-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add validation rule to check for an spdx license
Signed-off-by: Ryan Bottriell <ryan@bottriell.ca>
- Loading branch information
Showing
14 changed files
with
356 additions
and
14 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
// Copyright (c) Sony Pictures Imageworks, et al. | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// https://github.com/imageworks/spk | ||
|
||
use spk_schema::validation::{ | ||
ValidationMatcherDiscriminants, | ||
ValidationRuleDiscriminants as RuleKind, | ||
}; | ||
use spk_schema::{Package, Variant}; | ||
|
||
use super::{Error, Outcome, Report, Status, Subject}; | ||
use crate::report::{BuildReport, BuildSetupReport}; | ||
|
||
#[cfg(test)] | ||
#[path = "./spdx_license_test.rs"] | ||
mod spdx_license_test; | ||
|
||
pub struct SpdxLicenseValidator { | ||
pub kind: RuleKind, | ||
} | ||
|
||
impl super::validator::sealed::Sealed for SpdxLicenseValidator {} | ||
|
||
#[async_trait::async_trait] | ||
impl super::Validator for SpdxLicenseValidator { | ||
async fn validate_setup<P, V>(&self, setup: &BuildSetupReport<P, V>) -> Report | ||
where | ||
P: Package, | ||
V: Variant + Send + Sync, | ||
{ | ||
let meta = setup.package.metadata(); | ||
let exists = meta.license.is_some(); | ||
let is_valid = match meta.license.as_ref() { | ||
Some(value) => spdx::license_id(value).is_some(), | ||
None => true, | ||
}; | ||
let status = match self.kind { | ||
RuleKind::Require if !exists => Status::Required(Error::SpdxLicenseRequired { | ||
given: meta.license.clone().unwrap_or_default(), | ||
}), | ||
RuleKind::Allow | RuleKind::Require if !is_valid => { | ||
Status::Required(Error::SpdxLicenseRequired { | ||
given: meta.license.clone().unwrap_or_default(), | ||
}) | ||
} | ||
RuleKind::Deny if exists && is_valid => Status::Denied(Error::SpdxLicenseDenied), | ||
_ => Status::Allowed, | ||
}; | ||
Outcome { | ||
locality: String::new(), | ||
subject: Subject::Everything, | ||
status, | ||
condition: ValidationMatcherDiscriminants::SpdxLicense, | ||
} | ||
.into() | ||
} | ||
|
||
async fn validate_build<P, V>(&self, report: &BuildReport<P, V>) -> Report | ||
where | ||
P: Package, | ||
V: Variant + Send + Sync, | ||
{ | ||
let is_empty = report.output.collected_changes.is_empty(); | ||
let status = match self.kind { | ||
RuleKind::Deny if is_empty => Status::Denied(Error::EmptyPackageDenied), | ||
RuleKind::Require if !is_empty => Status::Required(Error::EmptyPackageRequired), | ||
_ => Status::Allowed, | ||
}; | ||
Outcome { | ||
locality: String::new(), | ||
subject: Subject::Everything, | ||
status, | ||
condition: ValidationMatcherDiscriminants::EmptyPackage, | ||
} | ||
.into() | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,192 @@ | ||
// Copyright (c) Sony Pictures Imageworks, et al. | ||
// SPDX-License-Identifier: Apache-2.0 | ||
// https://github.com/imageworks/spk | ||
|
||
use std::sync::Arc; | ||
|
||
use spfs::tracking::Manifest; | ||
use spk_schema::foundation::option_map; | ||
use spk_schema::validation::ValidationMatcher; | ||
use spk_schema::{spec, Package, ValidationRule}; | ||
use spk_solve::Solution; | ||
|
||
use crate::report::BuildSetupReport; | ||
use crate::validation::Validator; | ||
|
||
macro_rules! basic_setup { | ||
($pkg:tt) => {{ | ||
let package = Arc::new(spec!($pkg)); | ||
|
||
let environment = Solution::default(); | ||
BuildSetupReport { | ||
environment, | ||
variant: option_map! {}, | ||
environment_filesystem: Manifest::new( | ||
spfs::tracking::Entry::empty_dir_with_open_perms_with_data(package.ident().clone()), | ||
), | ||
