Pick best license for markdown report

demaconsulting · Jun 24, 2024 · 3c6d57e · 3c6d57e
1 parent 795e4b3
commit 3c6d57e
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 3 deletions.
diff --git a/.github/workflows/build_on_push.yaml b/.github/workflows/build_on_push.yaml
@@ -54,6 +54,8 @@ jobs:
         -pv ${{ env.version }}
         -ps DemaConsulting
         -nsb https://DemaConsulting.com/SpdxTool
+        -li true
+        -pm true
 
     - name: Generate Tests SBOM
       run: >
@@ -64,6 +66,8 @@ jobs:
         -pv ${{ env.version }}
         -ps DemaConsulting
         -nsb https://DemaConsulting.com/SpdxTool.Tests
+        -li true
+        -pm true
 
     - name: Run SBOM Workflow
       run: >

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -66,6 +66,8 @@ jobs:
         -pv ${{ github.event.inputs.version }}
         -ps DemaConsulting
         -nsb https://DemaConsulting.com/SpdxTool
+        -li true
+        -pm true
 
     - name: Generate Tests SBOM
       run: >
@@ -76,6 +78,8 @@ jobs:
         -pv ${{ github.event.inputs.version }}
         -ps DemaConsulting
         -nsb https://DemaConsulting.com/SpdxTool.Tests
+        -li true
+        -pm true
 
     - name: Run SBOM Workflow
       run: >

diff --git a/src/DemaConsulting.SpdxTool/Commands/ToMarkdown.cs b/src/DemaConsulting.SpdxTool/Commands/ToMarkdown.cs
@@ -156,7 +156,7 @@ public static void GenerateSummaryMarkdown(string spdxFile, string markdownFile,
             markdown.AppendLine("| :-------- | :--- | :--- |");
             foreach (var package in rootPackages)
                 markdown.AppendLine(
-                    $"| {package.Name} | {package.Version ?? string.Empty} | {package.ConcludedLicense} |");
+                    $"| {package.Name} | {package.Version ?? string.Empty} | {License(package)} |");
             markdown.AppendLine();
             markdown.AppendLine();
         }
@@ -170,7 +170,7 @@ public static void GenerateSummaryMarkdown(string spdxFile, string markdownFile,
             markdown.AppendLine("| :-------- | :--- | :--- |");
             foreach (var package in packages)
                 markdown.AppendLine(
-                    $"| {package.Name} | {package.Version ?? string.Empty} | {package.ConcludedLicense} |");
+                    $"| {package.Name} | {package.Version ?? string.Empty} | {License(package)} |");
             markdown.AppendLine();
             markdown.AppendLine();
         }
@@ -184,12 +184,31 @@ public static void GenerateSummaryMarkdown(string spdxFile, string markdownFile,
             markdown.AppendLine("| :-------- | :--- | :--- |");
             foreach (var package in tools)
                 markdown.AppendLine(
-                    $"| {package.Name} | {package.Version ?? string.Empty} | {package.ConcludedLicense} |");
+                    $"| {package.Name} | {package.Version ?? string.Empty} | {License(package)} |");
             markdown.AppendLine();
             markdown.AppendLine();
         }
 
         // Save the Markdown text to file
         File.WriteAllText(markdownFile, markdown.ToString());
     }
+
+    /// <summary>
+    /// Get a license for a package
+    /// </summary>
+    /// <param name="package">SPDX package</param>
+    /// <returns>License</returns>
+    private static string License(SpdxPackage package)
+    {
+        // Use the concluded license if available
+        if (!string.IsNullOrEmpty(package.ConcludedLicense) && package.ConcludedLicense != "NOASSERTION")
+            return package.ConcludedLicense;
+
+        // Use the declared license if available
+        if (!string.IsNullOrEmpty(package.DeclaredLicense) && package.DeclaredLicense != "NOASSERTION")
+            return package.DeclaredLicense;
+
+        // Could not find license
+        return "NOASSERTION";
+    }
 }