diff --git a/README.md b/README.md index f17a8f9..bc952fd 100644 --- a/README.md +++ b/README.md @@ -102,7 +102,7 @@ Running self-validation produces a report containing the following information: ✓ SpdxTool_AddPackage - Passed ✓ SpdxTool_AddRelationship - Passed -✓ SpdxTool_Validate - Passed +✓ SpdxTool_Basic - Passed ✓ SpdxTool_CopyPackage - Passed ✓ SpdxTool_Diagram - Passed ✓ SpdxTool_FindPackage - Passed @@ -126,7 +126,7 @@ Each test in the report proves a specific command works correctly: - **SpdxTool_AddPackage** - `add-package` command adds a package with relationships to an SPDX file. - **SpdxTool_AddRelationship** - `add-relationship` command adds a relationship between SPDX elements. -- **SpdxTool_Validate** - `validate` command accepts valid and rejects invalid SPDX files. +- **SpdxTool_Basic** - `validate` command accepts valid and rejects invalid SPDX files. - **SpdxTool_CopyPackage** - `copy-package` command copies a package with relationships between SPDX files. - **SpdxTool_Diagram** - `diagram` command generates a Mermaid diagram from an SPDX file. - **SpdxTool_FindPackage** - `find-package` command locates a package by name in an SPDX file. diff --git a/docs/design/spdx-tool-targets/spdx-tool-targets.md b/docs/design/spdx-tool-targets/spdx-tool-targets.md index 80f0b8e..5f732d5 100644 --- a/docs/design/spdx-tool-targets/spdx-tool-targets.md +++ b/docs/design/spdx-tool-targets/spdx-tool-targets.md @@ -17,27 +17,28 @@ The subsystem consists of two MSBuild `.targets` files: - `buildMultiTargeting/DemaConsulting.SpdxTool.Targets.targets` — injected for multi-TFM projects -Both files define the `DecorateNuGetSbom` target, which runs after the `Pack` target +Both files define the `DecorateSbomTarget` target, which runs after the `Pack` target in the MSBuild pipeline. ### Workflow Invocation -The `DecorateNuGetSbom` target conditionally invokes `spdx-tool run-workflow` with +The `DecorateSbomTarget` target conditionally invokes `spdx-tool run-workflow` with a user-supplied workflow file. The workflow file path is specified via the -`SpdxWorkflowFile` MSBuild property. The `spdx-tool` global tool must be installed -and available on the system `PATH`. +`SpdxWorkflowFile` MSBuild property. The `spdx-tool` command is configurable via the +`SpdxToolCommand` property (defaults to `dotnet spdx-tool`). ### Configuration Properties -| MSBuild Property | Default | Description | -|----------------------|---------|------------------------------------------------------| -| `DecorateSBOM` | `false` | Set to `true` to enable SBOM decoration during pack | -| `GenerateSBOM` | `true` | When `false`, skips decoration (no SBOM to decorate) | -| `SpdxWorkflowFile` | — | Path to the workflow YAML file for decoration | +| MSBuild Property | Default | Description | +|----------------------|----------------------|------------------------------------------------------| +| `DecorateSBOM` | `false` | Set to `true` to enable SBOM decoration during pack | +| `GenerateSBOM` | `true` | When `false`, skips decoration (no SBOM to decorate) | +| `SpdxWorkflowFile` | `spdx-workflow.yaml` | Path to the workflow YAML file for decoration | +| `SpdxToolCommand` | `dotnet spdx-tool` | Command used to invoke the spdx-tool | ## Conditional Execution -The `DecorateNuGetSbom` target is skipped when: +The `DecorateSbomTarget` target is skipped when: - `DecorateSBOM` is not set to `true` (opt-in required) - `GenerateSBOM` is `false` (no SBOM generated to decorate) @@ -52,7 +53,7 @@ dotnet pack Pack target completes (NuGet .nupkg + embedded SBOM generated) │ ▼ -DecorateNuGetSbom target +DecorateSbomTarget target │ ├─► Check DecorateSBOM == true (skip if false) │ diff --git a/docs/design/spdx-tool/self-test/validate-run-nuget-workflow.md b/docs/design/spdx-tool/self-test/validate-run-nuget-workflow.md index b404b28..aa44be7 100644 --- a/docs/design/spdx-tool/self-test/validate-run-nuget-workflow.md +++ b/docs/design/spdx-tool/self-test/validate-run-nuget-workflow.md @@ -11,10 +11,9 @@ resolved from a NuGet package in the local NuGet cache and executed successfully ### Setup 1. Creates a `validate.tmp` working directory. -2. Writes an SPDX JSON document as a target for the NuGet workflow. -3. Writes a workflow YAML that uses the `nuget:` input to reference a known - - NuGet package and a workflow file within it. +2. Writes a workflow YAML that uses the `nuget:` input to reference a known + NuGet package (`DemaConsulting.SpdxWorkflows`) and a workflow file within it + (`GetDotNetVersion.yaml`), capturing the output into a variable. ### Execution @@ -23,7 +22,6 @@ Calls `Validate.RunSpdxTool("validate.tmp", ["--silent", "run-workflow", "workfl ### Verification - The workflow must complete with exit code 0. -- The SPDX document must be updated as expected by the NuGet workflow. ### Teardown @@ -32,7 +30,6 @@ Deletes the `validate.tmp` directory. ## Error Handling - Returns `false` if `RunSpdxTool` returns a non-zero exit code. -- Returns `false` if the SPDX document is not updated as expected. - The result is recorded in the `TestResults` collection as `Passed` or `Failed`. ## Constraints @@ -40,5 +37,4 @@ Deletes the `validate.tmp` directory. - Requires internet or NuGet cache access to download/restore the NuGet package. - The temporary directory is always deleted in a `finally` block. - `PathHelpers.SafePathCombine` is used to prevent path traversal when resolving - the workflow file within the NuGet package. diff --git a/docs/reqstream/spdx-tool-targets/spdx-tool-targets.yaml b/docs/reqstream/spdx-tool-targets/spdx-tool-targets.yaml index 70ea8d9..404c5a9 100644 --- a/docs/reqstream/spdx-tool-targets/spdx-tool-targets.yaml +++ b/docs/reqstream/spdx-tool-targets/spdx-tool-targets.yaml @@ -9,7 +9,7 @@ sections: sections: - title: MSBuild Targets Integration requirements: - - id: SpdxTool-Tgt-DecorateSbom + - id: SpdxTool-Target-DecorateSbom title: The MSBuild targets package shall decorate SBOMs during dotnet pack. tags: - msbuild @@ -22,7 +22,7 @@ sections: - SingleTfmProject_DecorateSbomTrue_DecoratesSbom - MultiTfmProject_DecorateSbomTrue_DecoratesSbom - - id: SpdxTool-Tgt-SkipDecorate + - id: SpdxTool-Target-SkipDecorate title: The MSBuild targets package shall skip SBOM decoration when DecorateSBOM is false. tags: - msbuild @@ -34,7 +34,7 @@ sections: tests: - SingleTfmProject_DecorateSbomFalse_SkipsDecoration - - id: SpdxTool-Tgt-SkipGenerateSbom + - id: SpdxTool-Target-SkipGenerateSbom title: The MSBuild targets package shall skip SBOM decoration when GenerateSBOM is false. tags: - msbuild @@ -46,7 +46,7 @@ sections: tests: - SingleTfmProject_GenerateSbomFalse_SkipsEntirely - - id: SpdxTool-Tgt-MissingWorkflowError + - id: SpdxTool-Target-MissingWorkflowError title: The MSBuild targets package shall report a clear error when the workflow file is missing. tags: - msbuild diff --git a/docs/reqstream/spdx-tool/commands/add-package.yaml b/docs/reqstream/spdx-tool/commands/add-package.yaml index 71860ac..9f263bb 100644 --- a/docs/reqstream/spdx-tool/commands/add-package.yaml +++ b/docs/reqstream/spdx-tool/commands/add-package.yaml @@ -6,7 +6,7 @@ sections: - title: add-package Command requirements: - - id: SpdxTool-Pkg-AddPackage + - id: SpdxTool-Package-AddPackage title: The tool shall add packages to SPDX documents using the add-package command. tags: - spdx diff --git a/docs/reqstream/spdx-tool/commands/add-relationship.yaml b/docs/reqstream/spdx-tool/commands/add-relationship.yaml index c3de787..dc873e8 100644 --- a/docs/reqstream/spdx-tool/commands/add-relationship.yaml +++ b/docs/reqstream/spdx-tool/commands/add-relationship.yaml @@ -6,7 +6,7 @@ sections: - title: add-relationship Command requirements: - - id: SpdxTool-Rel-AddRelationship + - id: SpdxTool-Relationship-AddRelationship title: The tool shall add relationships to SPDX documents using the add-relationship command. tags: - spdx diff --git a/docs/reqstream/spdx-tool/commands/commands.yaml b/docs/reqstream/spdx-tool/commands/commands.yaml index b6e323f..0d0b239 100644 --- a/docs/reqstream/spdx-tool/commands/commands.yaml +++ b/docs/reqstream/spdx-tool/commands/commands.yaml @@ -15,24 +15,24 @@ sections: help system to enumerate available commands. The registry must correctly map command names to their implementations. children: - - SpdxTool-Pkg-AddPackage - - SpdxTool-Rel-AddRelationship - - SpdxTool-Pkg-CopyPackage - - SpdxTool-Xfm-Diagram - - SpdxTool-Pkg-FindPackage - - SpdxTool-Pkg-GetVersion - - SpdxTool-Hsh-Hash - - SpdxTool-Cmd-HelpCommand - - SpdxTool-Wkf-Print - - SpdxTool-Wkf-Query - - SpdxTool-Man-RenameId - - SpdxTool-Wkf-RunWorkflow - - SpdxTool-Wkf-NuGetWorkflow - - SpdxTool-Wkf-SetVariable - - SpdxTool-Xfm-ToMarkdown - - SpdxTool-Pkg-UpdatePackage - - SpdxTool-Val-Validate - - SpdxTool-Val-NtiaMinimum + - SpdxTool-Package-AddPackage + - SpdxTool-Relationship-AddRelationship + - SpdxTool-Package-CopyPackage + - SpdxTool-Transform-Diagram + - SpdxTool-Package-FindPackage + - SpdxTool-Package-GetVersion + - SpdxTool-Hash-Hash + - SpdxTool-Command-HelpCommand + - SpdxTool-Workflow-Print + - SpdxTool-Workflow-Query + - SpdxTool-Manage-RenameId + - SpdxTool-Workflow-RunWorkflow + - SpdxTool-Workflow-NuGetWorkflow + - SpdxTool-Workflow-SetVariable + - SpdxTool-Transform-ToMarkdown + - SpdxTool-Package-UpdatePackage + - SpdxTool-Validate-Validate + - SpdxTool-Validate-NtiaMinimum tests: - Command_Expand_NoVariables_ReturnsOriginal - UnknownCommand_UnrecognizedCommand_ReportsError diff --git a/docs/reqstream/spdx-tool/commands/copy-package.yaml b/docs/reqstream/spdx-tool/commands/copy-package.yaml index 92c0019..4d6c2bc 100644 --- a/docs/reqstream/spdx-tool/commands/copy-package.yaml +++ b/docs/reqstream/spdx-tool/commands/copy-package.yaml @@ -6,7 +6,7 @@ sections: - title: copy-package Command requirements: - - id: SpdxTool-Pkg-CopyPackage + - id: SpdxTool-Package-CopyPackage title: The tool shall copy packages between SPDX documents using the copy-package command. tags: - spdx diff --git a/docs/reqstream/spdx-tool/commands/diagram.yaml b/docs/reqstream/spdx-tool/commands/diagram.yaml index 891e181..0fedd8c 100644 --- a/docs/reqstream/spdx-tool/commands/diagram.yaml +++ b/docs/reqstream/spdx-tool/commands/diagram.yaml @@ -6,7 +6,7 @@ sections: - title: diagram Command requirements: - - id: SpdxTool-Xfm-Diagram + - id: SpdxTool-Transform-Diagram title: The tool shall generate Mermaid diagrams from SPDX documents using the diagram command. tags: - spdx diff --git a/docs/reqstream/spdx-tool/commands/find-package.yaml b/docs/reqstream/spdx-tool/commands/find-package.yaml index 0a4ba52..5793ace 100644 --- a/docs/reqstream/spdx-tool/commands/find-package.yaml +++ b/docs/reqstream/spdx-tool/commands/find-package.yaml @@ -6,7 +6,7 @@ sections: - title: find-package Command requirements: - - id: SpdxTool-Pkg-FindPackage + - id: SpdxTool-Package-FindPackage title: The tool shall find packages in SPDX documents using the find-package command. tags: - spdx diff --git a/docs/reqstream/spdx-tool/commands/get-version.yaml b/docs/reqstream/spdx-tool/commands/get-version.yaml index 5c4deec..8aeb5dc 100644 --- a/docs/reqstream/spdx-tool/commands/get-version.yaml +++ b/docs/reqstream/spdx-tool/commands/get-version.yaml @@ -6,7 +6,7 @@ sections: - title: get-version Command requirements: - - id: SpdxTool-Pkg-GetVersion + - id: SpdxTool-Package-GetVersion title: The tool shall retrieve package versions from SPDX documents using the get-version command. tags: - spdx diff --git a/docs/reqstream/spdx-tool/commands/hash.yaml b/docs/reqstream/spdx-tool/commands/hash.yaml index 07cb2bf..cae3270 100644 --- a/docs/reqstream/spdx-tool/commands/hash.yaml +++ b/docs/reqstream/spdx-tool/commands/hash.yaml @@ -6,7 +6,7 @@ sections: - title: hash Command requirements: - - id: SpdxTool-Hsh-Hash + - id: SpdxTool-Hash-Hash title: The tool shall compute and verify file hashes using the hash command. tags: - spdx diff --git a/docs/reqstream/spdx-tool/commands/help.yaml b/docs/reqstream/spdx-tool/commands/help.yaml index 69f8635..1171e2a 100644 --- a/docs/reqstream/spdx-tool/commands/help.yaml +++ b/docs/reqstream/spdx-tool/commands/help.yaml @@ -6,7 +6,7 @@ sections: - title: help Command requirements: - - id: SpdxTool-Cmd-HelpCommand + - id: SpdxTool-Command-HelpCommand title: The help command shall display extended usage information for a specified command. tags: - cli diff --git a/docs/reqstream/spdx-tool/commands/print.yaml b/docs/reqstream/spdx-tool/commands/print.yaml index 85d5cae..f79f6a3 100644 --- a/docs/reqstream/spdx-tool/commands/print.yaml +++ b/docs/reqstream/spdx-tool/commands/print.yaml @@ -6,7 +6,7 @@ sections: - title: print Command requirements: - - id: SpdxTool-Wkf-Print + - id: SpdxTool-Workflow-Print title: The tool shall support printing text within workflows using the print command. tags: - workflow diff --git a/docs/reqstream/spdx-tool/commands/query.yaml b/docs/reqstream/spdx-tool/commands/query.yaml index 0bd0e85..61688b0 100644 --- a/docs/reqstream/spdx-tool/commands/query.yaml +++ b/docs/reqstream/spdx-tool/commands/query.yaml @@ -6,7 +6,7 @@ sections: - title: query Command requirements: - - id: SpdxTool-Wkf-Query + - id: SpdxTool-Workflow-Query title: The tool shall support querying external program output using the query command. tags: - workflow diff --git a/docs/reqstream/spdx-tool/commands/rename-id.yaml b/docs/reqstream/spdx-tool/commands/rename-id.yaml index 2041c92..1835d30 100644 --- a/docs/reqstream/spdx-tool/commands/rename-id.yaml +++ b/docs/reqstream/spdx-tool/commands/rename-id.yaml @@ -6,7 +6,7 @@ sections: - title: rename-id Command requirements: - - id: SpdxTool-Man-RenameId + - id: SpdxTool-Manage-RenameId title: The tool shall rename SPDX element IDs using the rename-id command. tags: - spdx diff --git a/docs/reqstream/spdx-tool/commands/run-workflow.yaml b/docs/reqstream/spdx-tool/commands/run-workflow.yaml index eff6f0a..2c7b5fb 100644 --- a/docs/reqstream/spdx-tool/commands/run-workflow.yaml +++ b/docs/reqstream/spdx-tool/commands/run-workflow.yaml @@ -7,7 +7,7 @@ sections: - title: run-workflow Command requirements: - - id: SpdxTool-Wkf-RunWorkflow + - id: SpdxTool-Workflow-RunWorkflow title: The tool shall execute workflow files using the run-workflow command. tags: - workflow @@ -22,7 +22,7 @@ sections: - RunWorkflow_WithOutputs_PopulatesOutputs - RunWorkflow_UrlWorkflow_ExecutesWorkflow - - id: SpdxTool-Wkf-NuGetWorkflow + - id: SpdxTool-Workflow-NuGetWorkflow title: The tool shall support running workflow files from NuGet packages using the run-workflow command. tags: - workflow diff --git a/docs/reqstream/spdx-tool/commands/set-variable.yaml b/docs/reqstream/spdx-tool/commands/set-variable.yaml index ec19d0d..2ff6f42 100644 --- a/docs/reqstream/spdx-tool/commands/set-variable.yaml +++ b/docs/reqstream/spdx-tool/commands/set-variable.yaml @@ -6,7 +6,7 @@ sections: - title: set-variable Command requirements: - - id: SpdxTool-Wkf-SetVariable + - id: SpdxTool-Workflow-SetVariable title: The tool shall support setting variables within workflows using the set-variable command. tags: - workflow diff --git a/docs/reqstream/spdx-tool/commands/to-markdown.yaml b/docs/reqstream/spdx-tool/commands/to-markdown.yaml index 4a8b679..cb9e7b6 100644 --- a/docs/reqstream/spdx-tool/commands/to-markdown.yaml +++ b/docs/reqstream/spdx-tool/commands/to-markdown.yaml @@ -6,7 +6,7 @@ sections: - title: to-markdown Command requirements: - - id: SpdxTool-Xfm-ToMarkdown + - id: SpdxTool-Transform-ToMarkdown title: The tool shall convert SPDX documents to Markdown format using the to-markdown command. tags: - spdx diff --git a/docs/reqstream/spdx-tool/commands/update-package.yaml b/docs/reqstream/spdx-tool/commands/update-package.yaml index 42dd239..a799273 100644 --- a/docs/reqstream/spdx-tool/commands/update-package.yaml +++ b/docs/reqstream/spdx-tool/commands/update-package.yaml @@ -6,7 +6,7 @@ sections: - title: update-package Command requirements: - - id: SpdxTool-Pkg-UpdatePackage + - id: SpdxTool-Package-UpdatePackage title: The tool shall update existing packages in SPDX documents using the update-package command. tags: - spdx diff --git a/docs/reqstream/spdx-tool/commands/validate.yaml b/docs/reqstream/spdx-tool/commands/validate.yaml index 68a9d37..e094734 100644 --- a/docs/reqstream/spdx-tool/commands/validate.yaml +++ b/docs/reqstream/spdx-tool/commands/validate.yaml @@ -7,7 +7,7 @@ sections: - title: validate Command requirements: - - id: SpdxTool-Val-Validate + - id: SpdxTool-Validate-Validate title: The tool shall validate SPDX documents using the validate command. tags: - spdx @@ -18,7 +18,7 @@ sections: - Validate_ValidSpdxDocument_Succeeds - Validate_ValidDocumentNoFilesAnalyzed_Succeeds - - id: SpdxTool-Val-NtiaMinimum + - id: SpdxTool-Validate-NtiaMinimum title: The tool shall validate SPDX documents against NTIA minimum elements requirements. tags: - spdx diff --git a/docs/reqstream/spdx-tool/platform-requirements.yaml b/docs/reqstream/spdx-tool/platform-requirements.yaml index cd35689..c5e8f3f 100644 --- a/docs/reqstream/spdx-tool/platform-requirements.yaml +++ b/docs/reqstream/spdx-tool/platform-requirements.yaml @@ -9,7 +9,7 @@ sections: sections: - title: Platform Support requirements: - - id: SpdxTool-Plt-Windows + - id: SpdxTool-Platform-Windows title: The tool shall run successfully on Windows platforms. tags: - platform @@ -19,14 +19,14 @@ sections: (both the dotnet-tool and the MSBuild targets package) must function correctly on Windows to support a broad user base. tests: - - windows@SpdxTool_Validate + - windows@SpdxTool_Basic - windows@SingleTfmProject_DecorateSbomTrue_DecoratesSbom - windows@MultiTfmProject_DecorateSbomTrue_DecoratesSbom - windows@SingleTfmProject_DecorateSbomFalse_SkipsDecoration - windows@SingleTfmProject_GenerateSbomFalse_SkipsEntirely - windows@SingleTfmProject_MissingWorkflow_ReportsError - - id: SpdxTool-Plt-Linux + - id: SpdxTool-Platform-Linux title: The tool shall run successfully on Linux platforms. tags: - platform @@ -37,14 +37,14 @@ sections: the MSBuild targets package) must function correctly on Linux to support a broad user base. tests: - - ubuntu@SpdxTool_Validate + - ubuntu@SpdxTool_Basic - ubuntu@SingleTfmProject_DecorateSbomTrue_DecoratesSbom - ubuntu@MultiTfmProject_DecorateSbomTrue_DecoratesSbom - ubuntu@SingleTfmProject_DecorateSbomFalse_SkipsDecoration - ubuntu@SingleTfmProject_GenerateSbomFalse_SkipsEntirely - ubuntu@SingleTfmProject_MissingWorkflow_ReportsError - - id: SpdxTool-Plt-MacOS + - id: SpdxTool-Platform-MacOS title: The tool shall run successfully on macOS platforms. tags: - platform @@ -55,14 +55,14 @@ sections: and the MSBuild targets package) must function correctly on macOS to support a broad user base. tests: - - macos@SpdxTool_Validate + - macos@SpdxTool_Basic - macos@SingleTfmProject_DecorateSbomTrue_DecoratesSbom - macos@MultiTfmProject_DecorateSbomTrue_DecoratesSbom - macos@SingleTfmProject_DecorateSbomFalse_SkipsDecoration - macos@SingleTfmProject_GenerateSbomFalse_SkipsEntirely - macos@SingleTfmProject_MissingWorkflow_ReportsError - - id: SpdxTool-Plt-Net8 + - id: SpdxTool-Platform-Net8 title: The tool shall run successfully on .NET 8.x. tags: - platform @@ -71,9 +71,9 @@ sections: support this version to provide stability and compatibility for users who require LTS support. tests: - - dotnet8.x@SpdxTool_Validate + - dotnet8.x@SpdxTool_Basic - - id: SpdxTool-Plt-Net9 + - id: SpdxTool-Platform-Net9 title: The tool shall run successfully on .NET 9.x. tags: - platform @@ -82,9 +82,9 @@ sections: version to enable users to take advantage of the latest .NET features and improvements. tests: - - dotnet9.x@SpdxTool_Validate + - dotnet9.x@SpdxTool_Basic - - id: SpdxTool-Plt-Net10 + - id: SpdxTool-Platform-Net10 title: The tool shall run successfully on .NET 10.x. tags: - platform @@ -93,4 +93,4 @@ sections: future .NET releases to ensure users can upgrade their runtime without losing tool functionality. tests: - - dotnet10.x@SpdxTool_Validate + - dotnet10.x@SpdxTool_Basic diff --git a/docs/reqstream/spdx-tool/self-test/self-test.yaml b/docs/reqstream/spdx-tool/self-test/self-test.yaml index 3aa81cf..b693a82 100644 --- a/docs/reqstream/spdx-tool/self-test/self-test.yaml +++ b/docs/reqstream/spdx-tool/self-test/self-test.yaml @@ -14,7 +14,7 @@ sections: or deployment. The subsystem must orchestrate all validation steps and collect pass/fail results into a structured outcome. children: - - SpdxTool-ST-Orchestrate + - SpdxTool-SelfTest-Orchestrate tests: - SelfTest_Validate_Succeeds @@ -24,7 +24,7 @@ sections: Users may want to see detailed hierarchical results during self-validation to understand which specific steps passed or failed at different depths. children: - - SpdxTool-ST-Orchestrate + - SpdxTool-SelfTest-Orchestrate tests: - SelfTest_ValidateWithDepth_Succeeds @@ -35,7 +35,7 @@ sections: standardized formats like TRX. This enables integration with existing test infrastructure. children: - - SpdxTool-ST-Orchestrate + - SpdxTool-SelfTest-Orchestrate tests: - SelfTest_ValidateWithTrxResult_GeneratesTrxFile @@ -46,6 +46,6 @@ sections: Auto-detecting the format from the file extension allows users to generate JUnit output without requiring a separate flag. children: - - SpdxTool-ST-Orchestrate + - SpdxTool-SelfTest-Orchestrate tests: - SelfTest_ValidateWithJUnitResult_GeneratesJUnitFile diff --git a/docs/reqstream/spdx-tool/self-test/validate-add-package.yaml b/docs/reqstream/spdx-tool/self-test/validate-add-package.yaml index 41f4c01..9fac325 100644 --- a/docs/reqstream/spdx-tool/self-test/validate-add-package.yaml +++ b/docs/reqstream/spdx-tool/self-test/validate-add-package.yaml @@ -6,7 +6,7 @@ sections: - title: SelfTest ValidateAddPackage requirements: - - id: SpdxTool-ST-AddPackage + - id: SpdxTool-SelfTest-AddPackage title: The SelfTest shall exercise the add-package command. tags: - self-test diff --git a/docs/reqstream/spdx-tool/self-test/validate-add-relationship.yaml b/docs/reqstream/spdx-tool/self-test/validate-add-relationship.yaml index 4b00214..64266c3 100644 --- a/docs/reqstream/spdx-tool/self-test/validate-add-relationship.yaml +++ b/docs/reqstream/spdx-tool/self-test/validate-add-relationship.yaml @@ -6,7 +6,7 @@ sections: - title: SelfTest ValidateAddRelationship requirements: - - id: SpdxTool-ST-AddRelationship + - id: SpdxTool-SelfTest-AddRelationship title: The SelfTest shall exercise the add-relationship command. tags: - self-test diff --git a/docs/reqstream/spdx-tool/self-test/validate-basic.yaml b/docs/reqstream/spdx-tool/self-test/validate-basic.yaml index 337ab8e..0a88c88 100644 --- a/docs/reqstream/spdx-tool/self-test/validate-basic.yaml +++ b/docs/reqstream/spdx-tool/self-test/validate-basic.yaml @@ -6,13 +6,13 @@ sections: - title: SelfTest ValidateBasic requirements: - - id: SpdxTool-ST-Basic - title: The SelfTest shall exercise the basic commands (version, help, silent, log). + - id: SpdxTool-SelfTest-Basic + title: The SelfTest shall exercise the validate command with basic CLI flags (silent, log). tags: - self-test justification: | - Self-validation of basic tool functionality ensures the core CLI features - (version reporting, help display, silent mode, logging) work correctly + Self-validation of basic tool functionality ensures the core CLI flags + (silent mode, logging) work correctly with the validate command after installation or deployment. tests: - SpdxTool_Basic diff --git a/docs/reqstream/spdx-tool/self-test/validate-copy-package.yaml b/docs/reqstream/spdx-tool/self-test/validate-copy-package.yaml index 14abaa4..9e5eaa3 100644 --- a/docs/reqstream/spdx-tool/self-test/validate-copy-package.yaml +++ b/docs/reqstream/spdx-tool/self-test/validate-copy-package.yaml @@ -6,7 +6,7 @@ sections: - title: SelfTest ValidateCopyPackage requirements: - - id: SpdxTool-ST-CopyPackage + - id: SpdxTool-SelfTest-CopyPackage title: The SelfTest shall exercise the copy-package command. tags: - self-test diff --git a/docs/reqstream/spdx-tool/self-test/validate-diagram.yaml b/docs/reqstream/spdx-tool/self-test/validate-diagram.yaml index 0ab348f..eaf5cbd 100644 --- a/docs/reqstream/spdx-tool/self-test/validate-diagram.yaml +++ b/docs/reqstream/spdx-tool/self-test/validate-diagram.yaml @@ -6,7 +6,7 @@ sections: - title: SelfTest ValidateDiagram requirements: - - id: SpdxTool-ST-Diagram + - id: SpdxTool-SelfTest-Diagram title: The SelfTest shall exercise the diagram command. tags: - self-test diff --git a/docs/reqstream/spdx-tool/self-test/validate-find-package.yaml b/docs/reqstream/spdx-tool/self-test/validate-find-package.yaml