Merge pull request #21 from fosslight/develop

add android dependency scanning

Author: dd-jy

README.md

@@ -2,28 +2,30 @@
 Copyright (c) 2021 LG Electronics
 SPDX-License-Identifier: Apache-2.0
  -->
- # FOSSLight Dependency
 
-<img src="https://img.shields.io/pypi/l/fosslight_dependency" alt="License" /> <img src="https://img.shields.io/pypi/v/fosslight_dependency" alt="Current python package version." /> <img src="https://img.shields.io/pypi/pyversions/fosslight_dependency" /> [![REUSE status](https://api.reuse.software/badge/github.com/fosslight/fosslight_dependency)](https://api.reuse.software/info/github.com/fosslight/fosslight_dependency)
+# FOSSLight Dependency
 
+<img src="https://img.shields.io/pypi/l/fosslight_dependency" alt="License" /> <img src="https://img.shields.io/pypi/v/fosslight_dependency" alt="Current python package version." /> <img src="https://img.shields.io/pypi/pyversions/fosslight_dependency" /> [![REUSE status](https://api.reuse.software/badge/github.com/fosslight/fosslight_dependency)](https://api.reuse.software/info/github.com/fosslight/fosslight_dependency)
 
 ## 💡 Introduction
+
 This is the tool that supports the analysis of dependencies for multiple package managers. It detects the manifest file of package managers automatically and analyzes the dependencies with using open source tools. Then, it generates the report file that contains OSS information of dependencies.
 
 Currently, it supports the following package managers.
-* [Gradle](https://gradle.org/) (Java)
-* [Maven](http://maven.apache.org/) (Java)
-* [NPM](https://www.npmjs.com/) (Node.js)
-* [PIP](https://pip.pypa.io/) (Python)
-* [Pub](https://pub.dev/) (Dart with flutter)
-* [Cocoapods](https://cocoapods.org/) (Swift/Obj-C)
 
+- [Gradle](https://gradle.org/) (Java)
+- [Maven](http://maven.apache.org/) (Java)
+- [NPM](https://www.npmjs.com/) (Node.js)
+- [PIP](https://pip.pypa.io/) (Python)
+- [Pub](https://pub.dev/) (Dart with flutter)
+- [Cocoapods](https://cocoapods.org/) (Swift/Obj-C)
 
 ## 📖 User Guide
-Please see the [**User Guide**](https://github.com/fosslight/fosslight_dependency/blob/main/docs/user-guide.md) for more information on how to install and run it.
 
+Please see the [**User Guide**](https://github.com/fosslight/fosslight_dependency/blob/main/docs/user-guide.md) for more information on how to install and run it.
 
 ## 👏 Contributing Guide
+
 We always welcome your contributions.  
 Please see the [CONTRIBUTING guide](https://github.com/fosslight/fosslight_dependency/blob/main/CONTRIBUTING.md) for how to contribute.
 

docs/user-guide.md

@@ -6,27 +6,31 @@ SPDX-License-Identifier: Apache-2.0
   <a href="https://github.com/fosslight/fosslight_dependency/blob/main/docs/user-guide_Kor.md">[Kor]</a>
 </p>
 
-# User Guide 
+# User Guide
 
 ## Contents
+
 - [How to analyze the dependencies](#-how-to-analyze-the-dependencies)
 - [Prerequisite](#-prerequisite)
-    - [NPM](#npm)
-    - [Gradle](#gradle)
-    - [Pypi](#pypi)
-    - [Maven](#maven-optional)
-    - [Pub](#pub)
-    - [Cocoapods](#cocoapods)
+  - [NPM](#npm)
+  - [Gradle](#gradle)
+  - [Gradle - Android](#Android)
+  - [Pypi](#pypi)
+  - [Maven](#maven-optional)
+  - [Pub](#pub)
+  - [Cocoapods](#cocoapods)
 - [How to install](#-how-to-install)
 - [How to run](#-how-to-run)
 - [Result](#-result)
 
 <br>
 
 ## 🧐 How to analyze the dependencies
+
 FOSSLight Dependency utilizes the open source software for analyzing each package manager dependencies. We choose the open source software for each package manager that shows not only the direct dependencies but also the transitive dependencies including the information of dependencies such as oss name, oss version and license name.
 
 Each package manager uses the results of the following software:
+
 - NPM : [NPM License Checker](https://github.com/davglass/license-checker)
 - Pypi : [pip-licenses](https://github.com/raimon49/pip-licenses)
 - Gradle : [License Gradle Plugin](https://github.com/hierynomus/license-gradle-plugin)
@@ -38,44 +42,83 @@ Because we utilizes the different open source software to analyze the dependenci
 <br>
 
 ## 📋 Prerequisite
+
 ### NPM
+
 1. Install the NPM License Checker to ananlyze the npm dependencies.
+
 ```
 $ npm install -g license-checker
 ```
+
 2. Run the command to install the dependencies. (optional)
+
 ```
 $ npm install
 ```
+
 > - If the 'package.json' file exists in the input directory, it will be executed automatically by FOSSLight Dependency. So you can skip it.
 > - If the 'node_modules' directory already exists, you can run FOSSLight dependency by setting the input directory to the path where node_modules is located.
 
