Merge branch 'master' into tls-regression

.github/workflows/build-all.yml

@@ -19,15 +19,15 @@ jobs:
 
     strategy:
       matrix:
-        os: ['windows-latest', 'ubuntu-latest', 'macos-latest']
+        os: ['windows-latest', 'ubuntu-latest', 'macos-12']
         include:
         - os: ubuntu-latest
           os-name: Linux
           container: fossa/haskell-static-alpine:ghc-9.4.8
           project-file: cabal.project.ci.linux
           ghc: '9.4.8'
 
-        - os: macos-latest
+        - os: macos-12
           os-name: macOS
           project-file: cabal.project.ci.macos
           ghc: '9.4.8'

.github/workflows/install-script-test.yml

@@ -6,7 +6,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ubuntu-latest, macos-latest]
+        os: [ubuntu-latest, macos-12]
     steps:
       - uses: actions/checkout@v4
 

Changelog.md

@@ -8,6 +8,8 @@
 
 ## v3.9.14
 - Update cargo strategy to parse new `cargo metadata` format for cargo >= 1.77.0 ([#1416](https://github.com/fossas/fossa-cli/pull/1416)).
+- `fossa release-group`: Add command to create a FOSSA release group release (`fossa release-group create-release`) [#1409](https://github.com/fossas/fossa-cli/pull/1409).
+- `fossa project`: Adds commands to interact with FOSSA projects (`fossa project edit`) [#1394](https://github.com/fossas/fossa-cli/pull/1395).
 
 ## v3.9.13
 - Support GIT dependencies in Bundler projects ([#1403](https://github.com/fossas/fossa-cli/pull/1403/files))

docs/README.md

@@ -134,6 +134,7 @@ Concept guides explain the nuances behind how basic FOSSA primitives work. If yo
 - [`fossa snippets`](./references/subcommands/snippets.md): Analyze snippets of a project and check if they exist in other open source projects FOSSA knows about.
 - [`fossa test`](./references/subcommands/test.md): View the results of the most recent scan of a project.
 - [`fossa release-group`](./references/subcommands/release-group.md): Interact with FOSSA release groups.
+- [`fossa project`](./references/subcommands/project.md): Interact with FOSSA projects.
 
 #### Configuration
 

docs/references/files/fossa-yml.md

@@ -12,9 +12,13 @@ server: https://app.fossa.com
 apiKey: a1b2c3
 
 project:
+  locator: custom+1/github.com/fossas/fossa-cli
   id: github.com/fossas/fossa-cli
   name: fossa-cli
   team: cli-team
+  teams: 
+    - cli-team-1
+    - cli-team-2
   policy: custom-cli-policy
   link: fossa.com
   url: github.com/fossas/fossa-cli
@@ -123,6 +127,11 @@ The project fields allow you to configure settings for the project you are inter
 
 > Note: `name`, `team`, `policy`, `link`, and `jiraProjectKey` can only be set when creating a project (running `fossa analyze` for the first time).  Otherwise, they will be silently ignored (we would like to make this a visible warning in the future).
 
+#### `project.locator:`
+The project Locator defines a unique ID that the FOSSA API will use to reference this project within FOSSA. The project locator can be found in the UI on the project `Settings` page listed as the `Project Locator` underneath the `Project Title` setting.
+
+<img src="../../assets/project-locator-example.png">
+
 #### `project.id:`
 The project ID defines an ID that is used to reference a project within your FOSSA organization. The project ID is a specific portion of the project locator and can be found in the UI on the project `Settings` page listed as the "Project Locator" underneath the "Project Title" setting. For example, if the "Project Locator" value of `custom+1/foo` is provided in the FOSSA UI, use `foo` for the `project.id`.
 
@@ -144,6 +153,12 @@ The name field sets the projects visible name in the FOSSA dashboard. By default
 #### `project.team:`
 The name of the team in your FOSSA organization to associate this project with.
 