index dd21ba3..327e1ee 100644 --- a/docs/reqstream/spdx-tool/self-test/validate-find-package.yaml +++ b/docs/reqstream/spdx-tool/self-test/validate-find-package.yaml @@ -6,7 +6,7 @@ sections: - title: SelfTest ValidateFindPackage requirements: - - id: SpdxTool-ST-FindPackage + - id: SpdxTool-SelfTest-FindPackage title: The SelfTest shall exercise the find-package command. tags: - self-test diff --git a/docs/reqstream/spdx-tool/self-test/validate-get-version.yaml b/docs/reqstream/spdx-tool/self-test/validate-get-version.yaml index 69c0220..da0b837 100644 --- a/docs/reqstream/spdx-tool/self-test/validate-get-version.yaml +++ b/docs/reqstream/spdx-tool/self-test/validate-get-version.yaml @@ -6,7 +6,7 @@ sections: - title: SelfTest ValidateGetVersion requirements: - - id: SpdxTool-ST-GetVersion + - id: SpdxTool-SelfTest-GetVersion title: The SelfTest shall exercise the get-version command. tags: - self-test diff --git a/docs/reqstream/spdx-tool/self-test/validate-hash.yaml b/docs/reqstream/spdx-tool/self-test/validate-hash.yaml index 0e4685a..0766da4 100644 --- a/docs/reqstream/spdx-tool/self-test/validate-hash.yaml +++ b/docs/reqstream/spdx-tool/self-test/validate-hash.yaml @@ -6,7 +6,7 @@ sections: - title: SelfTest ValidateHash requirements: - - id: SpdxTool-ST-Hash + - id: SpdxTool-SelfTest-Hash title: The SelfTest shall exercise the hash command. tags: - self-test diff --git a/docs/reqstream/spdx-tool/self-test/validate-ntia.yaml b/docs/reqstream/spdx-tool/self-test/validate-ntia.yaml index ed7508c..5facba2 100644 --- a/docs/reqstream/spdx-tool/self-test/validate-ntia.yaml +++ b/docs/reqstream/spdx-tool/self-test/validate-ntia.yaml @@ -6,7 +6,7 @@ sections: - title: SelfTest ValidateNtia requirements: - - id: SpdxTool-ST-Ntia + - id: SpdxTool-SelfTest-Ntia title: The SelfTest shall exercise the NTIA minimum elements validation. tags: - self-test diff --git a/docs/reqstream/spdx-tool/self-test/validate-query.yaml b/docs/reqstream/spdx-tool/self-test/validate-query.yaml index a0bcf79..2cb0738 100644 --- a/docs/reqstream/spdx-tool/self-test/validate-query.yaml +++ b/docs/reqstream/spdx-tool/self-test/validate-query.yaml @@ -6,7 +6,7 @@ sections: - title: SelfTest ValidateQuery requirements: - - id: SpdxTool-ST-Query + - id: SpdxTool-SelfTest-Query title: The SelfTest shall exercise the query command. tags: - self-test diff --git a/docs/reqstream/spdx-tool/self-test/validate-rename-id.yaml b/docs/reqstream/spdx-tool/self-test/validate-rename-id.yaml index cfc2424..7521264 100644 --- a/docs/reqstream/spdx-tool/self-test/validate-rename-id.yaml +++ b/docs/reqstream/spdx-tool/self-test/validate-rename-id.yaml @@ -6,7 +6,7 @@ sections: - title: SelfTest ValidateRenameId requirements: - - id: SpdxTool-ST-RenameId + - id: SpdxTool-SelfTest-RenameId title: The SelfTest shall exercise the rename-id command. tags: - self-test diff --git a/docs/reqstream/spdx-tool/self-test/validate-run-nuget-workflow.yaml b/docs/reqstream/spdx-tool/self-test/validate-run-nuget-workflow.yaml index 01e88e1..46fdd7d 100644 --- a/docs/reqstream/spdx-tool/self-test/validate-run-nuget-workflow.yaml +++ b/docs/reqstream/spdx-tool/self-test/validate-run-nuget-workflow.yaml @@ -6,7 +6,7 @@ sections: - title: SelfTest ValidateRunNuGetWorkflow requirements: - - id: SpdxTool-ST-RunNuGetWorkflow + - id: SpdxTool-SelfTest-RunNuGetWorkflow title: The SelfTest shall exercise the run-workflow command with NuGet packages. tags: - self-test diff --git a/docs/reqstream/spdx-tool/self-test/validate-to-markdown.yaml b/docs/reqstream/spdx-tool/self-test/validate-to-markdown.yaml index 629e4b2..eca1e14 100644 --- a/docs/reqstream/spdx-tool/self-test/validate-to-markdown.yaml +++ b/docs/reqstream/spdx-tool/self-test/validate-to-markdown.yaml @@ -6,7 +6,7 @@ sections: - title: SelfTest ValidateToMarkdown requirements: - - id: SpdxTool-ST-ToMarkdown + - id: SpdxTool-SelfTest-ToMarkdown title: The SelfTest shall exercise the to-markdown command. tags: - self-test diff --git a/docs/reqstream/spdx-tool/self-test/validate-update-package.yaml b/docs/reqstream/spdx-tool/self-test/validate-update-package.yaml index fb474f1..714709e 100644 --- a/docs/reqstream/spdx-tool/self-test/validate-update-package.yaml +++ b/docs/reqstream/spdx-tool/self-test/validate-update-package.yaml @@ -6,7 +6,7 @@ sections: - title: SelfTest ValidateUpdatePackage requirements: - - id: SpdxTool-ST-UpdatePackage + - id: SpdxTool-SelfTest-UpdatePackage title: The SelfTest shall exercise the update-package command. tags: - self-test diff --git a/docs/reqstream/spdx-tool/self-test/validate.yaml b/docs/reqstream/spdx-tool/self-test/validate.yaml index 45fce53..a60cebc 100644 --- a/docs/reqstream/spdx-tool/self-test/validate.yaml +++ b/docs/reqstream/spdx-tool/self-test/validate.yaml @@ -6,7 +6,7 @@ sections: - title: SelfTest Orchestrator requirements: - - id: SpdxTool-ST-Orchestrate + - id: SpdxTool-SelfTest-Orchestrate