Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JSON Parser: Support top-level elements defined with relationships #304

Merged
merged 2 commits into from
Jun 16, 2023
Merged

JSON Parser: Support top-level elements defined with relationships #304

merged 2 commits into from
Jun 16, 2023

Conversation

puerco
Copy link
Member

@puerco puerco commented Jun 16, 2023

What type of PR is this?

/kind cleanup
/kind feature

What this PR does / why we need it:

SPDX supports defining the top-level elements of the SBOM using the documentDescribes field but also by linking elements to the document with a DESCRIBES relationship. This commit adds support to the JSON parser to detect top-level elements specified using the former method.

I'm also sneaking in a small change to improve printing the licenses in query results. bom will now detect better when licenses are NOASSERTION when choosing which licenses to print.

Signed-off-by: Adolfo García Veytia (Puerco) puerco@chainguard.dev

Which issue(s) this PR fixes:

None

Special notes for your reviewer:

/assign @cpanato @saschagrunert @xmudrii
/cc @kubernetes-sigs/release-engineering

Does this PR introduce a user-facing change?

- The `bom` json parser now supports top-level elements specified with a `DESCRIBES` relationship to the document. `documentDescribes` is, of course, still suppoirted
- License printing in query results has better `NOASSERTION` detection when choosing which license to print.

@puerco
JSON: Support top-level elements from relationships
e15021f 
SPDX supports defining the top level elementsa of the SBOM using the
documentDescribes field and also with relationships. This commit adds
support to the parser to detect top level elements specified using
the former method.

Signed-off-by: Adolfo García Veytia (Puerco) <puerco@chainguard.dev>
@puerco
Improve license printing in query printers
73e524b 
This commit improves the license printer in the query package to better
recognize when packages have NOASSERTION or NONE in the license field.

Signed-off-by: Adolfo García Veytia (Puerco) <puerco@chainguard.dev>
@k8s-ci-robot k8s-ci-robot added the kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. label Jun 16, 2023
@k8s-ci-robot
Copy link
Contributor

@puerco: GitHub didn't allow me to request PR reviews from the following users: kubernetes-sigs/release-engineering.

Note that only kubernetes-sigs members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

What type of PR is this?

/kind cleanup
/kind feature

What this PR does / why we need it:

SPDX supports defining the top-level elements of the SBOM using the documentDescribes field but also by linking elements to the document with a DESCRIBES relationship. This commit adds support to the JSON parser to detect top-level elements specified using the former method.

I'm also sneaking in a small change to improve printing the licenses in query results. bom will now detect better when licenses are NOASSERTION when choosing which licenses to print.

Signed-off-by: Adolfo García Veytia (Puerco) puerco@chainguard.dev

Which issue(s) this PR fixes:

None

Special notes for your reviewer:

/assign @cpanato @saschagrunert @xmudrii
/cc @kubernetes-sigs/release-engineering

Does this PR introduce a user-facing change?

- The `bom` json parser now supports top-level elements specified with a `DESCRIBES` relationship to the document. `documentDescribes` is, of course, still suppoirted
- License printing in query results has better `NOASSERTION` detection when choosing which license to print.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jun 16, 2023
cpanato
cpanato approved these changes Jun 16, 2023
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool!!

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 16, 2023
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cpanato, puerco

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 29809ca into kubernetes-sigs:main Jun 16, 2023
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpanato cpanato cpanato approved these changes

Assignees

@saschagrunert saschagrunert

@cpanato cpanato

@xmudrii xmudrii

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@puerco @k8s-ci-robot @cpanato @saschagrunert @xmudrii