
+                    tmp_license_txt = open(tmp_license_txt_file_name, 'w', encoding='utf-8')
+                    tmp_license_txt.write(license_txt_data)
+                    tmp_license_txt.close()
+                    license_name = check_and_run_license_scanner(tmp_license_txt_file_name, os_name)
+                except Exception:
+                    logger.info("Cannot find the license name with license scanner binary.")
+
+                if os.path.isfile(tmp_license_txt_file_name):
+                    os.remove(tmp_license_txt_file_name)
+
+        sheet_list["SRC"].append(['Package.resolved', oss_name, oss_version, license_name, dn_loc, homepage, '', '', ''])
+
+    return sheet_list
+
+
+def parse_and_generate_output_carthge(input_fp):
+    global GITHUB_TOKEN
+
+    sheet_list = {}
+    sheet_list["SRC"] = []
+
+    os_name = check_os()
+    check_license_scanner(os_name)
+
+    if GITHUB_TOKEN is not None:
+        g = Github(GITHUB_TOKEN)
+    else:
+        g = Github()
+
+    for i, line in enumerate(input_fp.readlines()):
+
+        re_result = re.findall(r'github[\s]\"(\S*)\"[\s]\"(\S*)\"', line)
+        try:
+            github_repo = re_result[0][0]
+            oss_origin_name = github_repo.split('/')[1]
+            oss_name = "carthage:" + oss_origin_name
+            oss_version = re_result[0][1]
+            homepage = "https://github.com/" + github_repo
+            dn_loc = homepage
+
+            license_name = ''
+        except Exception:
+            logger.error("It cannot find the github oss information. So skip it.")
+            break
+
+        try:
+            repository = g.get_repo(github_repo)
+        except Exception:
+            logger.error("It cannot find the license name. Please use '-t' option with github token.")
+            logger.error("{0}{1}".format("refer:https://docs.github.com/en/github/authenticating-to-github/",
+                         "keeping-your-account-and-data-secure/creating-a-personal-access-token"))
+            repository = ''
+
+        if repository is not None:
+            try:
+                license_name = repository.get_license().license.spdx_id
+            except Exception:
+                logger.info("Cannot find the license name with github api.")
+
+            if license_name == "" or license_name == "NOASSERTION":
                 try:
                     license_txt_data = base64.b64decode(repository.get_license().content).decode('utf-8')
                     tmp_license_txt = open(tmp_license_txt_file_name, 'w', encoding='utf-8')
@@ -1145,6 +1207,17 @@ def main_swift():
     return sheet_list
 
 
+def main_carthage():
+
+    input_fp = open_input_file()
+
+    sheet_list = parse_and_generate_output_carthge(input_fp)
+
+    close_input_file(input_fp)
+
+    return sheet_list
+
+
 def set_package_variables(package):
     global PACKAGE, dn_url, output_file_name, input_file_name, venv_tmp_dir, pom_backup, is_maven_first_try, \
         tmp_license_txt_file_name, source_type
@@ -1193,6 +1266,11 @@ def set_package_variables(package):
         output_file_name = "swift_dependency_output"
         tmp_license_txt_file_name = "tmp_license.txt"
 
+    elif PACKAGE == "carthage":
+        input_file_name = "Cartfile.resolved"
+        output_file_name = "carthage_dependency_output"
+        tmp_license_txt_file_name = "tmp_license.txt"
+
     else:
         logger.error("### Error Message ###")
         logger.error("You enter the wrong first argument.")
@@ -1240,6 +1318,8 @@ def main():
         sheet_list = main_android()
     elif PACKAGE == "swift":
         sheet_list = main_swift()
+    elif PACKAGE == "carthage":
+        sheet_list = main_carthage()
     else:
         logger.error("### Error Message ###")
         logger.error("Please enter the supported package manager. (Check the help message with (-h) option.)")

tests/test_carthage/Cartfile.resolved

@@ -0,0 +1,18 @@
+github "AgileBits/onepassword-app-extension" "bcc4cc97fed9a6e73fa204f2e61138e353cb3ef7"
+github "DaveWoodCom/XCGLogger" "7.0.0"
+github "Dev1an/A-Star" "3.0.0-beta-1"
+github "Leanplum/Leanplum-iOS-SDK" "2.4.3"
+github "SDWebImage/SDWebImage" "5.0.6"
+github "SnapKit/SnapKit" "5.0.0"
+github "SwiftyJSON/SwiftyJSON" "5.0.0"
+github "adjust/ios_sdk" "v4.17.2"
+github "apple/swift-protobuf" "1.5.0"
+github "cezheng/Fuzi" "3.1.1"
+github "getsentry/sentry-cocoa" "4.4.0"
+github "google/EarlGrey" "1.15.1"
+github "jrendel/SwiftKeychainWrapper" "3.4.0"
+github "kif-framework/KIF" "v3.7.7"
+github "mozilla-mobile/MappaMundi" "1d17845e4bd6077d790aca5a2b4a468f19567934"
+github "mozilla-mobile/telemetry-ios" "1.1.1"
+github "mozilla/application-services" "v0.32.3"
+github "swisspol/GCDWebServer" "3.5.2"