title: The SelfTest orchestrator shall execute all validation steps and collect results. tags: - self-test diff --git a/docs/reqstream/spdx-tool/spdx-tool.yaml b/docs/reqstream/spdx-tool/spdx-tool.yaml index f56cf2f..cea69a0 100644 --- a/docs/reqstream/spdx-tool/spdx-tool.yaml +++ b/docs/reqstream/spdx-tool/spdx-tool.yaml @@ -8,7 +8,7 @@ sections: sections: - title: Command-Line Interface requirements: - - id: SpdxTool-Cmd-Version + - id: SpdxTool-Command-Version title: The tool shall display version information when invoked with the -v or --version flag. tags: - cli @@ -19,7 +19,7 @@ sections: - Version_ShortFlag_DisplaysVersion - Version_LongFlag_DisplaysVersion - - id: SpdxTool-Cmd-Help + - id: SpdxTool-Command-Help title: The tool shall display usage information when invoked with the -h, -?, or --help flag. tags: - cli @@ -30,7 +30,7 @@ sections: - Usage_ShortHelpFlag_DisplaysUsage - Usage_LongHelpFlag_DisplaysUsage - - id: SpdxTool-Cmd-InvalidArgs + - id: SpdxTool-Command-InvalidArgs title: The tool shall display an error and usage information when invoked without arguments. tags: - cli @@ -40,7 +40,7 @@ sections: tests: - Usage_NoArguments_DisplaysError - - id: SpdxTool-Cmd-Silent + - id: SpdxTool-Command-Silent title: The tool shall silence console output when invoked with the -s or --silent flag. tags: - cli @@ -51,7 +51,7 @@ sections: - Silent_ShortFlag_SuppressesOutput - Silent_LongFlag_SuppressesOutput - - id: SpdxTool-Cmd-Log + - id: SpdxTool-Command-Log title: The tool shall write output to a log file when invoked with the -l or --log flag. tags: - cli @@ -62,7 +62,7 @@ sections: - Log_ShortFlag_WritesOutputToFile - Log_LongFlag_WritesOutputToFile - - id: SpdxTool-Cmd-Validate + - id: SpdxTool-Command-Validate title: The tool shall perform self-validation when invoked with the --validate flag. tags: - cli @@ -74,7 +74,7 @@ sections: tests: - SelfTest_ValidateFlag_Succeeds - - id: SpdxTool-Cmd-Depth + - id: SpdxTool-Command-Depth title: The tool shall support depth control for self-validation output. tags: - cli @@ -86,7 +86,7 @@ sections: tests: - SelfTest_ValidateFlagWithDepth_ShowsDepth - - id: SpdxTool-Cmd-ResultsTrx + - id: SpdxTool-Command-ResultsTrx title: The tool shall write self-validation results as TRX when the --result flag uses a .trx extension. tags: - cli @@ -99,7 +99,7 @@ sections: tests: - SelfTest_ValidateFlagWithResults_GeneratesTrxFile - - id: SpdxTool-Cmd-ResultsJUnit + - id: SpdxTool-Command-ResultsJUnit title: The tool shall write self-validation results as JUnit XML when the --result flag uses .xml extension. tags: - cli diff --git a/docs/reqstream/spdx-tool/utility/utility.yaml b/docs/reqstream/spdx-tool/utility/utility.yaml index d7e35fc..aac5640 100644 --- a/docs/reqstream/spdx-tool/utility/utility.yaml +++ b/docs/reqstream/spdx-tool/utility/utility.yaml @@ -9,7 +9,7 @@ sections: sections: - title: Utility requirements: - - id: SpdxTool-Util-SafePath + - id: SpdxTool-Utility-SafePath title: The PathHelpers unit shall reject path components containing traversal sequences or absolute paths. tags: - utility @@ -23,7 +23,7 @@ sections: - PathHelpers_SafePathCombine_DoubleDotsInMiddle_ThrowsArgumentException - PathHelpers_SafePathCombine_AbsolutePath_ThrowsArgumentException - - id: SpdxTool-Util-ValidPath + - id: SpdxTool-Utility-ValidPath title: The PathHelpers unit shall correctly combine valid relative paths with a base path. tags: - utility @@ -36,7 +36,7 @@ sections: - PathHelpers_SafePathCombine_NestedPaths_CombinesCorrectly - PathHelpers_SafePathCombine_EmptyRelativePath_ReturnsBasePath - - id: SpdxTool-Util-Wildcard + - id: SpdxTool-Utility-Wildcard title: The Wildcard unit shall match strings against glob-style wildcard patterns case-insensitively. tags: - utility diff --git a/docs/user_guide/introduction.md b/docs/user_guide/introduction.md index a6dbef9..1a09bc8 100644 --- a/docs/user_guide/introduction.md +++ b/docs/user_guide/introduction.md @@ -92,8 +92,8 @@ spdx-tool [options] [arguments] * `help ` - Display extended help about a command * `add-package` - Add package to SPDX document (workflow only) * `add-relationship ` - Add relationship between elements -* `copy-package ` - Copy package between SPDX documents (workflow only) -* `diagram ` - Generate mermaid diagram +* `copy-package ` - Copy package between SPDX documents +* `diagram [tools]` - Generate mermaid diagram * `find-package ` - Find package ID in SPDX document * `get-version ` - Get the version of an SPDX package * `hash ` - Generate or verify hashes of files @@ -914,7 +914,7 @@ Example validation report: ✓ SpdxTool_AddPackage - Passed ✓ SpdxTool_AddRelationship - Passed -✓ SpdxTool_Validate - Passed +✓ SpdxTool_Basic - Passed ✓ SpdxTool_CopyPackage - Passed ✓ SpdxTool_Diagram - Passed ✓ SpdxTool_FindPackage - Passed @@ -946,7 +946,7 @@ Each test exercises a specific SpdxTool command end-to-end and verifies the expe `add-relationship` command to add a `CONTAINS` relationship with a comment between them. Verifies that the resulting document contains the relationship with the correct type and comment. -* **SpdxTool_Validate** - Creates a valid SPDX document and verifies that the `validate` command +* **SpdxTool_Basic** - Creates a valid SPDX document and verifies that the `validate` command accepts it (exit code 0). Then creates an invalid SPDX document (package missing its SPDXID) and verifies that the `validate` command rejects it with an appropriate error message. diff --git a/src/DemaConsulting.SpdxTool/Commands/CopyPackage.cs b/src/DemaConsulting.SpdxTool/Commands/CopyPackage.cs index ee39ca2..f40a1f0 100644 --- a/src/DemaConsulting.SpdxTool/Commands/CopyPackage.cs +++ b/src/DemaConsulting.SpdxTool/Commands/CopyPackage.cs @@ -47,7 +47,7 @@ public sealed class CopyPackage : Command public static readonly CommandEntry Entry = new( Command, "copy-package ", - "Copy package between SPDX documents (workflow only).", + "Copy package between SPDX documents.", [ "This command copies a package from one SPDX document to another.", "", diff --git a/src/DemaConsulting.SpdxTool/Commands/Query.cs b/src/DemaConsulting.SpdxTool/Commands/Query.cs index 1b8db5c..f34343e 100644 --- a/src/DemaConsulting.SpdxTool/Commands/Query.cs +++ b/src/DemaConsulting.SpdxTool/Commands/Query.cs @@ -167,7 +167,7 @@ public static string QueryProgramOutput(string pattern, string program, string[] var stdoutTask = process.StandardOutput.ReadToEndAsync(); var stderrTask = process.StandardError.ReadToEndAsync(); Task.WaitAll(stdoutTask, stderrTask); - var output = stdoutTask.Result.Trim() + stderrTask.Result.Trim(); + var output = (stdoutTask.Result + "\n" + stderrTask.Result).Trim(); // Wait for the process to exit process.WaitForExit(); diff --git a/src/DemaConsulting.SpdxTool/Commands/SetVariable.cs b/src/DemaConsulting.SpdxTool/Commands/SetVariable.cs index a6ee36f..b17fead 100644 --- a/src/DemaConsulting.SpdxTool/Commands/SetVariable.cs +++ b/src/DemaConsulting.SpdxTool/Commands/SetVariable.cs @@ -78,8 +78,8 @@ public override void Run(Context context, YamlMappingNode step, Dictionary [arguments] Options: - -h, --help Show this help message and exit + -h, -?, --help Show this help message and exit -v, --version Show version information and exit -l, --log Log output to file -s, --silent Silence console output --validate Perform self-validation -r, --result Self-validation result file (.trx or .xml for JUnit) + --depth Self-validation report depth level Commands: """); diff --git a/src/DemaConsulting.SpdxTool/SelfTest/ValidateBasic.cs b/src/DemaConsulting.SpdxTool/SelfTest/ValidateBasic.cs index 1537cdd..fd850be 100644 --- a/src/DemaConsulting.SpdxTool/SelfTest/ValidateBasic.cs +++ b/src/DemaConsulting.SpdxTool/SelfTest/ValidateBasic.cs @@ -40,18 +40,18 @@ public static void Run(Context context, TestResults.TestResults results) // Report validation result to console if (passed) { - context.WriteLine($"✓ SpdxTool_Validate - Passed"); + context.WriteLine($"✓ SpdxTool_Basic - Passed"); } else { - context.WriteError($"✗ SpdxTool_Validate - Failed"); + context.WriteError($"✗ SpdxTool_Basic - Failed"); } // Add validation result to test results collection results.Results.Add( new TestResult { - Name = "SpdxTool_Validate", + Name = "SpdxTool_Basic", ClassName = "DemaConsulting.SpdxTool.SelfTest.ValidateBasic", ComputerName = Environment.MachineName, StartTime = DateTime.Now, diff --git a/src/DemaConsulting.SpdxTool/SelfTest/ValidateRenameId.cs b/src/DemaConsulting.SpdxTool/SelfTest/ValidateRenameId.cs index 79f41d0..348877f 100644 --- a/src/DemaConsulting.SpdxTool/SelfTest/ValidateRenameId.cs +++ b/src/DemaConsulting.SpdxTool/SelfTest/ValidateRenameId.cs @@ -136,6 +136,10 @@ private static bool DoValidate() Packages: [ { Id: "SPDXRef-Package-2" } + ], + Relationships: + [ + { RelatedSpdxElement: "SPDXRef-Package-2" } ] }; } diff --git a/test/DemaConsulting.SpdxTool.Tests/IntegrationTests.cs b/test/DemaConsulting.SpdxTool.Tests/IntegrationTests.cs index b139ae8..27beec6 100644 --- a/test/DemaConsulting.SpdxTool.Tests/IntegrationTests.cs +++ b/test/DemaConsulting.SpdxTool.Tests/IntegrationTests.cs @@ -106,7 +106,7 @@ public void SelfTest_ValidateFlagWithResults_GeneratesTrxFile() Assert.Contains("SpdxTool_RunNuGetWorkflow", results); Assert.Contains("SpdxTool_ToMarkdown", results); Assert.Contains("SpdxTool_UpdatePackage", results); - Assert.Contains("SpdxTool_Validate", results); + Assert.Contains("SpdxTool_Basic", results); Assert.Contains(""" @@ -161,7 +161,7 @@ public void SelfTest_ValidateFlagWithResults_GeneratesJUnitFile() Assert.Contains("SpdxTool_RunNuGetWorkflow", results); Assert.Contains("SpdxTool_ToMarkdown", results); Assert.Contains("SpdxTool_UpdatePackage", results); - Assert.Contains("SpdxTool_Validate", results); + Assert.Contains("SpdxTool_Basic", results); Assert.Contains("