Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add purl information to SPDX #1209

Closed
wants to merge 2 commits into from
Closed

Add purl information to SPDX #1209

wants to merge 2 commits into from

Conversation

ivanayov
Copy link
Contributor

This change adds purl data to all packages listed

Addresses #1206

Signed-off-by: Ivana Atanasova iyovcheva@vmware.com

@ivanayov ivanayov force-pushed the iyovcheva/add_purl branch 6 times, most recently from 5bb3144 to 2ddcde1 Compare January 13, 2023 20:49
@ivanayov
Add purl information to SPDX
e079d75 
This change adds purl data to all packages listed

Addresses tern-tools#1206

Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
@ivanayov
Add pURL type data
35cd498 
This change completes the pURL externalRef data by extracting
pURL type from a package

Signed-off-by: Ivana Atanasova <iyovcheva@vmware.com>
@ivanayov
Copy link
Contributor Author

Testing the failure of tern report -f spdxjson -i photon:3.0 -o spdx.json locally the -o flag doesn't generate any output. Same when building from the main branch. Seems like this fails in the CI as well.

Looks like not related to the PR changes, but probably a bug.

@rnjudge
Copy link
Contributor

rnjudge commented Feb 27, 2023
edited
Loading

Finally getting around to testing this... The CI issue is related to SPDX document validation:

subprocess.CalledProcessError: Command 'tern report -f spdxjson -i photon:3.0 -o spdx.json && java -jar tools-java/target/tools-java-*-jar-with-dependencies.jar Verify spdx.json' returned non-zero exit status 1.

This error means that the SPDX JSON resulting from these changes is not validating properly with the changes.

@ivanayov ivanayov closed this Mar 9, 2023
@ivanayov
Copy link
Contributor Author

ivanayov commented Mar 9, 2023

Closing as it's addressed in a follow-up.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rnjudge rnjudge rnjudge left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ivanayov @rnjudge