Merge pull request #462 from puerco/spdx-semver

Trim license patch from version tag, bump list to v3.24.0
kubernetes-sigs · Jul 27, 2024 · 1611490 · 1611490
2 parents 0952c9f + 100e4ab
commit 1611490
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 4 deletions.
diff --git a/go.mod b/go.mod
@@ -3,6 +3,7 @@ module sigs.k8s.io/bom
 go 1.22
 
 require (
+	github.com/blang/semver/v4 v4.0.0
 	github.com/glebarez/go-sqlite v1.22.0
 	github.com/go-git/go-git/v5 v5.12.0
 	github.com/google/go-containerregistry v0.19.1
@@ -27,7 +28,6 @@ require (
 	github.com/MakeNowJust/heredoc/v2 v2.0.1 // indirect
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/andybalholm/brotli v1.1.0 // indirect
-	github.com/blang/semver/v4 v4.0.0 // indirect
 	github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
 	github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect

diff --git a/pkg/license/catalog.go b/pkg/license/catalog.go
@@ -43,7 +43,7 @@ type CatalogOptions struct {
 //
 //	DO NOT RENAME OR MOVE THIS OPTION WITHOUT MODIFYING THE MAGEFILE
 var DefaultCatalogOpts = CatalogOptions{
-	Version: "v3.23",
+	Version: "v3.24.0",
 }
 
 // NewCatalogWithOptions returns a SPDX object with the specified options

diff --git a/pkg/license/data/license-list-v3.23.zip b/pkg/license/data/license-list-v3.23.zip
diff --git a/pkg/license/data/license-list-v3.24.0.zip b/pkg/license/data/license-list-v3.24.0.zip
diff --git a/pkg/spdx/builder_implementation.go b/pkg/spdx/builder_implementation.go
@@ -22,6 +22,7 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/blang/semver/v4"
 	"github.com/google/uuid"
 	"github.com/sirupsen/logrus"
 	"gopkg.in/yaml.v2"
@@ -54,11 +55,20 @@ func (builder *defaultDocBuilderImpl) CreateDocument(genopts *DocGenerateOptions
 	// Create the new document
 	doc := NewDocument()
 	doc.Name = genopts.Name
-	doc.LicenseListVersion = strings.TrimPrefix(license.DefaultCatalogOpts.Version, "v")
+	// Use the license list from the embedded catalog
+	ver := strings.TrimPrefix(license.DefaultCatalogOpts.Version, "v")
+	// ... unless there was one sepcified in the options
 	if genopts.LicenseListVersion != "" {
-		doc.LicenseListVersion = strings.TrimPrefix(genopts.LicenseListVersion, "v")
+		ver = strings.TrimPrefix(genopts.LicenseListVersion, "v")
 	}
 
+	// Trim the patch part of the license version
+	v, err := semver.New(ver)
+	if err != nil {
+		return nil, fmt.Errorf("parsing license list semver string %q: %w", ver, err)
+	}
+	doc.LicenseListVersion = fmt.Sprintf("%d.%d", v.Major, v.Minor)
+
 	// If we do not have a namespace, we generate one under the public SPDX
 	// URL as defined in the spec.
 	// (ref https://spdx.github.io/spdx-spec/document-creation-information/#65-spdx-document-namespace-field)