+#### `project.teams:`
+The name of the teams in your FOSSA organization to associate this project with.
+
+>NOTE:
+  Currently, ONLY `fossa project edit` utilizes this field. Use [fossa project edit](../subcommands/project/edit.md) to add a project to all teams in the list.
+
 #### `project.policy:`
 The name of the policy in your FOSSA organization to associate this project with.
 Mutually excludes `project.policyId`.

docs/references/files/fossa-yml.v3.schema.json

@@ -7,10 +7,15 @@
             "type": "object",
             "description": "The project fields allow you to configure settings for the project you are interacting with through the FOSSA API.",
             "properties": {
+                "locator": {
+                    "type": "string",
+                    "minLength": 1,
+                    "description": "The project Locator defines a unique ID that the FOSSA API will use to reference this project within FOSSA. The project locator can be found in the UI on the project `Settings` page listed as the `Project Locator` underneath the `Project Title` setting."
+                },
                 "id": {
                     "type": "string",
                     "minLength": 1,
-                    "description": "The project ID defines a unique ID that the FOSSA API will use to reference this project. The project ID can be found in the UI on the project settings page listed as the `Project Locator` underneath the `Project Title` setting.\n\nBy default, it will use git remote origin url as project id if it's git repository. If it does not recognize version control system (vcs), project directory's name will be used."
+                    "description": "The project ID defines a unique ID that the FOSSA API will use to reference this project within your organization. The project ID is a specific portion of the project locator and can be found in the UI on the project `Settings` page listed as the `Project Locator` underneath the `Project Title` setting.\n\nBy default, it will use git remote origin url as project id if it's git repository. If it does not recognize version control system (vcs), project directory's name will be used."
                 },
                 "name": {
                     "type": "string",
@@ -22,6 +27,13 @@
                     "minLength": 1,
                     "description": "The name of the team in your FOSSA organization to associate this project with."
                 },
+                "teams": {
+                    "type": "array",
+                    "description": "A list of team names in your FOSSA organization to associate this project with.",
+                    "items": {
+                        "type": "string"
+                    }
+                },
                 "policy": {
                     "type": "string",
                     "minLength": 1,

docs/references/subcommands/project.md

@@ -0,0 +1,27 @@
+## `fossa project`
+
+This `fossa project` subcommand allows users to interact with FOSSA projects.
+
+It has the following subcommand:
+
+- [`fossa project edit`](./project/edit.md)
+
+See the pages linked above for more details.
+
+### `fossa project edit`
+
+Edits a FOSSA project's settings and configurations. 
+
+Example:
+
+```bash
+fossa project edit --project-locator custom+1/example --title example-title --project-url github.com/fossas/fossa-cli --jira-project-key example-jira-key --link fossa.com --team example-team-1 --team example-team-2 --policy example-policy --project-label example-label-1 --project-label example-label-2 
+```
+
+### F.A.Q.
+
+1. Where can I find my project locator? 
+
+The project Locator defines a unique ID that the FOSSA API will use to reference this project within FOSSA. The project locator can be found in the UI on the project `Settings` page listed as the "Project Locator" underneath the "Project Title" setting.
+
+<img src="../../assets/project-locator-example.png">