 <br>
 
 ### Gradle
+
 1. Add the License Gradle Plugin in build.gradle file.
+
 ```
 plugins {
     id 'com.github.hierynomus.license' version '0.15.0'
 }
- 
+
 downloadLicenses {
     includeProjectDependencies = true
     dependencyConfiguration = 'runtimeClasspath'
 }
 ```
+
 > - If the gradle version is 4.6 or lower, then add the 'runtime' instead of 'runtimeClasspath' in the dependencyConfiguration.
 
 2. Run the 'downloadLicenses' task.
+
 ```
 $ gradle downloadLicenses
 ```
 
 <br>
 
+### Android (gradle)
+
+1. Add the Android License Plugin in build.gradle file.
+
+```
+buildscript {
+    repositories {
+        jcenter()
+    }
+
+    dependencies {
+        classpath 'com.lge.android.licensetools:dependency-scanning-tool:0.4.0'
+    }
+}
+
+apply plugin: 'com.lge.android.licensetools'
+```
+
+2. Run the 'generateLicenseTxt' task.
+
+```
+$ gradle generateLicenseTxt
+```
+
+<br>
+
 ### Pypi
+
 You can run this tool with virtual environment for separating the project dependencies from system global dependencies.
+
 1. Create and activate the virtual environment
+
 ```
 // virtualenv example
 $ virtualenv -p /usr/bin/python3.6 venv
@@ -85,7 +128,9 @@ $ source venv/bin/activate
 $ conda create --name {venv name}
 $ conda activate {venv name}
 ```
+
 2. Install the dependencies in the virtual environment.
+
 ```
 // If you install the dependencies with requirements.txt...
 $ pip install -r requirements.txt
@@ -94,8 +139,11 @@ $ pip install -r requirements.txt
 <br>
 
 ### Maven (optional)
+
 > - If the 'pom.xml' is located in the input directory, FOSSLight dependency will automatically add and execute the license-maven-plugin. So you can skip the prerequisites below.
+
 1. Add the license-maven-plugin into pom.xml file.
+
 ```
 <project>
   ...
@@ -122,15 +170,19 @@ $ pip install -r requirements.txt
   ...
 </project>
 ```
+
 2. Run the license-maven-plugin task.
+
 ```
 $ mvn license:aggregate-download-licenses
 ```
 
 <br>
 
 ### Pub
+
 1. Run the flutter_oss_licenses.
+
 ```
 $ flutter pub get
 $ flutter pub global activate flutter_oss_licenses
@@ -140,20 +192,27 @@ $ flutter pub global run flutter_oss_licenses:generate.dart
 <br>
 
