Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trim license patch from version tag, bump list to v3.24.0 #462

Merged
merged 3 commits into from
Jul 27, 2024
Merged

Trim license patch from version tag, bump list to v3.24.0 #462

merged 3 commits into from
Jul 27, 2024

Conversation

puerco
Copy link
Member

@puerco puerco commented Jul 27, 2024
edited
Loading

What type of PR is this?

/kind bug
/kind cleanup
/kind failing-test

What this PR does / why we need it:

This PR trims the patch version from the SPDX license list datafile before writing it to the SBOM to fix a bug has kept our CI broken for months

This is because there was a change in the versioning scheme, the SPDX license now is released with a full semver with a patch while the spec only supports major.minor

This change modifies the logic when writing the document to parse out the patch from the version tag and make the documents compliant again. The downside is that we will never know exactly which license list version was used to generate the sbom but I don't think there is any way around it.

Which issue(s) this PR fixes:

Fixes the broken CI jobs

Special notes for your reviewer:

Ref: spdx/LicenseListPublisher#181

/cc @cpanato @saschagrunert @xmudrii @Verolop

Does this PR introduce a user-facing change?

bom now supports the spdx license list's new versioning scheme with a patch number in the license tag.

@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. approved Indicates a PR has been approved by an approver from all required OWNERS files. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jul 27, 2024
@puerco
go.mod: Pull github.com/blang/semver/v4
b696406 
Signed-off-by: Adolfo García Veytia (puerco) <[email protected]>
@puerco
Trim license list patch version from SPDX document
5fb56cb 
Signed-off-by: Adolfo García Veytia (puerco) <[email protected]>
@puerco
Bump SPDX license list to 3.24.0
100e4ab 
Signed-off-by: Adolfo García Veytia (puerco) <[email protected]>
@puerco puerco mentioned this pull request Jul 27, 2024
Merged
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 27, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cpanato, puerco

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 1611490 into kubernetes-sigs:main Jul 27, 2024
7 checks passed
@puerco puerco mentioned this pull request Jul 27, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpanato cpanato cpanato approved these changes

@saschagrunert saschagrunert Awaiting requested review from saschagrunert

@Verolop Verolop Awaiting requested review from Verolop

@xmudrii xmudrii Awaiting requested review from xmudrii

Assignees

@cpanato cpanato

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. kind/failing-test Categorizes issue or PR as related to a consistently or frequently failing test. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@puerco @k8s-ci-robot @cpanato