Merge pull request #644 from github/cococapods-with-plugin

Cococapods enumeration using cocoapods plugin

.github/workflows/test.yml

@@ -98,6 +98,21 @@ jobs:
     - name: Run tests
       run: script/test cargo
 
+  cocoapods:
+    runs-on: ubuntu-latest
+    needs: core
+    steps:
+    - uses: actions/checkout@v3
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        bundler-cache: true
+    - name: Set up fixtures
+      run: script/source-setup/cocoapods
+    - name: Run tests
+      run: script/test cocoapods
+
+
   composer:
     runs-on: ubuntu-latest
     needs: core
@@ -458,22 +473,3 @@ jobs:
       run: script/source-setup/yarn/berry
     - name: Run tests
       run: script/test yarn/berry
-
-  cocoapods:
-    runs-on: ubuntu-latest
-    needs: core
-    strategy:
-      matrix:
-        cocoapods: [ '1.11.3' ]
-    steps:
-    - uses: actions/checkout@v3
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        bundler-cache: true
-    - name: Set up Cocoapods
-      run: gem install cocoapods -v ${{ matrix.cocoapods }}
-    - name: Set up fixtures
-      run: script/source-setup/cocoapods
-    - name: Run tests
-      run: script/test cocoapods

Gemfile.lock

@@ -40,6 +40,8 @@ GEM
       thor (>= 0.19, < 2.0)
     mini_portile2 (2.8.1)
     minitest (5.18.0)
+    minitest-hooks (1.5.0)
+      minitest (> 5.3)
     mocha (2.0.2)
       ruby2_keywords (>= 0.0.5)
     nokogiri (1.14.2)
@@ -104,6 +106,7 @@ DEPENDENCIES
   byebug (~> 11.1)
   licensed!
   minitest (~> 5.17)
+  minitest-hooks (~> 1.5)
   mocha (~> 2.0)
   rake (~> 13.0)
   rubocop-github (~> 0.20)

docs/sources/cocoapods.md

@@ -1,10 +1,8 @@
 # CocoaPods
 
-**NOTE!**: Enumerating Cocoapods dependencies is disabled until the cocoapods-core gem is compatible with Rails 7+.  See https://github.com/CocoaPods/Core/pull/733
+The cocoapods source will detect dependencies when `Podfile` and `Podfile.lock` are found at an app's `source_path`.  The cocoapods source uses the [cocoapods-dependencies-list](https://github.com/jonabc/cocoapods-dependencies-list) plugin to enumerate dependencies and gather metadata on each package.
 
-The cocoapods source will detect dependencies when `Podfile` and `Podfile.lock` are found at an app's `source_path`.
-
-It uses the `pod` CLI commands to enumerate dependencies and gather metadata on each package.
+**NOTE:  Licensed does not install the [cocoapods-dependencies-list](https://github.com/jonanc/cocoapods-dependencies-list) plugin.  Users must install the gem alongside the cocoapods gem to enumerate cocoapods dependencies.**
 
