diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 82ffa6e..43a9474 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -1,18 +1,56 @@ name: SPDX validation -on: pull_request +on: + - pull_request + - push jobs: SPDX_Validation: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - name: Setup + + - name: Look for files that are not checked + run: | + find . \( -name '*.spdx' -o -name '*.json' \) \ + -not -path './presentations/*' \ + -not -path './tools-java/*' \ + -not -path '*/spdx2.2/*' \ + -not -path '*/spdx2.3/*' \ + -not -path '*/spdx-3.0/*' | tee flist.txt + + test "$(cat flist.txt | wc -l)" = "0" + + - name: Update apt + run: | + sudo apt update -y + + - name: Setup Java tools run: | sudo apt install -y default-jdk maven git clone https://github.com/spdx/tools-java.git && cd tools-java export JAVA_HOME=$(readlink -f /usr/bin/javac | sed "s:/bin/javac::") mvn clean install && cd .. - - - name: Validate SPDX Documents + + - name: Setup Python tools + run: | + python3 -m pip install -U pip + python3 -m pip install \ + check-jsonschema \ + pyshacl + + - name: Validate SPDX 2.2 & SPDX 2.3 Documents run: | - find . -name *.spdx -o -name *.json -exec echo {} \; -exec java -jar tools-java/target/tools-java-*-jar-with-dependencies.jar Verify {} \; + find . \( -path '*/spdx2.2/*' -o -path '*/spdx2.3/*' \) \( -name *.spdx -o -name *.json \) \ + -exec echo {} \; \ + -exec java -jar tools-java/target/tools-java-*-jar-with-dependencies.jar Verify {} \; + + - name: Validate SPDX 3.0 Documents + run: | + SPDX30_SCHEMA_URL="https://spdx.org/schema/3.0.0/spdx-json-schema.json" + SPDX30_SHACL_URL="https://spdx.org/rdf/3.0.0/spdx-model.ttl" + + for f in $(find . -type f -path '*/spdx-3.0/*.json'); do + echo "Checking $f..." + check-jsonschema -v --schemafile $SPDX30_SCHEMA_URL $f + pyshacl -s $SPDX30_SHACL_URL -e $SPDX30_SHACL_URL $f + done diff --git a/software/example13/spdx-3.0/example-13-spdx-3.json b/software/example13/spdx-3.0/example-13-spdx-3.json index fe2b391..225f23c 100644 --- a/software/example13/spdx-3.0/example-13-spdx-3.json +++ b/software/example13/spdx-3.0/example-13-spdx-3.json @@ -6,7 +6,7 @@ "spdxId": "urn:jane-doe-1@acme.com-4fe40e24-20e3-11ee-be56-0242ac120002", "creationInfo": "_:creationinfo", "name": "Application Owner Jane Doe", - "externalIdentifiers": [ + "externalIdentifier": [ { "type": "ExternalIdentifier", "externalIdentifierType": "email", @@ -25,11 +25,11 @@ "spdxId": "urn:github.com-indutny-c4fe40e24-20e3-11ee-be56-0242ac120002", "creationInfo": "_:creationinfo", "name": "Fedor Indutny", - "externalIdentifiers": [ + "externalIdentifier": [ { "type": "ExternalIdentifier", "externalIdentifierType": "other", - "identifierLocator": "https://github.com/indutny" + "identifier": "https://github.com/indutny" } ] }, @@ -91,11 +91,11 @@ "software_packageVersion": "6.5.2", "suppliedBy": "urn:github.com-indutny-c4fe40e24-20e3-11ee-be56-0242ac120002", "software_primaryPurpose": "library", - "externalIdentifiers": [ + "externalIdentifier": [ { "type": "ExternalIdentifier", "externalIdentifierType": "other", - "identifierLocator": "https://github.com/indutny/elliptic/releases/tag/v6.5.2" + "identifier": "https://github.com/indutny/elliptic/releases/tag/v6.5.2" } ] @@ -122,7 +122,7 @@ "spdxId": "urn:acme-relationship-1-4fe40e24-20e3-11ee-be56-0242ac120002", "creationInfo": "_:creationinfo", "from": "urn:product-acme-application-1.3-4fe40e24-20e3-11ee-be56-0242ac120002", - "to": "urn:jane-doe-1@acme.com-4fe40e24-20e3-11ee-be56-0242ac120002", + "to": ["urn:jane-doe-1@acme.com-4fe40e24-20e3-11ee-be56-0242ac120002"], "relationshipType": "availableFrom" }, { @@ -130,7 +130,7 @@ "spdxId": "urn:acme-relationship-2-4fe40e24-20e3-11ee-be56-0242ac120002", "creationInfo": "_:creationinfo", "from": "urn:product-acme-application-1.3-4fe40e24-20e3-11ee-be56-0242ac120002", - "to": "urn:npm-elliptic-6.5.2-4fe40e24-20e3-11ee-be56-0242ac120002", + "to": ["urn:npm-elliptic-6.5.2-4fe40e24-20e3-11ee-be56-0242ac120002"], "relationshipType": "contains" }, { @@ -138,15 +138,15 @@ "spdxId": "urn:acme-relationship-3-4fe40e24-20e3-11ee-be56-0242ac120002", "creationInfo": "_:creationinfo", "from": "urn:product-acme-application-1.3-4fe40e24-20e3-11ee-be56-0242ac120002", - "to": "urn:container-alpine-latest-sha256:69665d02cb32192e52e07644d76bc6f25abeb5410edc1c7a81a10ba3f0efb90a-4fe40e24-20e3-11ee-be56-0242ac120002", - "relationshipType": "depends_on" + "to": ["urn:container-alpine-latest-sha256:69665d02cb32192e52e07644d76bc6f25abeb5410edc1c7a81a10ba3f0efb90a-4fe40e24-20e3-11ee-be56-0242ac120002"], + "relationshipType": "dependsOn" }, { "type": "Relationship", "spdxId": "urn:acme-relationship-4-4fe40e24-20e3-11ee-be56-0242ac120002", "creationInfo": "_:creationinfo", "from": "urn:container-alpine-latest-sha256:69665d02cb32192e52e07644d76bc6f25abeb5410edc1c7a81a10ba3f0efb90a-4fe40e24-20e3-11ee-be56-0242ac120002", - "to": "urn:openssl-3.0.4-4fe40e24-20e3-11ee-be56-0242ac120002", + "to": ["urn:openssl-3.0.4-4fe40e24-20e3-11ee-be56-0242ac120002"], "relationshipType": "contains" } ]