Skip to content

Upgrade spdx-tools to v0.8.1 #3455#3456

Merged
pombredanne merged 1 commit intoaboutcode-org:developfrom
armintaenzertng:update-spdx-tools-version
Oct 13, 2023
Merged

Upgrade spdx-tools to v0.8.1 #3455#3456
pombredanne merged 1 commit intoaboutcode-org:developfrom
armintaenzertng:update-spdx-tools-version

Conversation

@armintaenzertng
Copy link
Contributor

@armintaenzertng armintaenzertng commented Jul 17, 2023
edited by AyanSinhaMahapatra
Loading

As the spdx-tools library has been refactored, this requires some code adaption of the current output_spdx.py and regeneration of the test files.
Also, the SPDX license list is now handled by the license-expression library, which is why we don't need the corresponding code anymore that adapts this list.

Fixes #3455

Tasks

  • Reviewed contribution guidelines
  • PR is descriptively titled 📑 and links the original issue above 🔗
  • Tests pass -- look for a green checkbox ✔️ a few minutes after opening your PR
    Run tests locally to check for errors.
  • Commits are in uniquely-named feature branch and has no merge conflicts 📁
  • Looked for possible updates in documentation and added updates if applicable
  • Updated CHANGELOG.rst

pombredanne
pombredanne requested changes Jul 17, 2023
View reviewed changes
Copy link
Member

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!
See some comments for your review.

tests/formattedcode/data/spdx/license_ref/expected_with_text.tv
ScanCode includes datasets (e.g. for license detection) that are dedicated
to the Public Domain using the Creative Commons CC0 1.0 Universal (CC0 1.0)
Public Domain Dedication: http://creativecommons.org/publicdomain/zero/1.0/</text>
LicenseID: LicenseRef-scancode-other-permissive
Copy link
Member

@pombredanne pombredanne Jul 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why change the order? Id, name then comment is the proper order here.

Copy link
Contributor Author

@armintaenzertng armintaenzertng Jul 18, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The order in the official spec example and implemented in the serializer is: Id, extracted text, name, cross reference, comment.
So, not different from your proposal?

tests/formattedcode/data/spdx/license_ref/expected_with_text.tv Outdated
Public Domain Dedication: http://creativecommons.org/publicdomain/zero/1.0/</text> No newline at end of file
Public Domain Dedication: http://creativecommons.org/publicdomain/zero/1.0/</text>
LicenseName: Other Copyleft Licenses
LicenseComment: <text>See details at https://github.com/nexB/scancode-toolkit/blob/develop/src/licensedcode/data/licenses/other-copyleft.yml
Copy link
Member

@pombredanne pombredanne Jul 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above. This is incorrect

Copy link
Contributor Author

@armintaenzertng armintaenzertng Jul 18, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As you reference the LicenseComment here, I'm not sure I know what you mean.
In case you meant the LicenseName, that corresponds to the Id "LicenseRef-scancode-other-copyleft", which seems fine to me.

tests/formattedcode/data/spdx/unicode/expected.tv
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.</text> No newline at end of file
* DAMAGE.</text>
LicenseName: Agere BSD
Copy link
Member

@pombredanne pombredanne Jul 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's not reorder these

AyanSinhaMahapatra
AyanSinhaMahapatra reviewed Jul 17, 2023
View reviewed changes
@armintaenzertng armintaenzertng force-pushed the update-spdx-tools-version branch from 26f26c5 to dd38a70 Compare July 18, 2023 10:07
@armintaenzertng armintaenzertng mentioned this pull request Jul 18, 2023
Open
@armintaenzertng armintaenzertng force-pushed the update-spdx-tools-version branch 2 times, most recently from bb1f70c to 4918b04 Compare July 25, 2023 08:28
@armintaenzertng
Copy link
Contributor Author

armintaenzertng commented Jul 25, 2023

@pombredanne, I believe I addressed all your comments above (apart from the reordering, for which we will continue to adhere to the specification examples) and implemented them or opened an issue if that problem already existed prior to this PR.
Also, we have officially released spdx-tools v0.8.0, I updated the version in this PR.

The CI currently fails for macos12 only. The failing test test_scan_does_scan_php_composer succeeds for all other platforms and also locally for me. This seems like an issue that's unrelated to this PR.

