Skip to content

Enabled SPDX document validation for CI#878

Merged
nishakm merged 1 commit intotern-tools:mainfrom
rnjudge:enable-spdx-validation
Feb 18, 2021
Merged

Enabled SPDX document validation for CI#878
nishakm merged 1 commit intotern-tools:mainfrom
rnjudge:enable-spdx-validation

Conversation

@rnjudge
Copy link
Contributor

@rnjudge rnjudge commented Feb 10, 2021

As development increases for Tern, it is getting harder to maintain the
generation of valid SPDX documents for container images. This commit
enables CI checks for the SPDX documents that Tern produces to make sure
the documents are valid.

Resolves #713

Signed-off-by: Rose Judge rjudge@vmware.com

@rnjudge rnjudge force-pushed the enable-spdx-validation branch 8 times, most recently from 1ccd214 to be0d669 Compare February 10, 2021 04:21
@rnjudge
Copy link
Contributor Author

rnjudge commented Feb 10, 2021

Added changes to spdxtagvalue/generator.py in order to make the document not validate and the CI tests failed as expected.

Screen Shot 2021-02-09 at 8 20 22 PM

@rnjudge
Copy link
Contributor Author

rnjudge commented Feb 11, 2021

@nishakm this PR downloads a specific version of the spdx tooling for the CI tests. I don't see a way to always download the latest from bintray so I wonder if we just want to update the version in the CI tooling with each release? It seems there's a new SPDX tool every few months but this might slow down as the SPDX tool gets to be more stable.

@nishakm
Copy link
Contributor

nishakm commented Feb 11, 2021

@nishakm this PR downloads a specific version of the spdx tooling for the CI tests. I don't see a way to always download the latest from bintray so I wonder if we just want to update the version in the CI tooling with each release? It seems there's a new SPDX tool every few months but this might slow down as the SPDX tool gets to be more stable.

Can we build it from source?

@rnjudge
Copy link
Contributor Author

rnjudge commented Feb 11, 2021

@nishakm this PR downloads a specific version of the spdx tooling for the CI tests. I don't see a way to always download the latest from bintray so I wonder if we just want to update the version in the CI tooling with each release? It seems there's a new SPDX tool every few months but this might slow down as the SPDX tool gets to be more stable.

Can we build it from source?

Good call.

@rnjudge rnjudge force-pushed the enable-spdx-validation branch 6 times, most recently from 9ceec3f to 17112fa Compare February 12, 2021 04:31
@rnjudge
Enabled SPDX document validation for CI
a3aacb2 
As development increases for Tern, it is getting harder to maintain the
generation of valid SPDX documents for container images. This commit
enables CI checks for the SPDX documents that Tern produces to make sure
the documents are valid.

Resolves tern-tools#713

Signed-off-by: Rose Judge <rjudge@vmware.com>
@rnjudge rnjudge force-pushed the enable-spdx-validation branch from 17112fa to a3aacb2 Compare February 12, 2021 04:44
@rnjudge
Copy link
Contributor Author

rnjudge commented Feb 12, 2021
edited
Loading

@nishakm The commit now builds from source.

Screen Shot 2021-02-11 at 8 17 25 PM

@nishakm nishakm merged commit 52b4e29 into tern-tools:main Feb 18, 2021
@rnjudge rnjudge deleted the enable-spdx-validation branch March 17, 2021 04:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Enable SPDX document validation for CI

2 participants

@rnjudge @nishakm