Skip to content

chore: SPDX licenses bump automation #703

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

chore: SPDX licenses bump automation #703

wants to merge 3 commits into from

Conversation

jkowalleck
Copy link
Member

@jkowalleck jkowalleck commented Oct 1, 2025
edited
Loading

fixes #186

this automation will do the following on a daily/scheduled basis

  • auto-detect the latest release of SPDX licenses
  • update OUR list of known SPDX licenses
  • Pull request the changes, if needed

@jkowalleck jkowalleck requested a review from a team as a code owner October 1, 2025 18:06
@jkowalleck jkowalleck marked this pull request as draft October 1, 2025 18:06
@jkowalleck
SPDX licenses bump automation
fb1e3b0 
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck jkowalleck force-pushed the spdx-schema_pull-latest branch from 6c5d2df to fb1e3b0 Compare October 2, 2025 14:50
@jkowalleck jkowalleck marked this pull request as ready for review October 2, 2025 14:51
@jkowalleck jkowalleck changed the title [WIP] SPDX licenses bump automation SPDX licenses bump automation Oct 2, 2025
@jkowalleck jkowalleck changed the title SPDX licenses bump automation chore: SPDX licenses bump automation Oct 2, 2025
@jkowalleck jkowalleck requested a review from Copilot October 20, 2025 07:57
Copilot
Copilot AI reviewed Oct 20, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements automated daily updates for SPDX license lists by detecting the latest release from the SPDX GitHub repository and creating pull requests with updated schemas when changes are detected.

Key Changes:

  • Enhanced SpdxXsdGenerator to dynamically fetch the latest SPDX release version via GitHub API instead of using a hardcoded version
  • Added GitHub Actions workflow for scheduled daily execution and manual triggering
  • Modified update script to change to the correct directory before running Maven commands

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
.github/workflows/update_spdx_licenses.yml New workflow that runs daily to check for SPDX updates, generate schemas, and create PRs when changes are detected
tools/src/main/java/org/cyclonedx/tools/SpdxXsdGenerator.java Refactored to support dynamic version detection from GitHub API with configurable tag names and extracted schema generation into instance methods
tools/updateSpdx.sh Added directory change to ensure Maven commands execute in the correct location

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@jkowalleck @Copilot
Update .github/workflows/update_spdx_licenses.yml
805ed58 
Co-authored-by: Copilot <[email protected]>
Signed-off-by: Jan Kowalleck <[email protected]>
@jkowalleck jkowalleck force-pushed the spdx-schema_pull-latest branch from ef19a5c to 805ed58 Compare October 20, 2025 08:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@stevespringett stevespringett Awaiting requested review from stevespringett

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Automate the Updating of SPDX License List

1 participant

@jkowalleck