Merge pull request #48 from pmonks/dev

Release 2.0.213
pmonks · Mar 30, 2024 · fd48768 · fd48768
2 parents 7bfc48f + e0368fd
commit fd48768
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -12,6 +12,8 @@ A Clojure [tools.build](https://github.com/clojure/tools.build) task library for
 
 It also provides the ability to check your (Apache-2.0 licensed) project against the [Apache Software Foundation's 3rd Party License Policy](https://www.apache.org/legal/resolved.html).
 
+`tools-licenses` is little more than a pretty output wrapper around the build-tool-agnostic [`lice-comb` library](https://github.com/pmonks/lice-comb).
+
 ## Disclaimer
 
 **The author and contributors to `tools-licenses` are not lawyers, and neither they nor `tools-licenses` itself provide legal advice. This is simply a tool that might help you and your legal counsel perform licensing due diligence on your projects.**
@@ -43,12 +45,9 @@ This tool uses the [`lice-comb` library](https://github.com/pmonks/lice-comb), w
 * It doesn't canonicalise license information to SPDX License Expressions, or even (in some cases) SPDX License Identifiers.
 * It only reports the first license for multi-licensed artifacts.
 
-In contrast, `tools-licenses` leverages the [`lice-comb` library](https://github.com/pmonks/lice-comb), a build-tool-agnostic library that takes a more comprehensive approach to license detection.
-
 ## Why not [`scarletcomply/license-finder`](https://github.com/scarletcomply/license-finder)?
 
-* It doesn't canonicalise license information to SPDX License Expressions, or even (in some cases) SPDX License Identifiers.
-* It only reports the first license for multi-licensed artifacts.
+It uses `tools.deps`' license discovery logic under the covers, so has all of the same issues.  It does provide a better user experience however (it's packaged as a tool, has more output options, etc.).
 
 ## I use Leiningen - is something like `tools-licenses` available?
 

diff --git a/deps.edn b/deps.edn
@@ -19,8 +19,8 @@
 {:deps
    {jansi-clj/jansi-clj                 {:mvn/version "1.0.3"}
     com.github.pmonks/clj-wcwidth       {:mvn/version "1.0.85"}
-    com.github.pmonks/lice-comb         {:mvn/version "2.0.270"}
-    com.github.pmonks/asf-cat           {:mvn/version "2.0.127"}
+    com.github.pmonks/lice-comb         {:mvn/version "2.0.272"}
+    com.github.pmonks/asf-cat           {:mvn/version "2.0.129"}
     com.github.pmonks/tools-convenience {:mvn/version "1.0.151"}}
  :aliases
    {:build {:deps       {com.github.pmonks/pbr            {:mvn/version "RELEASE"}

diff --git a/src/tools_licenses/tasks.clj b/src/tools_licenses/tasks.clj
@@ -45,18 +45,42 @@
         _       (d/prep-libs! lib-map {:action :prep :log :info} {})]  ; Make sure everything is "prepped" (downloaded locally) before we start looking for licenses
     lib-map))
 
