Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

README.md: Update build instructions and add build flow diagram #946

Closed
wants to merge 18 commits into from
Closed

README.md: Update build instructions and add build flow diagram #946

Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
3fd5b0b
Update README.md: build instructions and flow
bact Apr 27, 2024
2fd79ce
Update index.md
kestewart Apr 15, 2024
0d4153f
Fix typo: SpecVerion, interoperabiility
bact Apr 21, 2024
f292ab8
mkdocs: Fix ref not found warnings
bact May 3, 2024
4bf31ae
Retain original long paragraph
bact May 3, 2024
9acd79b
Retaining original long paragraph
bact May 3, 2024
d992238
Remove ontology directory
JPEWdev May 21, 2024
8a2456e
docs: annex: getting-started: Add missing reference
JPEWdev Apr 23, 2024
557d7cb
doc: annex: Validate documentation examples
JPEWdev Apr 23, 2024
001ddb9
Add annex describing how to cross reference documents
JPEWdev May 8, 2024
8756855
Fixes ABNF for license expressions
zvr May 9, 2024
8275276
Remove ontology/ directory
bact Jun 4, 2024
b54c30e
Add a note on Constrained-Markdown format
bact Jun 5, 2024
67e52b6
Add a section about configuration
bact Jun 10, 2024
1261b95
Validate only specific doc examples with SHACL in CI.
Apr 23, 2024
2216d1c
Merge branch 'development/v3.0.1' into update-build-instruct-flow
bact Jun 10, 2024
503b026
Reset the branch to fix non-sign-off
bact Jun 10, 2024
2a6c295
Merge branch 'update-build-instruct-flow' of https://github.com/bact/…
bact Jun 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
183 changes: 166 additions & 17 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,33 +1,182 @@
# The System Package Data Exchange (SPDX®) Specification

The System Package Data Exchange (SPDX®) specification is an open standard capable of representing systems with software components in as SBOMs (Software Bill of Materials) and other AI, data and security references supporting a range of risk management use cases.
The System Package Data Exchange (SPDX®) specification is an open standard
capable of representing systems with software components in as SBOMs
(Software Bill of Materials) and other AI, data and security references
supporting a range of risk management use cases.

The SPDX standard helps facilitate compliance with free and open source software licenses by standardizing the way license information is shared across the software supply chain. SPDX reduces redundant work by providing a common format for companies and communities to share important data about software licenses and copyrights, thereby streamlining and improving compliance.
The SPDX standard helps facilitate compliance with free and open source
software licenses by standardizing the way license information is shared across
the software supply chain. SPDX reduces redundant work by providing a common
format for companies and communities to share important data about software
licenses and copyrights, thereby streamlining and improving compliance.

This repository holds under active development version of the specification as:

* [MarkDown](https://github.com/spdx/spdx-spec/tree/master/chapters) (`master` branch)
* HTML (gh-pages branch, built on every commit to `master` and `development/` branches)
* [Current](https://spdx.github.io/spdx-spec/v3.0/)
- [Markdown](https://github.com/spdx/spdx-spec/tree/development/v3.0.1/docs)
(`development/v3.0.1` branch)
- HTML (`gh-pages` branch, built on every commit to `master` and `development`
branches)
- Current: <https://spdx.github.io/spdx-spec/v3.0/>

See for the official [releases of the specification](https://spdx.org/specifications) or additional information also the [SPDX website](https://spdx.org).
The model itself is under active development at
[spdx/spdx-3-model](https://github.com/spdx/spdx-3-model/)
repo (`main` branch).

## Specification Structure
See for the official
[releases of the specification](https://spdx.org/specifications)
or additional information also the [SPDX website](https://spdx.org).

The specification consists of a model which is generated from the [spdx-3-model](https://github.com/spdx/spdx-3-model) repository and additional information in the `docs` directory.
## Specification structure

The `examples` directory contains examples of various SPDX serializations for the current version of the spec.
This repository consists of these files and directories:

# Building the specification
- `bin/` - Scripts for spec generation.
- `docs/` - Specification content:
- `annexes/` - Annexes for the specification.
- `css/` - Style sheets for HTML.
- `images/` - Model diagrams. These image files are to be generated from a
diagram description file
[model.drawio](https://github.com/spdx/spdx-3-model/blob/main/model.drawio)
in `spdx/spdx-3-model` repo and manually copied here.
- `licenses/` - Licenses that used by the SPDX specifications.
- `model/` - Model files*. This subdirectory _is to be created_ by a script
from `spdx/spec-parser` repo, using model information from
`spdx/spdx-3-model` repo (see the build instructions below).
- `examples/` - Examples of various SPDX serializations for the current version
of the spec.
- `mkdocs.yml` - MkDocs recipe for the spec documentation generation. The
inclusion of model files and the order of chapters are defined here.

