diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 3cddd8c..ff70475 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,8 @@ version: 2 updates: - package-ecosystem: "maven" + cooldown: + default-days: 7 directory: "/" schedule: interval: "weekly" diff --git a/.github/workflows/docker_deploy.yml b/.github/workflows/docker_deploy.yml index 55ce713..f35157a 100644 --- a/.github/workflows/docker_deploy.yml +++ b/.github/workflows/docker_deploy.yml @@ -6,9 +6,14 @@ name: Docker Build on: + workflow_dispatch: + pull_request: + paths: + - Dockerfile + - .github/workflows/docker_deploy.yml push: paths-ignore: - - "**.md" + - '**.md' tags: - 'v*' env: @@ -24,22 +29,16 @@ jobs: steps: - name: Checkout main repository - uses: actions/checkout@v3 + uses: actions/checkout@v5 - - name: Set environment variables - run: | - echo "ORG_BASE_NAME=${GITHUB_REPOSITORY}" >> $GITHUB_ENV - echo "TOOLS_JAVA_VERSION=${GITHUB_REF_NAME/v/}" >> $GITHUB_ENV - - name: Echoing current version - run: | - echo "$TOOLS_JAVA_VERSION" - echo $GITHUB_REF_NAME + - name: Setup QEMU + uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 + uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - name: Login to GitHub Container Registry - uses: docker/login-action@v2 + uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} @@ -47,19 +46,23 @@ jobs: - name: Extract components metadata id: meta_base - uses: docker/metadata-action@v4 + uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v51.0.0 with: images: | - ${{ env.REGISTRY }}/${{ env.ORG_BASE_NAME }}/tools-java + ${{ env.REGISTRY }}/${{ github.repository }} + tags: | + type=ref,event=tag + type=semver,pattern={{version}} + type=raw,value=main,enable=${{ github.ref == 'refs/heads/main' }} + labels: org.opencontainers.image.licenses=Apache-2.0 - name: Build Container - uses: docker/build-push-action@v3 + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 with: context: . - push: true + push: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') }} load: false - build-args: | - TOOLS_JAVA_VERSION=${{ env.TOOLS_JAVA_VERSION }} + platforms: linux/amd64,linux/arm64 tags: | ${{ steps.meta_base.outputs.tags }} labels: ${{ steps.meta_base.outputs.labels }} diff --git a/Dockerfile b/Dockerfile index df1be6a..9b37ffb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,23 +1,21 @@ # syntax=docker/dockerfile:1.4 # Set Java versions -ARG JAVA_VERSION=17 +ARG JAVA_VERSION=21 # Use Maven eclipse Temurin based -FROM maven:3.8-eclipse-temurin-$JAVA_VERSION as build - -ARG TOOLS_JAVA_VERSION=1.1.5-SNAPSHOT +FROM maven:3.9-eclipse-temurin-$JAVA_VERSION as build WORKDIR /build # BUILD RUN --mount=type=cache,target=/root/.m2 \ --mount=type=bind,source=$PWD,target=/build,rw \ - mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent install \ + export TOOLS_JAVA_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) \ + && mvn clean org.jacoco:jacoco-maven-plugin:prepare-agent install \ && mkdir -p /usr/lib/java/spdx \ && cp target/tools-java-$TOOLS_JAVA_VERSION-jar-with-dependencies.jar /usr/lib/java/spdx/ - # Configure the wrapper script COPY scripts/tools-java-wrapper.sh /usr/bin/tools-java @@ -25,11 +23,10 @@ COPY scripts/tools-java-wrapper.sh /usr/bin/tools-java RUN sed -i "s/@@VERSION@@/$TOOLS_JAVA_VERSION/g" /usr/bin/tools-java \ && chmod +x /usr/bin/tools-java - # Deploy image FROM eclipse-temurin:$JAVA_VERSION as run COPY --from=build /usr/lib/java/spdx /usr/lib/java/spdx COPY --from=build /usr/bin/tools-java /usr/bin/tools-java -ENTRYPOINT [ "/usr/bin/tools-java" ] \ No newline at end of file +ENTRYPOINT [ "/usr/bin/tools-java" ] diff --git a/README.md b/README.md index e1258bf..b38af53 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ If you are a developer, there are examples in the [examples folder](examples/org The command line interface of the SPDX Tools can be used like this: - java -jar tools-java-2.0.2-jar-with-dependencies.jar + java -jar tools-java-2.0.4-jar-with-dependencies.jar ## SPDX format converters @@ -54,18 +54,18 @@ The following converter tools support SPDX format: Example to convert a SPDX file from Tag to RDF format: - java -jar tools-java-2.0.2-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.rdf + java -jar tools-java-2.0.4-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.rdf The file formats can optionally be provided as the 3rd and 4th parameter for the input and output formats respectively. An optional 5th option `excludeLicenseDetails` will not copy the listed license properties to the output file. The following example will copy a JSON format to an RDF Turtle format without including the listed license properties: - java -jar tools-java-2.0.2-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.ttl TAG RDFTTL excludeLicenseDetails + java -jar tools-java-2.0.4-jar-with-dependencies.jar Convert ../testResources/SPDXTagExample-v2.2.spdx TagToRDF.ttl TAG RDFTTL excludeLicenseDetails To convert from SPDX 2 to SPDX 3.0.1: * use the file extension `.jsonld.json` or `.jsonld`; * or add the options for the from and to file types: - java -jar tools-java-2.0.2-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD + java -jar tools-java-2.0.4-jar-with-dependencies.jar Convert hello.spdx hello.spdx.json TAG JSONLD ## Compare utilities @@ -75,13 +75,13 @@ The following tools can be used to compare one or more SPDX documents: Example to compare multiple SPDX files provided in RDF format and provide a spreadsheet with the results: - java -jar tools-java-2.0.2-jar-with-dependencies.jar CompareDocs output.xlsx doc1 doc2 ... docN + java -jar tools-java-2.0.4-jar-with-dependencies.jar CompareDocs output.xlsx doc1 doc2 ... docN * CompareMultipleSpdxDocs with directory Example to compare all SPDX documents in a directory "/home/me/spdxdocs" and provide a spreadsheet with the results: - java -jar tools-java-2.0.2-jar-with-dependencies.jar CompareDocs output.xlsx /home/me/spdxdocs + java -jar tools-java-2.0.4-jar-with-dependencies.jar CompareDocs output.xlsx /home/me/spdxdocs ## SPDX Viewer @@ -91,7 +91,7 @@ The following tool can be used to "Pretty Print" an SPDX document. Sample usage: - java -jar tools-java-2.0.2-jar-with-dependencies.jar SPDXViewer ../testResources/SPDXRdfExample-v2.2.spdx.rdf + java -jar tools-java-2.0.4-jar-with-dependencies.jar SPDXViewer ../testResources/SPDXRdfExample-v2.2.spdx.rdf ## Verifier @@ -101,7 +101,7 @@ The following tool can be used to verify an SPDX document: Sample usage: - java -jar tools-java-2.0.2-jar-with-dependencies.jar Verify ../testResources/SPDXRdfExample-v2.2.spdx.rdf + java -jar tools-java-2.0.4-jar-with-dependencies.jar Verify ../testResources/SPDXRdfExample-v2.2.spdx.rdf ## Generators @@ -111,7 +111,7 @@ The following tool can be used to generate an SPDX verification code from a dire Sample usage: - java -jar tools-java-2.0.2-jar-with-dependencies.jar GenerateVerificationCode sourceDirectory [ignoredFilesRegex] + java -jar tools-java-2.0.4-jar-with-dependencies.jar GenerateVerificationCode sourceDirectory [ignoredFilesRegex] ## SPDX Validation Tool diff --git a/pom.xml b/pom.xml index 03c021d..91625f9 100644 --- a/pom.xml +++ b/pom.xml @@ -48,7 +48,7 @@ https://sonarcloud.io spdx tools-java - 12.1.9 + 12.2.0 11 -Xdoclint:none @@ -205,7 +205,7 @@ org.sonatype.central central-publishing-maven-plugin - 0.9.0 + 0.10.0 true central @@ -361,6 +361,11 @@ deploy + + org.sonarsource.scanner.maven + sonar-maven-plugin + 5.5.0.6356 +