 ### Cocoapods
+
 1. Install the pod package through Podfile.
+
 ```
 $ pod install
 ```
 
 <br>
 
 ## 🎉 How to install
+
 It is recommended to install in Python3.6+.
+
 ### From pip
+
 ```
 $ pip install fosslight-dependency
 ```
+
 ### From source code
+
 ```
 $ git clone https://github.com/fosslight/fosslight_dependency.git
 $ cd fosslight_dependency
@@ -163,44 +222,48 @@ $ python setup.py install
 <br>
 
 ## 🚀 How to run
+
 You can run the FOSSLight Dependency with options based on your package manager.
+
 ```
 $ fosslight_dependency
 ```
-| Option | Argument      | Description |
-| ------ | ------------- | ----------- |
-| -m     | npm, maven, gradle, pip, pub, cocoapods | (optional) <br> package manager for your project |
-| -p     | (path) |(optional) <br> input directory | 
-| -o     | (path) |(optional) <br> output file directory | 
-| -a     | conda example: 'conda activate (venv name)' |(pypi only required) <br> virtual environment activate command | 
-| -d     | conda example: 'conda deactivate' |(pypi only required) <br> virtual environment deactivate command | 
-| -c     | (customized output directory name) |(gradle, maven only optional) <br> customized build output directory name (default: target) | 
-| -v     | N/A | release version | 
+
+| Option | Argument                                         | Description                                                                                 |
+| ------ | ------------------------------------------------ | ------------------------------------------------------------------------------------------- |
+| -m     | npm, maven, gradle, pip, pub, cocoapods, android | (optional) <br> package manager for your project                                            |
+| -p     | (path)                                           | (optional) <br> input directory                                                             |
+| -o     | (path)                                           | (optional) <br> output file directory                                                       |
+| -a     | conda example: 'conda activate (venv name)'      | (pypi only required) <br> virtual environment activate command                              |
+| -d     | conda example: 'conda deactivate'                | (pypi only required) <br> virtual environment deactivate command                            |
+| -c     | (customized output directory name)               | (gradle, maven only optional) <br> customized build output directory name (default: target) |
+| -n     | (app name)                                       | (android only optional) <br> app directory name (default: app)                              |
+| -v     | N/A                                              | release version                                                                             |
 
 Note that input directory should be the top directory of the project where the manifest file of the package manager is located.
 For example, if your project uses the NPM package manager, then the input directory should be the path where 'package.json' file is located.
 The manifest file of each package manager is as follows:
 
-
-| Package manager | Npm          | Pip              | Maven   | Gradle       | Pub          | Cocoapods |
-| --------------- | ------------ | ---------------- | ------- | ------------ | ------------ | --------- |
-| Manifest file   | package.json | requirements.txt | pom.xml | build.gradle | pubspec.yaml | Podfile   |
+| Package manager | Npm          | Pip              | Maven   | Gradle       | Pub          | Cocoapods | Android |
+| --------------- | ------------ | ---------------- | ------- | ------------ | ------------ | --------- | ------- |
+| Manifest file   | package.json | requirements.txt | pom.xml | build.gradle | pubspec.yaml | Podfile   | gradlew |
 
 In other words, the input directory('-p' option) should be designated as the top directory of the project where the package manager's manifest file exists as above.
+The manifest file of android project is 'build.gradle' as same as the gradle project. But for differenciating with other java projects, it checks 'gradlew' files.
 
 <br>
 
 ## 📁 Result
+
 FOSSLight Dependency creates the result file that has xlsx extension (Microsoft Excel file).
 
 It prints the OSS information based on manifest file(package.json, pom.xml) of dependencies (including transitive dependenices).
 For a unique OSS name, OSS name is printed such as (package_manager):(oss name) or (group id):(artifact id).
 
-| Package manager | OSS Name           | Download Location | Homepage |
-| --------------- | ------------------ | ----------------- | -------- |
-| Npm             | npm:(oss name)     | Priority1. repository in package.json <br> Priority2. npmjs.com/package/(oss name)/v/(oss version) | npmjs.com/package/(oss name) |
-| Pip             | pypi:(oss name)    | pypi.org/project/(oss name)/(version) | homepage in (pip show) information |
-| Maven<br>& Gradle | (group_id):(artifact_id) | mvnrepository.com/artifact/(group id)/(artifact id)/(version) | mvnrepository.com/artifact/(group id)/(artifact id) |
-| Pub             | pub:(oss name)        | pub.dev/packages/(oss name)/versions/(version) | homepage in (pub information) |
-| Cocoapods       | cocoapods:(oss name)  | source in (pod spec information)  | cocoapods.org/(oss name) |
-
+| Package manager                | OSS Name                 | Download Location                                                                                  | Homepage                                            |
+| ------------------------------ | ------------------------ | -------------------------------------------------------------------------------------------------- | --------------------------------------------------- |
+| Npm                            | npm:(oss name)           | Priority1. repository in package.json <br> Priority2. npmjs.com/package/(oss name)/v/(oss version) | npmjs.com/package/(oss name)                        |
+| Pip                            | pypi:(oss name)          | pypi.org/project/(oss name)/(version)                                                              | homepage in (pip show) information                  |
+| Maven<br>& Gradle<br>& Android | (group_id):(artifact_id) | mvnrepository.com/artifact/(group id)/(artifact id)/(version)                                      | mvnrepository.com/artifact/(group id)/(artifact id) |
+| Pub                            | pub:(oss name)           | pub.dev/packages/(oss name)/versions/(version)                                                     | homepage in (pub information)                       |
+| Cocoapods                      | cocoapods:(oss name)     | source in (pod spec information)                                                                   | cocoapods.org/(oss name)                            |

src/fosslight_dependency/_help.py

@@ -22,7 +22,7 @@
         Optional
             -h\t\t\t\t    Print help message.
             -v\t\t\t\t    Print the version of the script.
-            -m <package_manager>\t    Enther the package manager(npm, maven, gradle, pip, pub, cocoapods).
+            -m <package_manager>\t    Enther the package manager(npm, maven, gradle, pip, pub, cocoapods, android).
             -p <input_path>\t\t    Enter the path where the script will be run.
             -o <output_path>\t\t    Enter the path where the result file will be generated.
 
@@ -32,6 +32,9 @@
 
         Optional only for gradle, maven
             -c <dir_name>\t\t    Enter the customized build output directory name(default: target)
+        
+        Optional only for android
+            -n <app_name>\t\t   Enter the application directory name where the plugin output file is located(default: app)
         """
 
 

src/fosslight_dependency/_version.py

@@ -2,4 +2,4 @@
 # -*- coding: utf-8 -*-
 # Copyright (c) 2021 LG Electronics Inc.
 # SPDX-License-Identifier: Apache-2.0
-__version__ = "3.1.0"
+__version__ = "3.2.0"