diff --git a/__tests__/spdx.test.ts b/__tests__/spdx.test.ts new file mode 100644 index 0000000..460f4f1 --- /dev/null +++ b/__tests__/spdx.test.ts @@ -0,0 +1,11 @@ +import {expect, jest, test} from '@jest/globals' +import * as spdx from '../src/spdx' + +test('hello', () => { + expect(spdx.satisfies('MIT', 'MIT')).toBe(true) +}) + +test('isValid', () => { + expect(spdx.isValid('MIT')).toBe(true) + expect(spdx.isValid('FOOBARBAZ')).toBe(false) +}) diff --git a/src/config.ts b/src/config.ts index 86d02b4..2a14a48 100644 --- a/src/config.ts +++ b/src/config.ts @@ -4,7 +4,8 @@ import YAML from 'yaml' import * as core from '@actions/core' import * as z from 'zod' import {ConfigurationOptions, ConfigurationOptionsSchema} from './schemas' -import {isSPDXValid, octokitClient} from './utils' +import {octokitClient} from './utils' +import {isValidSPDX} from './spdx' type ConfigurationOptionsPartial = Partial @@ -113,7 +114,7 @@ function validateLicenses( return } - const invalid_licenses = licenses.filter(license => !isSPDXValid(license)) + const invalid_licenses = licenses.filter(license => !isValidSPDX(license)) if (invalid_licenses.length > 0) { throw new Error(`Invalid license(s) in ${key}: ${invalid_licenses}`) diff --git a/src/licenses.ts b/src/licenses.ts index 4880357..76008bc 100644 --- a/src/licenses.ts +++ b/src/licenses.ts @@ -1,7 +1,8 @@ import spdxSatisfies from 'spdx-satisfies' import {Change, Changes} from './schemas' -import {isSPDXValid, octokitClient} from './utils' +import {octokitClient} from './utils' import {parsePURL} from './purl' +import {isValidSPDX} from './spdx' /** * Loops through a list of changes, filtering and returning the @@ -161,10 +162,11 @@ const setGHLicenses = async (changes: Change[]): Promise => { return Promise.all(updatedChanges) } + // Currently Dependency Graph licenses are truncated to 255 characters // This possibly makes them invalid spdx ids const truncatedDGLicense = (license: string): boolean => - license.length === 255 && !isSPDXValid(license) + license.length === 255 && !isValidSPDX(license) async function groupChanges( changes: Changes diff --git a/src/spdx.ts b/src/spdx.ts new file mode 100644 index 0000000..85c1f89 --- /dev/null +++ b/src/spdx.ts @@ -0,0 +1,19 @@ +import * as spdx from '@onebeyond/spdx-license-satisfies' +import parse from 'spdx-expression-parse' + +export function satisfies( + candidateExpr: string, + constraintExpr: string +): boolean { + return spdx.satisfies(candidateExpr, constraintExpr) +} + +// can be a single license or an SPDX expression +export function isValidSPDX(spdxExpr: string): boolean { + try { + parse(spdxExpr) + return true + } catch (_) { + return false + } +} diff --git a/src/utils.ts b/src/utils.ts index 3939839..4646511 100644 --- a/src/utils.ts +++ b/src/utils.ts @@ -1,6 +1,5 @@ import * as core from '@actions/core' import {Octokit} from 'octokit' -import spdxParse from 'spdx-expression-parse' import {Changes} from './schemas' export function groupDependenciesByManifest( @@ -34,15 +33,6 @@ export function renderUrl(url: string | null, text: string): string { } } -export function isSPDXValid(license: string): boolean { - try { - spdxParse(license) - return true - } catch (_) { - return false - } -} - function isEnterprise(): boolean { const serverUrl = new URL( process.env['GITHUB_SERVER_URL'] ?? 'https://github.com' diff --git a/tsconfig.json b/tsconfig.json index a569bdc..68385a5 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -5,7 +5,9 @@ "outDir": "./lib" /* Redirect output structure to the directory. */, "strict": true /* Enable all strict type-checking options. */, "noImplicitAny": true /* Raise error on expressions and declarations with an implied 'any' type. */, - "esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */ + "esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */, + "typeRoots": [ "./node_modules/@types", "./types" ], + "types": [ "node", "jest", "spdx-license-satisfies" ] }, "exclude": ["node_modules"] } diff --git a/types/spdx-license-satisfies.d.ts b/types/spdx-license-satisfies.d.ts new file mode 100644 index 0000000..9de8a9a --- /dev/null +++ b/types/spdx-license-satisfies.d.ts @@ -0,0 +1,6 @@ +declare module '@onebeyond/spdx-license-satisfies' { + export function satisfies( + candidateExpr: string, + constraintExpr: string + ): boolean +}