 ## Evaluating dependencies from a specific target
 
@@ -15,3 +13,12 @@ cocoapods:
   targets:
     - ios
 ```
+
+## Specifying which pod executable to run
+
+The cocoapods source will call the `pod` executable to evaluate dependencies by default.  If needed, you can override the executable used with the `cocoapods.command` configuration option.  This might be useful if the full path to the `pod` executable is needed (e.g. `pod` is not findable from the system `PATH`), or if you need to execute `pod` with `bundle exec`.
+
+```yml
+cocoapods:
+  command: 'bundle exec pod'
+```

lib/licensed/sources/cocoapods.rb

@@ -3,65 +3,62 @@
 require "pathname"
 require "uri"
 
-# **NOTE** Cocoapods is disabled until cocoapods-core supports recent rails versions
-# https://github.com/CocoaPods/Core/pull/733
-# require "cocoapods-core"
-
 module Licensed
   module Sources
     class Cocoapods < Source
-      def enabled?
-        false
+      DEFAULT_POD_COMMAND = "pod".freeze
+      MISSING_PLUGIN_MESSAGE = "Error running `pods dependencies`. Please ensure the cocoapods-dependencies-list gem is installed, it is required for licensed to enumerate dependencies.".freeze
 
-        # return unless Licensed::Shell.tool_available?("pod")
+      def enabled?
+        return unless Licensed::Shell.tool_available?("pod")
 
-        # config.pwd.join("Podfile").exist? && config.pwd.join("Podfile.lock").exist?
+        config.pwd.join("Podfile").exist? && config.pwd.join("Podfile.lock").exist?
       end
 
       def enumerate_dependencies
         pods.map do |pod|
-          name = pod.name
-          path = dependency_path(pod.root_name)
-          version = lockfile.version(name).version
-
           Dependency.new(
-            path: path,
-            name: name,
-            version: version,
-            metadata: { "type" => Cocoapods.type }
+            name: pod["name"],
+            version: pod["version"],
+            path: pod["path"],
+            metadata: {
+              "type" => Cocoapods.type,
+              "summary"  => pod["summary"],
+              "homepage" => pod["homepage"]
+            }
           )
         end
       end
 
       private
 
       def pods
-        return lockfile.dependencies if targets.nil?
-
-        targets_to_validate = podfile.target_definition_list.filter { |t| targets.include?(t.label) }
-        if targets_to_validate.any?
-          targets_to_validate.map(&:dependencies).flatten
-        else
-          raise Licensed::Sources::Source::Error, "Unable to find any target in the Podfile matching the ones provided in the config."
-        end
+        cocoapods_dependencies_json.values.flatten
       end
 
-      def targets
-        @targets ||= config.dig("cocoapods", "targets")&.map { |t| "Pods-#{t}" }
-      end
+      def cocoapods_dependencies_json
+        args = ["dependencies", "--include-path"]
+        args << "--targets=#{targets.join(",")}" if targets.any?
 
-      def lockfile
-        @lockfile = nil
-        # @lockfile ||= Pod::Lockfile.from_file(config.pwd.join("Podfile.lock"))
+        output = Licensed::Shell.execute(*pod_command, *args, allow_failure: true)
+        if output.include? "Unknown command"
+          raise Licensed::Sources::Source::Error, MISSING_PLUGIN_MESSAGE
+        end
+
+        JSON.parse(output)
+      rescue JSON::ParserError => e
+        message = "Licensed was unable to parse the output from 'pod dependencies'. JSON Error: #{e.message}"
+        raise Licensed::Sources::Source::Error, message
       end
 
-      def podfile
-        @podfile = nil
-        # @podfile ||= Pod::Podfile.from_file(config.pwd.join("Podfile"))
+      def targets
+        return [] unless [String, Array].any? { |type| source_config["targets"].is_a?(type) }
+        Array(source_config["targets"]).map { |t| "Pods-#{t}" }
       end
 
-      def dependency_path(name)
-        config.pwd.join("Pods/#{name}")
+      def pod_command
+        return DEFAULT_POD_COMMAND unless source_config["command"].is_a?(String)
+        source_config["command"].split
       end
     end
   end

lib/licensed/sources/source.rb

@@ -90,6 +90,11 @@ def ignored?(dependency)
         config.ignored?(dependency.metadata, require_version: self.class.require_matched_dependency_version)
       end
 
+      # Returns configuration options set for the current source
+      def source_config