@AyanSinhaMahapatra
Copy link
Member

AyanSinhaMahapatra commented Jul 25, 2023

we have officially released spdx-tools v0.8.0, I updated the version in this PR.

Thanks @armintaenzertng !

The CI currently fails for macos12 only. The failing test test_scan_does_scan_php_composer succeeds for all other platforms and also locally for me. This seems like an issue that's unrelated to this PR.

These are flukes we see sometimes, I've reran the tests and all green now.

@maxhbr
Copy link
Contributor

maxhbr commented Jul 27, 2023

Hey @pombredanne and @AyanSinhaMahapatra , just was checking in, if I can help to get it merged. Are there still open concerns?

pombredanne
pombredanne requested changes Aug 7, 2023
View reviewed changes
pombredanne
pombredanne requested changes Aug 7, 2023
View reviewed changes
@tobim tobim mentioned this pull request Aug 10, 2023
Merged
12 tasks
@maxhbr
Copy link
Contributor

maxhbr commented Aug 23, 2023

@pombredanne , does #3456 (comment) resolve the issue?

@armintaenzertng armintaenzertng force-pushed the update-spdx-tools-version branch from 4918b04 to a4d0541 Compare August 24, 2023 13:37
@armintaenzertng
upgrade spdx-tools to v0.8
6e8d2f9 
as the library has been refactored, this requires some code adaption of the current output_spdx.py
and regeneration of the test files

Signed-off-by: Armin Tänzer <[email protected]>
@armintaenzertng armintaenzertng force-pushed the update-spdx-tools-version branch from a4d0541 to 6e8d2f9 Compare August 24, 2023 13:38
@armintaenzertng
Copy link
Contributor Author

armintaenzertng commented Aug 24, 2023

Just a small update: I rebased the code on the current state of the repo and updated the spdx-tools dependency to 0.8.1 (the update has no impact on the code in this PR).

@fabaff fabaff mentioned this pull request Aug 25, 2023
Merged
12 tasks
@armintaenzertng armintaenzertng changed the title Upgrade spdx-tools to v0.8 #3455 Upgrade spdx-tools to v0.8.1 #3455 Aug 28, 2023
@armintaenzertng
Copy link
Contributor Author

armintaenzertng commented Aug 29, 2023

Hi @AyanSinhaMahapatra,
could you please have a look at #3456 (comment) and see if that solves the open issue with this PR?

@maxhbr
Copy link
Contributor

maxhbr commented Oct 12, 2023

hey, any updates?

pombredanne
pombredanne approved these changes Oct 13, 2023
View reviewed changes
Copy link
Member

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks... I have added a new nit for your review wrt. the field ordering problem but I am goimng to merge this as-is now.

tests/formattedcode/data/spdx/license_known/expected.tv
@@ -1,35 +1,36 @@
# Document Information
## Document Information
Copy link
Member

@pombredanne pombredanne Oct 13, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It does not make any sense: ## makes the file bigger for no good reason. The fact that spec examples use this weird way does not make it part of the spec FWIW. The spec states that a # is a comment not that you should use a double ##. Now this is not critical so I can live with this change but this feels like cargo culting.

Also the logical order from most significant to least significant is namespace then name. This is BTW also the order of the spec examples you reference https://github.com/spdx/spdx-spec/blob/development/v2.3.1/examples/SPDXTagExample-v2.3.spdx#L3

I do not care too much for the change so I can live with it but there is no rationale for this change that I can understand.

@pombredanne pombredanne merged commit f3e52e1 into aboutcode-org:develop Oct 13, 2023
@armintaenzertng armintaenzertng deleted the update-spdx-tools-version branch October 16, 2023 05:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mjherzog mjherzog mjherzog left review comments

@AyanSinhaMahapatra AyanSinhaMahapatra AyanSinhaMahapatra left review comments

@pombredanne pombredanne pombredanne approved these changes

+1 more reviewer

@maxhbr maxhbr maxhbr left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Upgrade spdx-tools to version 0.8

5 participants

@armintaenzertng @AyanSinhaMahapatra @maxhbr @pombredanne @mjherzog