docs/references/subcommands/project/edit.md

@@ -0,0 +1,113 @@
+## `fossa project edit`
+
+`fossa project edit` allows you to edit a FOSSA project's settings and configuration.
+
+## Options
+
+Argument                     | Required | Description
+-----------------------------|----------|--------------------------------------------------------------------------------------------------------------------------------------
+`--config` / `-c`            | No       | The to your path to your `.fossa.yml`.
+`--project-locator`          | Yes      | The project Locator defines a unique ID that the FOSSA API will use to reference this project within FOSSA. The project locator can be found in the UI on the project `Settings` page listed as the "Project Locator" underneath the "Project Title" setting.
+`--project-id`               | Yes      | The project ID defines an ID that is used to reference a project within your FOSSA organization. The project ID is a specific portion of the project locator and can be found in the UI on the project `Settings` page listed as the "Project Locator" underneath the "Project Title" setting. For example, if the "Project Locator" value of `custom+1/foo` is provided in the FOSSA UI, use `foo`. Project ID defaults to the .git/config file or project's remote "origin" URL (Git), "Repository Root" obtained using 'svn info' (SVN), or the name of the project's directory (No VCS), if project ID wasn't explicityly set during project creation.
+`--title` / `-t`             | No       | The title of the FOSSA project.
+`--project-url`              | No       | The url of the project's repository.
+`--jira-project-key` / `-j`  | No       | The JIRA project key to associate to the FOSSA project.
+`--link` / `-L`              | No       | A link to attach to the FOSSA project. 
+`--team` / `T`               | No       | The name of the team that will be associated with the FOSSA project. Specify multiple options by providing this argument multiple times.
+`--project-label`            | No       | The labels associated with the FOSSA project. Assign up to 5 labels for a project. Specify multiple options by providing this argument multiple times.
+
+> NOTE: The arguments listed as `Required` need to be provided through CLI options OR through your `.fossa.yml` configuration.
+
+> NOTE: Either project ID OR project locator needs to be set. Project ID takes precedence over project locator. For more details on the differences between project ID and project locator refer to [documentation](../../files/fossa-yml.md#what-is-the-difference-between-project-id-and-project-locator).
+
+## .fossa.yml Configuration
+
+All of the previously mentioned CLI options can be provided through a `.fossa.yml`. Refer to [fossa configuration](../../files/fossa-yml.md) to set up your `.fossa.yml`.
+
+> NOTE: CLI options take precedence over the configurations in `.fossa.yml`. 
+
+## `fossa project edit` usage and guidance
+
+### Updating a project's labels 
+
+When updating project labels through `fossa project edit`, the transaction is all or nothing. This means that the project labels specified through this command will overwrite the existing labels that are associated with the project. Be sure to include all the labels that you want to be associated with the project, even if some labels are already currently set. 
+
+### Updating the teams associated with a project
+
+Currently, `fossa project edit` only supports adding a project to the teams that are specified through the command. There will be support to remove a project from the provided teams in the future. 
+
+Providing teams for `fossa project edit` takes the following precdence:
+
+1. CLI options - Adds the project to teams (1 or many)
+2. `project.teams` in `.fossa.yml` - Adds the project to teams (1 or many)
+3. `project.team` in `.fossa.yml` - Adds the project to a team 
+
+There is support for `project.team` due to backwards compatability as `project.teams` is a newly added field in `.fossa.yml`. 
+
+## Example
+
+### Project locator example
+Given a project with project locator: `custom+1/example`, the following command:
+
+- Sets the project's title to `example-title`
+- Set the the project's url to `github.com/fossas/fossa-cli`
+- Sets the project's JIRA key to `example-jira-key`
+- Attaches link: `fossa.com` to the project
+- Adds the project to teams: `example-team-1`, `example-team-2`
+- Attaches policy: `example-policy` to the project
+- Attaches labels: `example-label-1` , `example-label-2` to the project
+
+```bash
+fossa project edit --project-locator custom+1/example --title example-title --project-url github.com/fossas/fossa-cli --jira-project-key example-jira-key --link fossa.com --team example-team --team example-team-2 --policy example-policy --project-label example-label-1 --project-label example-label-2 
+``` 
+
+Similarly, you can you achieve the same result by running the following command with the given `.fossa.yml` configuration: 
+
+```bash
+fossa project edit --config /path/to/config
+``` 
+
+```yaml
+project:
+  locator: custom+1/example
+  name: example-title
+  teams: 
+    - example-team-1
+    - example-team-2
+  policy: example-policy
+  link: fossa.com
+  url: github.com/fossas/fossa-cli
+  jiraProjectKey: example-jira-key
+  labels:
+    - example-label-1
+    - example-label-2
+```
+
+### Project ID example
+Achieve the same result as defined above (for projects created through the CLI) using project ID:
+
+```bash
+fossa project edit --project-id example --title example-title --project-url github.com/fossas/fossa-cli --jira-project-key example-jira-key --link fossa.com --team example-team --team example-team-2 --policy example-policy --project-label example-label-1 --project-label example-label-2 
+``` 
+
+Similarly, you can you achieve the same result by running the following command with the given `.fossa.yml` configuration: 
+
+```bash
+fossa project edit --config /path/to/config
+``` 
+
+```yaml
+project:
+  id: example
+  name: example-title
+  teams: 
+    - example-team-1
+    - example-team-2
+  policy: example-policy
+  link: fossa.com
+  url: github.com/fossas/fossa-cli
+  jiraProjectKey: example-jira-key
+  labels:
+    - example-label-1
+    - example-label-2
+```

docs/references/subcommands/release-group.md

@@ -5,34 +5,43 @@ This `fossa release-group` subcommand allows users to interact with FOSSA releas
 It has the following subcommands:
 
