Fix incorrect flag for fedpkg scratch-build

bundler: Handle deprecated license metadata

Adds support for archaic forms of the license metadata in
package.json where the license field is an object rather than a
string.

Also removes the need to post-process the 'null' entries.

Resolves: rhbz#1920206

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>

bundler: Add warning for deps missing license tag

Resolves: rhbz#1920223

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>

Spec: fix line-length for rpmlint

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>

Update to 2021.06

bundler: Handle archaic license metadata
bundler: Warn about bundled dependencies with no license metadata

Actually use the value of OUTPUT_DIR when copying bundled sources in nodejs-packaging-bundler

In nodejs-packaging-bundler, use %{_sourcedir} for output

Fixes RHBZ#1974709

Fix hard-coded output directory in the bundler

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>

- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>

fix typos

nodejs.prov: find namespaced bundled dependencies

The previous behaviour assumed that in a bundled package path,
there is always `node_modules` directory on each other spot – i.e.:

npm/node_modules/<dep1>/node_modules/<subdep>
    ^                   ^

With namespaced bundled packages, this is no longer necessary the truth:

npm/node_modules/@nmcli/<dep1>/node_modules/…
    ^                   ! – expected node_modules

NPM bundler: also find namespaced bundled dependencies

Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>

Related: #1990096
Related RHELPLAN-119396

README.md

@@ -83,7 +83,7 @@ Update the RPM spec %changelog appropriately.
 ## (Preferred) Perform a scratch-build on at least one architecture
 
 ```
-fedpkg scratch-build [--arches x86_64] --srpm
+fedpkg scratch-build [--arch x86_64] --srpm
 ```
 
 Verify that it built successfully.

nodejs-packaging-bundler

@@ -1,5 +1,5 @@
 #!/bin/bash
-OUTPUT_DIR="${HOME}/rpmbuild/SOURCES"
+OUTPUT_DIR="$(rpm -E '%{_sourcedir}')"
 
 usage() {
   echo "Usage `basename $0` <npm_name> [version] " >&2
@@ -8,7 +8,7 @@ usage() {
   echo "    download the npm, the prod and dev dependencies," >&2
   echo "    each in their own tarball." >&2
   echo "    Also finds licenses prod dependencies." >&2
-  echo "  All three tarballs  and license list are copied to ${OUTPUT_DIR}" >&2
+  echo "  All three tarballs and the license list are copied to ${OUTPUT_DIR}" >&2
   echo >&2
   exit 1
 }
@@ -56,20 +56,31 @@ if [ $? -ge 1 ] ; then
   echo "    ERROR WILL ROBINSON"
 	rm -rf node_modules
 else
-  echo "    Successful prod dependences download"
+  echo "    Successful prod dependencies download"
 	mv node_modules/ node_modules_prod
 fi
 echo "LICENSES IN BUNDLE:"
-find . -name "package.json" -exec jq .license {} \; >> ${TMP_DIR}/${PACKAGE_SAFE}-${VERSION}-bundled-licenses.txt
+find . -name "package.json" -exec jq '.license | strings' {} \; >> ${TMP_DIR}/${PACKAGE_SAFE}-${VERSION}-bundled-licenses.txt
+find . -name "package.json" -exec jq '.license | objects | .type' {} \; >> ${TMP_DIR}/${PACKAGE_SAFE}-${VERSION}-bundled-licenses.txt 2>/dev/null
 find . -name "package.json" -exec jq '.licenses[] .type' {} \; >> ${TMP_DIR}/${PACKAGE_SAFE}-${VERSION}-bundled-licenses.txt 2>/dev/null
-sed -i "/^null$/d" ${TMP_DIR}/${PACKAGE_SAFE}-${VERSION}-bundled-licenses.txt
 sort -u -o ${TMP_DIR}/${PACKAGE_SAFE}-${VERSION}-bundled-licenses.txt ${TMP_DIR}/${PACKAGE_SAFE}-${VERSION}-bundled-licenses.txt
+
+# Locate any dependencies without a provided license
+find . -type f -name package.json -execdir jq 'if .license==null and .licenses==null then .name else null end' '{}' '+' | grep -vE '^null$' | sort -u > ${TMP_DIR}/nolicense.txt
+
+if [ -s ${TMP_DIR}/nolicense.txt ]; then
+  echo -e "\e[5m\e[41mSome dependencies do not list a license. Manual verification required!\e[0m"
+  cat ${TMP_DIR}/nolicense.txt
+  echo -e "\e[5m\e[41m======================================================================\e[0m"
+fi
+
+
 echo " Downloading dev dependencies"
 npm install --no-optional --only=dev
 if [ $? -ge 1 ] ; then
   echo "    ERROR WILL ROBINSON"
 else
-  echo "    Successful dev dependences download"
+  echo "    Successful dev dependencies download"
 	mv node_modules/ node_modules_dev
 fi
 if [ -d node_modules_prod ] ; then
@@ -79,6 +90,6 @@ if [ -d node_modules_dev ] ; then
   tar cfz ../${PACKAGE_SAFE}-${VERSION}-nm-dev.tgz node_modules_dev
 fi
 cd ..
-cp -v ${PACKAGE_SAFE}-${VERSION}* $HOME/rpmbuild/SOURCES
+cp -v ${PACKAGE_SAFE}-${VERSION}* "${OUTPUT_DIR}"
 popd > /dev/null
 rm -rf ${TMP_DIR}