package, | ||
} | ||
}}; | ||
} | ||
|
||
#[tokio::test] | ||
async fn test_license_allowed_empty() { | ||
let setup = basic_setup!( | ||
{ | ||
"pkg": "base/1.0.0/3TCOOP2W", | ||
"meta": {}, | ||
"sources": [], | ||
"build": { | ||
"script": "echo building...", | ||
}, | ||
} | ||
); | ||
|
||
ValidationRule::Allow { | ||
condition: ValidationMatcher::SpdxLicense, | ||
} | ||
.validate_setup(&setup) | ||
.await | ||
.into_result() | ||
.expect("Should allow no license with default allow rule"); | ||
} | ||
|
||
#[tokio::test] | ||
async fn test_license_allowed_valid() { | ||
let setup = basic_setup!( | ||
{ | ||
"pkg": "base/1.0.0/3TCOOP2W", | ||
"meta": { | ||
"license": "Apache-2.0" // from spdx license list | ||
}, | ||
"sources": [], | ||
"build": { | ||
"script": "echo building...", | ||
}, | ||
} | ||
); | ||
|
||
ValidationRule::Allow { | ||
condition: ValidationMatcher::SpdxLicense, | ||
} | ||
.validate_setup(&setup) | ||
.await | ||
.into_result() | ||
.expect("Should allow a known license with default allow rule"); | ||
} | ||
|
||
#[tokio::test] | ||
async fn test_license_allowed_invalid() { | ||
let setup = basic_setup!( | ||
{ | ||
"pkg": "base/1.0.0/3TCOOP2W", | ||
"meta": { | ||
"license": "unknown" // NOT from spdx license list | ||
}, | ||
"sources": [], | ||
"build": { | ||
"script": "echo building...", | ||
}, | ||
} | ||
); | ||
|
||
ValidationRule::Allow { | ||
condition: ValidationMatcher::SpdxLicense, | ||
} | ||
.validate_setup(&setup) | ||
.await | ||
.into_result() | ||
.expect_err("Should fail with default allow rule and invalid license"); | ||
} | ||
|
||
#[tokio::test] | ||
async fn test_license_require_empty() { | ||
let setup = basic_setup!( | ||
{ | ||
"pkg": "base/1.0.0/3TCOOP2W", | ||
"meta": {}, | ||
"sources": [], | ||
"build": { | ||
"script": "echo building...", | ||
}, | ||
} | ||
); | ||
|
||
ValidationRule::Require { | ||
condition: ValidationMatcher::SpdxLicense, | ||
} | ||
.validate_setup(&setup) | ||
.await | ||
.into_result() | ||
.expect_err("Should fail when no license and require rule"); | ||
} | ||
|
||
#[tokio::test] | ||
async fn test_license_deny_empty() { | ||
let setup = basic_setup!( | ||
{ | ||
"pkg": "base/1.0.0/3TCOOP2W", | ||
"meta": {}, | ||
"sources": [], | ||
"build": { | ||
"script": "echo building...", | ||
}, | ||
} | ||
); | ||
|
||
ValidationRule::Deny { | ||
condition: ValidationMatcher::SpdxLicense, | ||
} | ||
.validate_setup(&setup) | ||
.await | ||
.into_result() | ||
.expect("Should allow empty license with deny rule"); | ||
} | ||
|
||
#[tokio::test] | ||
async fn test_license_deny_invalid() { | ||
let setup = basic_setup!( | ||
{ | ||
"pkg": "base/1.0.0/3TCOOP2W", | ||
"meta": { | ||
"license": "unknown" // NOT from license list | ||
}, | ||
"sources": [], | ||
"build": { | ||
"script": "echo building...", | ||
}, | ||
} | ||
); | ||
|
||
ValidationRule::Deny { | ||
condition: ValidationMatcher::SpdxLicense, | ||
} | ||
.validate_setup(&setup) | ||
.await | ||
.into_result() | ||
.expect("Should allow invalid license with deny rule"); | ||
} | ||
|
||
#[tokio::test] | ||
async fn test_license_deny_valid() { | ||
let setup = basic_setup!( | ||
{ | ||
"pkg": "base/1.0.0/3TCOOP2W", | ||
"meta": { | ||
"license": "Apache-2.0" | ||
}, | ||
"sources": [], | ||
"build": { | ||
"script": "echo building...", | ||
}, | ||
} | ||
); | ||
|
||
ValidationRule::Deny { | ||
condition: ValidationMatcher::SpdxLicense, | ||
} | ||
.validate_setup(&setup) | ||
.await | ||
.into_result() | ||
.expect_err("Should fail with valid license and deny rule"); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.