Merge pull request #3173 from meretp/python_tools_release

pombredanne · web-flow · commit caec25666028 · 2023-01-18T01:28:19.000+01:00
adapt code to new spdx-tools release
diff --git a/requirements.txt b/requirements.txt
@@ -64,7 +64,7 @@ requests==2.28.1
 saneyaml==0.6.0
 six==1.16.0
 soupsieve==2.3.2.post1
-spdx-tools==0.7.0a3
+spdx-tools==0.7.0rc0
 text-unidecode==1.3
 toml==0.10.2
 typecode==30.0.0
diff --git a/setup-mini.cfg b/setup-mini.cfg
@@ -80,7 +80,7 @@ install_requires =
     gemfileparser2 >= 0.9.0
     html5lib
     importlib_metadata
-    intbitset >= 3.0.2 
+    intbitset >= 3.0.2
     jaraco.functools
     javaproperties >= 0.5
     jinja2 >= 2.7.0
@@ -105,7 +105,7 @@ install_requires =
     pymaven_patch >= 0.2.8
     requests >= 2.7.0
     saneyaml >= 0.6.0
-    spdx_tools == 0.7.0a3
+    spdx_tools == 0.7.0rc0
     text_unidecode >= 1.0
     toml >= 0.10.0
     urlpy
diff --git a/setup.cfg b/setup.cfg
@@ -105,7 +105,7 @@ install_requires =
     pymaven_patch >= 0.2.8
     requests >= 2.7.0
     saneyaml >= 0.6.0
-    spdx_tools == 0.7.0a3
+    spdx_tools == 0.7.0rc0
     text_unidecode >= 1.0
     toml >= 0.10.0
     urlpy
diff --git a/src/formattedcode/output_spdx.py b/src/formattedcode/output_spdx.py
@@ -12,13 +12,16 @@
 from io import BytesIO
 from io import StringIO
 
-from spdx.checksum import Algorithm
+from spdx.checksum import Checksum
+from spdx.checksum import ChecksumAlgorithm
 from spdx.creationinfo import Tool
 from spdx.document import ExtractedLicense
 from spdx.document import Document
-from spdx.document import License
+from spdx.license import License
 from spdx.file import File
 from spdx.package import Package
+from spdx.relationship import Relationship
+from spdx.utils import calc_verif_code
 from spdx.utils import NoAssert
 from spdx.utils import SPDXNone
 from spdx.version import Version
@@ -280,9 +283,8 @@ def write_spdx(
         name = './' + file_data.get('path')
         file_entry = File(
             spdx_id=f'SPDXRef-{sid}',
-            name=name,
-            chk_sum=Algorithm('SHA1', file_data.get('sha1') or '')
-        )
+            name=name)
+        file_entry.set_checksum(Checksum(ChecksumAlgorithm.SHA1, file_data.get('sha1') or ''))
 
         file_license_detections = file_data.get('license_detections')
         license_matches = get_matches_from_detection_mappings(file_license_detections)
@@ -357,9 +359,11 @@ def write_spdx(
         else:
             file_entry.copyright = SPDXNone()
 
-        package.add_file(file_entry)
+        doc.add_file(file_entry)
+        relationship = Relationship(f'{package.spdx_id} CONTAINS {file_entry.spdx_id}')
+        doc.add_relationship(relationship)
 
-    if len(package.files) == 0:
+    if not doc.files:
         if as_tagvalue:
             msg = "# No results for package '{}'.\n".format(package.name)
         else:
@@ -392,7 +396,7 @@ def write_spdx(
         # statements for the package.
         package.cr_text = '\n'.join(sorted(package.cr_text)) + '\n'
 
-    package.verif_code = doc.package.calc_verif_code()
+    package.verif_code = calc_verif_code(doc.files)
     package.license_declared = NoAssert()
     package.conc_lics = NoAssert()
 
@@ -404,7 +408,7 @@ def write_spdx(
     # one case we do need to deal with bytes and decode before writing (rdf) and
     # in the other case we deal with text all the way.
 
-    if package.files:
+    if doc.files:
 
         if as_tagvalue:
             from spdx.writers.tagvalue import write_document  # NOQA
diff --git a/tests/formattedcode/data/spdx/license_known/expected.tv b/tests/formattedcode/data/spdx/license_known/expected.tv
@@ -35,5 +35,4 @@ SPDXID: SPDXRef-3
 FileChecksum: SHA1: 172444e7c137eb5cd3cae530aca0879c90f7fada
 LicenseConcluded: NOASSERTION
 LicenseInfoInFile: CC0-1.0
-FileCopyrightText: NONE
-# Extracted Licenses
+FileCopyrightText: NONE
diff --git a/tests/formattedcode/data/spdx/license_known/expected_with_text.tv b/tests/formattedcode/data/spdx/license_known/expected_with_text.tv
@@ -35,5 +35,4 @@ SPDXID: SPDXRef-3
 FileChecksum: SHA1: 172444e7c137eb5cd3cae530aca0879c90f7fada
 LicenseConcluded: NOASSERTION
 LicenseInfoInFile: CC0-1.0
-FileCopyrightText: NONE
-# Extracted Licenses
+FileCopyrightText: NONE
diff --git a/tests/formattedcode/data/spdx/simple/expected.tv b/tests/formattedcode/data/spdx/simple/expected.tv
@@ -27,5 +27,4 @@ SPDXID: SPDXRef-1
 FileChecksum: SHA1: b8a793cce3c3a4cd3a4646ddbe86edd542ed0cd8
 LicenseConcluded: NOASSERTION
 LicenseInfoInFile: NONE
-FileCopyrightText: NONE
-# Extracted Licenses
+FileCopyrightText: NONE
diff --git a/tests/formattedcode/data/spdx/tree/expected.tv b/tests/formattedcode/data/spdx/tree/expected.tv
@@ -77,5 +77,4 @@ FileChecksum: SHA1: 58748872d25374160692f1ed7075d0fe80a544b1
 LicenseConcluded: NOASSERTION
 LicenseInfoInFile: NONE
 FileCopyrightText: <text>Copyright (c) 2000 ACME, Inc.
-</text>
-# Extracted Licenses
+</text>
diff --git a/tests/formattedcode/data/templated/tree/expected.tv b/tests/formattedcode/data/templated/tree/expected.tv
@@ -65,5 +65,4 @@ FileChecksum: SHA1: 58748872d25374160692f1ed7075d0fe80a544b1
 LicenseConcluded: NOASSERTION
 LicenseInfoInFile: NONE
 FileCopyrightText: <text>Copyright (c) 2000 ACME, Inc.
-</text>
-# Extracted Licenses
+</text>
diff --git a/tests/formattedcode/test_output_spdx.py b/tests/formattedcode/test_output_spdx.py
@@ -149,6 +149,8 @@ def load_and_clean_tv(location):
         line = line.strip()
         if not line:
             continue
+        if line.startswith('LicenseListVersion'):
+            continue
         if line.startswith(('Creator: ', 'Created: ',)):
             continue
         if line.startswith(dns):