nodejs-packaging.spec

@@ -1,8 +1,8 @@
 %global macrosdir %(d=%{_rpmconfigdir}/macros.d; [ -d $d ] || d=%{_sysconfdir}/rpm; echo $d)
 
 Name:           nodejs-packaging
-Version:        2021.01
-Release:        5%{?dist}
+Version:        2021.06
+Release:        4%{?dist}
 Summary:        RPM Macros and Utilities for Node.js Packaging
 BuildArch:      noarch
 License:        MIT
@@ -39,10 +39,11 @@ Requires:       coreutils, findutils, jq
 
 %description bundler
 nodejs-packaging-bundler bundles a node.js application node_module dependencies
-It gathers the application tarball.  
+It gathers the application tarball.
 It generates a runtime (prod) tarball with runtime node_module dependencies
 It generates a testing (dev) tarball with node_module dependencies for testing
-It generates a bundled licence file that gets the licenses in the runtime dependency tarball
+It generates a bundled license file that gets the licenses in the runtime
+dependency tarball
 
 %prep
 pushd %{_topdir}/BUILD
@@ -83,6 +84,22 @@ install -Dpm0755 nodejs-packaging-bundler %{buildroot}%{_bindir}/nodejs-packagin
 
 
 %changelog
+* Thu Jan 20 2022 Stephen Gallagher <sgallagh@redhat.com> - 2021.06-4
+- NPM bundler: also find namespaced bundled dependencies
+- Related: #1990096
+- Related RHELPLAN-119396
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2021.06-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Jun 22 2021 Stephen Gallagher <sgallagh@redhat.com> - 2021.06-2
+- Fix hard-coded output directory in the bundler
+
+* Wed Jun 02 2021 Stephen Gallagher <sgallagh@redhat.com> - 2021.06-1
+- Update to 2021.06-1
+- bundler: Handle archaic license metadata
+- bundler: Warn about bundled dependencies with no license metadata 
+
 * Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2021.01-5
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
   Related: rhbz#1991688

nodejs.prov

@@ -93,9 +93,9 @@ def generate_dependencies(module_path, module_dir_set=NODE_MODULES):
     else:  # Invalid metadata path
         raise ValueError("Invalid module path '%s'" % module_path)
 
-    for dir_path, subdir_list, __ in os.walk(root_dir):
-        # Currently in node_modules (or similar), continue to subdirs
-        if os.path.basename(dir_path) in module_dir_set:
+    for dir_path, subdir_list, file_list in os.walk(root_dir):
+        # We are only interested in directories that contain package.json
+        if "package.json" not in file_list:
             continue
 
         # Read and format metadata

test/bundled_namespace/node_modules/@nmcli/test201/package.json

@@ -0,0 +1,4 @@
+{
+  "name": "@nmcli/test201",
+  "version": "2.1.4"
+}

test/bundled_namespace/node_modules/test200/package.json

@@ -0,0 +1,4 @@
+{
+  "name": "test200",
+  "version": "1.3.5"
+}

test/bundled_namespace/nodejs.prov.out.exp

@@ -0,0 +1,3 @@
+bundled(nodejs-@nmcli/test201) = 2.1.4
+bundled(nodejs-test200) = 1.3.5
+npm(test) = 4.5.6

test/bundled_namespace/nodejs.req.out.exp

@@ -0,0 +1 @@
+

test/bundled_namespace/package.json.in

@@ -0,0 +1,11 @@
+{
+  "name": "test",
+  "version": "4.5.6",
+  "engines": {
+    "node": ">=6 <10"
+  },
+  "dependencies": {
+    "test100": "^1.2.3",
+    "test101": ">=2.1"
+  }
+}

test/run

@@ -4,7 +4,7 @@ ln -sf nodejs.req nodejs_req.py
 "$(command -v python2 || echo :)" -m doctest nodejs_req.py || exit 1
 "$(command -v python3 || echo :)" -m doctest nodejs_req.py || exit 1
 
-for test in unbundled bundled
+for test in unbundled bundled bundled_namespace
 do
     sed -e "s|//.*$||" < test/$test/package.json.in > test/$test/package.json