## Prerequisites
The specification consists of documents in the `docs/` directory from this
`spdx/spdx-spec` repository and a model which is generated from Markdown files
in the `spdx/spdx-3-model` repository.

You have to [MkDocs](http://mkdocs.org) installed on your machine. If you don't have it yet installed please follow these [installation instructions](http://www.mkdocs.org/#installation).
Note: The model Markdown files in the `spdx/spdx-3-model` repository use a
constrained format. Only a limited set of headings are allowed for processing
by the spec-parser.

## Building HTML
## Building the specification

# Execute built-in dev-server that lets you preview the specification
$ mkdocs serve
The specification building flow looks like this:

# Building static HTML site
$ mkdocs build
```text
+-------------------+
|[spdx-3-model] |
| | |
| +- model/ ---- Constrained-Markdown files -+
| | | |
| +- model.drawio -----------------+ |
+-------------------+ | |
| |
| |
+-------------------+ v |
|[spdx-spec] | draw.io |
| | | (manual) |
| +- docs/ | | |
| | | | |
| +- annexes/ | | v
| | | | spec-parser
| +- images/ <---- PNG images --+ |
| | | |
| +- licenses/ | |
| | | |
| +- model/ <----- Processed Markdown files ---+
| | |
| +- index.md |
| | |
| +- *.md |
+-------------------+
|
mike & mkdocs
|
v
+-------------------+
| HTML website |
+-------------------+
```

### Prerequisites

Apart from Git and Python, you have to have [MkDocs](http://mkdocs.org)
installed on your machine. If you don't have it yet installed please follow
these [installation instructions](http://www.mkdocs.org/#installation).

[WeasyPrint](https://doc.courtbouillon.org/weasyprint/stable/first_steps.html#installation)
is also required for generating PDF files. To disable PDF generation, comment
out the these lines in your `mkdocs.yml` configuration file:

```yaml
#- pdf-export:
# combined: true
```

### Preparing input files

Next, you have to prepare the model files, the other specification files,
and the model parser, by cloning these repositoriess:
[`spdx/spdx-3-model`](https://github.com/spdx/spdx-3-model),
[`spdx/spdx-spec`](https://github.com/spdx/spdx-spec), and
[`spdx/spec-parser`](https://github.com/spdx/spec-parser)
to these paths: `spdx-3-model`, `spdx-spec`, and `spec-parser`, respectively:

```shell
git clone https://github.com/spdx/spdx-3-model.git
git clone https://github.com/spdx/spdx-spec.git
git clone https://github.com/spdx/spec-parser.git
```

Install prerequisites for Python:

```shell
pip3 install -r spdx-spec/requirements.txt
pip3 install -r spec-parser/requirements.txt
```

### Generating intermediate Markdown files for MkDocs

Validate model files and generate intermediate files to be used by the HTML
builder (MkDocs):

```shell
python3 spec-parser/main.py spdx-3-model/model spdx-spec/docs/model
```

Now you will have your well-formatted model files ready in
`spdx-spec/docs/model` directory.

Inside this directory there will be two components:

- Model ontology and diagram files (`model.plantuml`, `spdx-context.jsonld`,
`spdx-model.dot`, `spdx-model.json-ld`, `spdx-model.pretty-xml`,
`spdx-model.ttl`, `spdx-model.xml`) -- these files are ready to be consumed
directly.
- Formatted Makdown files (`*.md`) in a number of subdirectories -- these
files are to be consumed by MkDocs in the next step.

### Building HTML

Once all the spec and model files are ready, we will use MkDocs to put them
together as a website.

In side `spdx-spec/` directory, execute a built-in dev-server that let you
preview the specification:

```shell
mkdocs serve
```

Or building a static HTML site:

```shell
mkdocs build
```

## Configuring the website

Inside `spdx-spec/` directory, there is a file `mkdocs.yml`. This is a
configuration file for MkDocs.

Files intended for display and linking in the navigation bar should be
included in the `nav:` section. The order of filenames in this section
determines their order on the navigation bar.
Loading