 - [`fossa release-group add-projects`](./release-group/add-projects.md)
-- [`fossa release-group create`](./release-group//create.md)
+- [`fossa release-group create`](./release-group/create.md)
+- [`fossa release-group create-release`](./release-group/create-release.md)
 - [`fossa release-group delete`](./release-group/delete.md)
 - [`fossa release-group delete-release`](./release-group/delete-release.md)
 
 See the pages linked above for more details.
 
+>NOTE: For all subcommands that allow adding projects to releases, the combination of `--project-locator` , `--project-revision`, and `--project-branch` are required to identify the project that will be added to the release group. Multiple occurrences of these arguements are accepted and are grouped together based on their order. For example, `fossa release-group [create, create-release, add-projects] --title example-release-group --release example-release --project-locator custom+1/example --project-revision 1234 --project-branch main --project-locator custom+1/example2 --project-revision 5678 --project-branch main ` has project groupings of (project locator: custom+1/example, project revision: 1234, project branch: main) and (project locator: custom+1/example2, project revision: 5678, project branch: main).
+
 ### `fossa release-group add-projects`
 
 Add FOSSA projects to a FOSSA release group
 
->NOTE: The combination of `--project-locator` , `--project-revision`, and `--project-branch` are required to identify the project that will be added to the release group. Ensure that you have supplied all arguments for each project that you wish to add.
-
 Example:
 
 ```bash
-fossa release-group add-projects --title example-title --release example-release-title --project-locator custom+1/git@github.com/example --project-revision 12345 --project-branch main
+fossa release-group add-projects --title example-release-group --release example-release --project-locator custom+1/example --project-revision 1234 --project-branch main --project-locator custom+1/example2 --project-revision 5678 --project-branch main 
 ```
 
 ### `fossa release-group create`
 
 Create a FOSSA release group
 
->NOTE: The combination of `--project-locator` , `--project-revision`, and `--project-branch` are required to identify the project that will be added to the release group. Ensure that you have supplied all arguments for each project that you wish to add.
+Example:
+
+```bash
+fossa release-group create --title example-release-group --release example-release --project-locator custom+1/example --project-revision 1234 --project-branch main --project-locator custom+1/example2 --project-revision 5678 --project-branch main --license-policy example-license-policy --security-policy example-security-policy --quality-policy example-quality-policy --team ExampleTeam --team ExampleTeam2
+```
+
+### `fossa release-group create-release`
+
+Create a release within a FOSSA release group
 
 Example:
 
 ```bash
-fossa release-group create --title example-title --release example-release-title --project-locator custom+1/git@github.com/example --project-revision 12345 --project-branch main
+fossa release-group create-release --title example-release-group --release example-release --project-locator custom+1/example --project-revision 1234 --project-branch main --project-locator custom+1/example2 --project-revision 5678 --project-branch main 
 ```
 
 ### `fossa release-group delete`

docs/references/subcommands/release-group/add-projects.md

@@ -29,6 +29,8 @@ Refer to [fossa configuration](../../files/fossa-yml.md) to set up your `.fossa.
 fossa release-group add-projects --title example-release-group --release example-release --project-locator custom+1/example --project-revision 1234 --project-branch main --project-locator custom+1/example2 --project-revision 5678 --project-branch main 
 ``` 
 
+>NOTE: `--project-locator` , `--project-revision`, and `--project-branch` must all be specified when providing a releaseGroupProject. Multiple occurrences of these arguements are accepted and are grouped together based on their order. For example, `fossa release-group add-projects --title example-release-group --release example-release --project-locator custom+1/example --project-revision 1234 --project-branch main --project-locator custom+1/example2 --project-revision 5678 --project-branch main` has project groupings of (project locator: custom+1/example, project revision: 1234, project branch: main) and (project locator: custom+1/example2, project revision: 5678, project branch: main).
+
 Similarly, you can you achieve the same result by running the following command with the given `.fossa.yml` configuration:
 
 ```yaml