github actions: Fix workflow

Fixes the github actions workflow to correctly validates SPDX 2 and SPDX 3 documents, and fixes example-13 to conform to the validation Signed-off-by: Joshua Watt <[email protected]>
spdx · Jun 11, 2024 · 74b7c5f · 74b7c5f
1 parent 8a73b32
commit 74b7c5f
Show file tree

Hide file tree

Showing 2 changed files with 53 additions and 15 deletions.
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -1,18 +1,56 @@
 name: SPDX validation
-on: pull_request
+on:
+  - pull_request
+  - push
 
 jobs:
   SPDX_Validation:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Setup
+
+      - name: Look for files that are not checked
+        run: |
+          find . \( -name '*.spdx' -o -name '*.json' \) \
+            -not -path './presentations/*' \
+            -not -path './tools-java/*' \
+            -not -path '*/spdx2.2/*' \
+            -not -path '*/spdx2.3/*' \
+            -not -path '*/spdx-3.0/*' | tee flist.txt
+
+          test "$(cat flist.txt | wc -l)" = "0"
+
+      - name: Update apt
+        run: |
+          sudo apt update -y
+
+      - name: Setup Java tools
         run: |
           sudo apt install -y default-jdk maven
           git clone https://github.com/spdx/tools-java.git && cd tools-java
           export JAVA_HOME=$(readlink -f /usr/bin/javac | sed "s:/bin/javac::")
           mvn clean install && cd ..
-            
-      - name: Validate SPDX Documents
+
+      - name: Setup Python tools
+        run: |
+          python3 -m pip install -U pip
+          python3 -m pip install \
+            check-jsonschema \
+            pyshacl
+
+      - name: Validate SPDX 2.2 & SPDX 2.3 Documents
         run: |
-          find . -name *.spdx -o -name *.json -exec echo {} \; -exec java -jar tools-java/target/tools-java-*-jar-with-dependencies.jar Verify {} \;
+          find . \( -path '*/spdx2.2/*' -o -path '*/spdx2.3/*' \) \( -name *.spdx -o -name *.json \) \
+            -exec echo {} \; \
+            -exec java -jar tools-java/target/tools-java-*-jar-with-dependencies.jar Verify {} \;
+
+      - name: Validate SPDX 3.0 Documents
+        run: |
+          SPDX30_SCHEMA_URL="https://spdx.org/schema/3.0.0/spdx-json-schema.json"
+          SPDX30_SHACL_URL="https://spdx.org/rdf/3.0.0/spdx-model.ttl"
+
+          for f in $(find . -type f -path '*/spdx-3.0/*.json'); do
+              echo "Checking $f..."
+              check-jsonschema -v --schemafile $SPDX30_SCHEMA_URL $f
+              pyshacl -s $SPDX30_SHACL_URL -e $SPDX30_SHACL_URL $f
+          done
diff --git a/software/example13/spdx-3.0/example-13-spdx-3.json b/software/example13/spdx-3.0/example-13-spdx-3.json
@@ -6,7 +6,7 @@
 			 "spdxId": "urn:[email protected]",
 			 "creationInfo": "_:creationinfo",
 			 "name": "Application Owner Jane Doe",
-			 "externalIdentifiers": [
+			 "externalIdentifier": [
 				 {
 					 "type": "ExternalIdentifier",
 					 "externalIdentifierType": "email",
@@ -25,11 +25,11 @@
 			 "spdxId": "urn:github.com-indutny-c4fe40e24-20e3-11ee-be56-0242ac120002",
 			 "creationInfo": "_:creationinfo",
 			 "name": "Fedor Indutny",
-			 "externalIdentifiers": [
+			 "externalIdentifier": [
 				 {
 					 "type": "ExternalIdentifier",
 					 "externalIdentifierType": "other",
-					 "identifierLocator": "https://github.com/indutny"
+					 "identifier": "https://github.com/indutny"
 				 }
 			 ]
 		 },
@@ -91,11 +91,11 @@
 			 "software_packageVersion": "6.5.2",
 			 "suppliedBy": "urn:github.com-indutny-c4fe40e24-20e3-11ee-be56-0242ac120002",
 			 "software_primaryPurpose": "library",
-			 "externalIdentifiers": [
+			 "externalIdentifier": [
 				 {
 					 "type": "ExternalIdentifier",
 					 "externalIdentifierType": "other",
-					 "identifierLocator": "https://github.com/indutny/elliptic/releases/tag/v6.5.2"
+					 "identifier": "https://github.com/indutny/elliptic/releases/tag/v6.5.2"
                                  }
                          ]
 
@@ -122,31 +122,31 @@
 			 "spdxId": "urn:acme-relationship-1-4fe40e24-20e3-11ee-be56-0242ac120002",
 			 "creationInfo": "_:creationinfo",
 			 "from": "urn:product-acme-application-1.3-4fe40e24-20e3-11ee-be56-0242ac120002",
-			 "to": "urn:[email protected]",
+			 "to": ["urn:[email protected]"],
 			 "relationshipType": "availableFrom"
 		 },
 		 {
 			 "type": "Relationship",
 			 "spdxId": "urn:acme-relationship-2-4fe40e24-20e3-11ee-be56-0242ac120002",
 			 "creationInfo": "_:creationinfo",
 			 "from": "urn:product-acme-application-1.3-4fe40e24-20e3-11ee-be56-0242ac120002",
-			 "to": "urn:npm-elliptic-6.5.2-4fe40e24-20e3-11ee-be56-0242ac120002",
+			 "to": ["urn:npm-elliptic-6.5.2-4fe40e24-20e3-11ee-be56-0242ac120002"],
 			 "relationshipType": "contains"
 		 },
 		 {
 			 "type": "Relationship",
 			 "spdxId": "urn:acme-relationship-3-4fe40e24-20e3-11ee-be56-0242ac120002",
 			 "creationInfo": "_:creationinfo",
 			 "from": "urn:product-acme-application-1.3-4fe40e24-20e3-11ee-be56-0242ac120002",
-			 "to": "urn:container-alpine-latest-sha256:69665d02cb32192e52e07644d76bc6f25abeb5410edc1c7a81a10ba3f0efb90a-4fe40e24-20e3-11ee-be56-0242ac120002",
-			 "relationshipType": "depends_on"
+			 "to": ["urn:container-alpine-latest-sha256:69665d02cb32192e52e07644d76bc6f25abeb5410edc1c7a81a10ba3f0efb90a-4fe40e24-20e3-11ee-be56-0242ac120002"],
+			 "relationshipType": "dependsOn"
 		 },
 		 {
 			 "type": "Relationship",
 			 "spdxId": "urn:acme-relationship-4-4fe40e24-20e3-11ee-be56-0242ac120002",
 			 "creationInfo": "_:creationinfo",
 			 "from": "urn:container-alpine-latest-sha256:69665d02cb32192e52e07644d76bc6f25abeb5410edc1c7a81a10ba3f0efb90a-4fe40e24-20e3-11ee-be56-0242ac120002",
-			 "to": "urn:openssl-3.0.4-4fe40e24-20e3-11ee-be56-0242ac120002",
+			 "to": ["urn:openssl-3.0.4-4fe40e24-20e3-11ee-be56-0242ac120002"],
 			 "relationshipType": "contains"
 		 }
 	 ]