+        @source_config ||= config[self.class.type].is_a?(Hash) ? config[self.class.type] : {}
+      end
+
       private
 
       # Returns a cached list of dependencies

licensed.gemspec

@@ -31,10 +31,10 @@ Gem::Specification.new do |spec|
   spec.add_dependency "parallel", "~> 1.22"
   spec.add_dependency "reverse_markdown", "~> 2.1"
   spec.add_dependency "json", "~> 2.6"
-  # spec.add_dependency "cocoapods-core", "~> 1.11"
 
   spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "minitest", "~> 5.17"
+  spec.add_development_dependency "minitest-hooks", "~> 1.5"
   spec.add_development_dependency "mocha", "~> 2.0"
   spec.add_development_dependency "rubocop-github", "~> 0.20"
   spec.add_development_dependency "byebug", "~> 11.1"

script/source-setup/cocoapods

@@ -1,18 +1,21 @@
 #!/bin/bash
 set -e
 
-if [ -z "$(which pod)" ]; then
-  echo "A local pod installation is required for cocoapods development." >&2
-  exit 127
-fi
-
 # setup test fixtures
 BASE_PATH="$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd)"
-cd $BASE_PATH/test/fixtures/cocoapods
+cd "$BASE_PATH/test/fixtures/cocoapods"
+
+if [ "$1" == "-f" ]; then
+  git clean -ffX .
+fi
+
+# install cocoapods and cocoapods-dependencies-list plugin
+bundle config set path 'vendor/gems'
+bundle install
 
 OPTIONS=()
 if [ "$1" == "-f" ]; then
   OPTIONS+="--clean-install"
 fi
 
-pod install ${OPTIONS[@]}
+bundle exec pod install "${OPTIONS[@]}"

test/fixtures/cocoapods/.gitignore

@@ -1 +1,3 @@
 /Pods/
+/vendor/
+/.bundle/

test/fixtures/cocoapods/Gemfile

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in licensed.gemspec
+gem "cocoapods"
+
+group "plugins" do
+  gem "cocoapods-dependencies-list", "~> 1.0"
+end

test/fixtures/cocoapods/Gemfile.lock

@@ -0,0 +1,97 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    CFPropertyList (3.0.6)
+      rexml
+    activesupport (7.0.4.3)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    addressable (2.8.1)
+      public_suffix (>= 2.0.2, < 6.0)
+    algoliasearch (1.27.5)
+      httpclient (~> 2.8, >= 2.8.3)
+      json (>= 1.5.1)
+    atomos (0.1.3)
+    claide (1.1.0)
+    cocoapods (1.12.0)
+      addressable (~> 2.8)
+      claide (>= 1.0.2, < 2.0)
+      cocoapods-core (= 1.12.0)
+      cocoapods-deintegrate (>= 1.0.3, < 2.0)
+      cocoapods-downloader (>= 1.6.0, < 2.0)
+      cocoapods-plugins (>= 1.0.0, < 2.0)
+      cocoapods-search (>= 1.0.0, < 2.0)
+      cocoapods-trunk (>= 1.6.0, < 2.0)
+      cocoapods-try (>= 1.1.0, < 2.0)
+      colored2 (~> 3.1)
+      escape (~> 0.0.4)
+      fourflusher (>= 2.3.0, < 3.0)
+      gh_inspector (~> 1.0)
+      molinillo (~> 0.8.0)
+      nap (~> 1.0)
+      ruby-macho (>= 2.3.0, < 3.0)
+      xcodeproj (>= 1.21.0, < 2.0)
+    cocoapods-core (1.12.0)
+      activesupport (>= 5.0, < 8)
+      addressable (~> 2.8)
+      algoliasearch (~> 1.0)
+      concurrent-ruby (~> 1.1)
+      fuzzy_match (~> 2.0.4)
+      nap (~> 1.0)
+      netrc (~> 0.11)
+      public_suffix (~> 4.0)
+      typhoeus (~> 1.0)
+    cocoapods-deintegrate (1.0.5)
+    cocoapods-dependencies-list (1.0.0)
+    cocoapods-downloader (1.6.3)
+    cocoapods-plugins (1.0.0)
+      nap
+    cocoapods-search (1.0.1)
+    cocoapods-trunk (1.6.0)
+      nap (>= 0.8, < 2.0)
+      netrc (~> 0.11)
+    cocoapods-try (1.2.0)
+    colored2 (3.1.2)
+    concurrent-ruby (1.2.2)
+    escape (0.0.4)
+    ethon (0.16.0)
+      ffi (>= 1.15.0)
+    ffi (1.15.5)
+    fourflusher (2.3.1)
+    fuzzy_match (2.0.4)
+    gh_inspector (1.1.3)
+    httpclient (2.8.3)
+    i18n (1.12.0)
+      concurrent-ruby (~> 1.0)
+    json (2.6.3)
+    minitest (5.18.0)
+    molinillo (0.8.0)
+    nanaimo (0.3.0)
+    nap (1.1.0)
+    netrc (0.11.0)
+    public_suffix (4.0.7)
+    rexml (3.2.5)
+    ruby-macho (2.5.1)
+    typhoeus (1.4.0)
+      ethon (>= 0.9.0)
+    tzinfo (2.0.6)
+      concurrent-ruby (~> 1.0)
+    xcodeproj (1.22.0)
+      CFPropertyList (>= 2.3.3, < 4.0)
+      atomos (~> 0.1.3)
+      claide (>= 1.0.2, < 2.0)
+      colored2 (~> 3.1)
+      nanaimo (~> 0.3.0)
+      rexml (~> 3.2.4)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  cocoapods
+  cocoapods-dependencies-list (~> 1.0)
+
+BUNDLED WITH
+   2.3.26

test/fixtures/cocoapods/Podfile.lock

@@ -99,4 +99,4 @@ SPEC CHECKSUMS:
 
 PODFILE CHECKSUM: bdfd89e228c2312fe7d97a12be23107d74b78421
 
-COCOAPODS: 1.11.3
+COCOAPODS: 1.12.0