-(defn- expression-minus-license-refs
-  "Converts lice-comb specific LicenseRefs to a human readable name (and colours
-  them yellow), but leaves other expressions unchanged."
+(defn- human-readable-expression-internal
+  "Recursive portion of the implementation of human-readable-expression."
+  [level parse-result]
+  (when parse-result
+    (cond
+      (sequential? parse-result)
+        (when (pos? (count parse-result))
+          (let [op-str (str " " (s/upper-case (name (first parse-result))) " ")]
+            (str (when (pos? level) "(")
+                 (s/join op-str (map (partial human-readable-expression-internal (inc level)) (rest parse-result)))  ; Note: naive (stack consuming) recursion
+                 (when (pos? level) ")"))))
+      (map? parse-result)
+        (str
+          (:license-id parse-result)
+          (when (:or-later? parse-result) "+")
+          (when (:license-exception-id parse-result) (str " WITH " (:license-exception-id parse-result)))
+          (when (:license-ref parse-result)
+            (let [reconstituted-license-ref (str (when (:document-ref parse-result) (str "DocumentRef-" (:document-ref parse-result) ":"))
+                                                 "LicenseRef-" (:license-ref parse-result))]
+              (if (lcm/lice-comb-license-ref? reconstituted-license-ref)
+                (ansi/fg-bright :yellow (lcm/id->name reconstituted-license-ref))
+                reconstituted-license-ref)))))))
+
+(defn- human-readable-expression
+  "Converts an SPDX license expression into a human readable version, which
+  means decoding lice-comb specific LicenseRefs within the expression to their
+  human readable name, and colouring them yellow."
   [exp]
-  (if (lcm/lice-comb-license-ref? exp)
-    (ansi/fg-bright :yellow (lcm/id->name exp))
-    exp))
+  (when exp
+    (when-let [parse-tree (sexp/parse exp)]
+      (s/trim (human-readable-expression-internal 0 parse-tree)))))
 
 (defn- dep-and-license-expressions
   [dep-name license-expressions]
   (let [sorted-license-expressions (seq (sort (if (map? license-expressions) (keys license-expressions) license-expressions)))]
-    (str dep-name " [" (if sorted-license-expressions (s/join ", " (map expression-minus-license-refs sorted-license-expressions)) (ansi/fg-bright :red "No licenses found")) "]")))
+    (str dep-name " [" (if sorted-license-expressions (s/join ", " (map human-readable-expression sorted-license-expressions)) (ansi/fg-bright :red "No licenses found")) "]")))
 
 (defn- dep-and-licenses->string
   [[dep-ga dep-info :as dep]]
@@ -102,7 +126,7 @@
                         "\n------------------------------------------------------------ ---------"))
     (if (or deps-expressions (pos? no-license-count))
       (do
-        (run! #(println (str (fit-width 60 (expression-minus-license-refs %)) " " (fit-width 9 (str (get freqs %)) false))) deps-expressions)
+        (run! #(println (str (fit-width 60 (human-readable-expression %)) " " (fit-width 9 (ansi/default (str (get freqs %))) false))) deps-expressions)
         (when (pos? no-license-count) (println (str (fit-width 60 (ansi/fg-bright :red "No licenses found")) " " (fit-width 9 no-license-count false)))))
       (println "  - no dependencies found -"))
     (println (str (ansi/bold "------------------------------------------------------------ ---------")
@@ -142,9 +166,9 @@
 (defn- expression-info->string
   [m expr]
   (when (and m expr)
-    (str (ansi/bold (expression-minus-license-refs expr)) " "
+    (str (ansi/bold (human-readable-expression expr)) " "
       (when-let [info-list (sort-by lcu/expression-info-sort-by-keyfn (seq (get m expr)))]
-        (s/join "\n" (map #(str (when-let [md-id (:id %)] (when (not= expr md-id) (ansi/bold (str "  " (expression-minus-license-refs md-id) " "))))
+        (s/join "\n" (map #(str (when-let [md-id (:id %)] (when (not= expr md-id) (ansi/bold (str "  " (human-readable-expression md-id) " "))))
                                 (case (:type %)
                                   :declared  (ansi/fg-bright :green  "Declared")
                                   :concluded (ansi/fg-bright :yellow "Concluded"))
@@ -160,7 +184,7 @@
 (defn- explain-with-licenses!
   [dep-expr-info]
   (let [exprs (sort (keys dep-expr-info))]
-    (println (ansi/bold "Licenses:") (s/join ", " (map expression-minus-license-refs exprs)) "\n")
+    (println (ansi/bold "Licenses:") (s/join ", " (map human-readable-expression exprs)) "\n")
     (println (s/join "\n\n" (map (partial expression-info->string dep-expr-info) exprs)) "\n")))
 
 (defn- explain-without-licenses!