Make add-package and copy-package relationships optional.

README.md

@@ -161,7 +161,7 @@ steps:
       license: <license>          # Optional package license
       purl: <package-url>         # Optional package purl
       cpe23: <cpe-identifier>     # Optional package cpe23
-    relationships:                # Relationships
+    relationships:                # Optional relationships
     - type: <relationship>        # Relationship type
       element: <element>          # Related element
       comment: <comment>          # Optional comment
@@ -189,7 +189,7 @@ steps:
     to: <to.spdx.json>            # Destination SPDX file name
     package: <package>            # Package ID
     recursive: true               # Optional recursive flag
-    relationships:                # Relationships
+    relationships:                # Optional relationships
     - type: <relationship>        # Relationship type
       element: <element>          # Related element
       comment: <comment>          # Optional comment

src/DemaConsulting.SpdxTool/Commands/AddPackage.cs

@@ -44,7 +44,7 @@ public class AddPackage : Command
             "        license: <license>          # Optional package license",
             "        purl: <package-url>         # Optional package purl",
             "        cpe23: <cpe-identifier>     # Optional package cpe23",
-            "      relationships:                # Relationships",
+            "      relationships:                # Optional relationships",
             "      - type: <relationship>        # Relationship type",
             "        element: <element>          # Related element",
             "        comment: <comment>          # Optional comment",
@@ -89,8 +89,7 @@ public override void Run(YamlMappingNode step, Dictionary<string, string> variab
         var package = ParsePackage("add-package", packageMap, variables);
 
         // Parse the relationships
-        var relationshipsSequence = GetMapSequence(inputs, "relationships") ??
-                                    throw new YamlException(step.Start, step.End, "'add-package' missing 'relationships' input");
+        var relationshipsSequence = GetMapSequence(inputs, "relationships");
         var relationships = AddRelationship.Parse("add-package", package.Id, relationshipsSequence, variables);
 
         // Add the package

src/DemaConsulting.SpdxTool/Commands/AddRelationship.cs

@@ -161,9 +161,13 @@ public static void Add(SpdxDocument doc, SpdxRelationship relationship)
     public static SpdxRelationship[] Parse(
         string command,
         string packageId,
-        YamlSequenceNode relationships,
+        YamlSequenceNode? relationships,
         Dictionary<string, string> variables)
     {
+        // Handle no relationships
+        if (relationships == null)
+            return Array.Empty<SpdxRelationship>();
+
         // Parse each relationship
         return relationships.Children.Select(node =>
         {

src/DemaConsulting.SpdxTool/Commands/CopyPackage.cs

@@ -36,7 +36,7 @@ public class CopyPackage : Command
             "      to: <to.spdx.json>            # Destination SPDX file name",
             "      package: <package>            # Package ID",
             "      recursive: true               # Optional recursive flag",
-            "      relationships:                # Relationships",
+            "      relationships:                # Optional relationships",
             "      - type: <relationship>        # Relationship type",
             "        element: <element>          # Related element",
             "        comment: <comment>          # Optional comment",
@@ -109,8 +109,7 @@ public override void Run(YamlMappingNode step, Dictionary<string, string> variab
             throw new YamlException(step.Start, step.End, "'copy-package' invalid 'recursive' input");
 
         // Parse the relationships
-        var relationshipsSequence = GetMapSequence(inputs, "relationships") ??
-                                    throw new YamlException(step.Start, step.End, "'copy-package' missing 'relationships' input");
+        var relationshipsSequence = GetMapSequence(inputs, "relationships");
         var relationships = AddRelationship.Parse("add-package", packageId, relationshipsSequence, variables);
 
         // Copy the package

test/DemaConsulting.SpdxTool.Tests/TestAddPackage.cs

@@ -109,6 +109,73 @@ public void AddPackageSimple()
         }
     }
 
+    [TestMethod]
+    public void AddPackageNoRelationship()
+    {
+        // SPDX contents
+        const string spdxContents = "{\r\n" +
+                                    "  \"files\": [],\r\n" +
+                                    "  \"packages\": [],\r\n" +
+                                    "  \"relationships\": [],\r\n" +
+                                    "  \"spdxVersion\": \"SPDX-2.2\",\r\n" +
+                                    "  \"dataLicense\": \"CC0-1.0\",\r\n" +
+                                    "  \"SPDXID\": \"SPDXRef-DOCUMENT\",\r\n" +
+                                    "  \"name\": \"Test Document\",\r\n" +
+                                    "  \"documentNamespace\": \"https://sbom.spdx.org\",\r\n" +
+                                    "  \"creationInfo\": {\r\n" +
+                                    "    \"created\": \"2021-10-01T00:00:00Z\",\r\n" +
+                                    "    \"creators\": [ \"Person: Malcolm Nixon\" ]\r\n" +
+                                    "  },\r\n" +
+                                    "  \"documentDescribes\": []\r\n" +
+                                    "}";
+
+        // Workflow contents
+        const string workflowContents = "steps:\n" +
+                                        "- command: add-package\n" +
+                                        "  inputs:\n" +
+                                        "    spdx: spdx.json\n" +
+                                        "    package:\n" +
+                                        "      id: SPDXRef-Package-1\n" +
+                                        "      name: Test Package 1\n" +
+                                        "      version: 1.0.0\n" +
+                                        "      download: https://dotnet.microsoft.com/download\n" +
+                                        "      purl: pkg:nuget/BogusPackage@1.0.0\n";
+
+        try
+        {
+            // Write the SPDX files
+            File.WriteAllText("spdx.json", spdxContents);
+            File.WriteAllText("workflow.yaml", workflowContents);
+
+            // Run the command
+            var exitCode = Runner.Run(
+                out _,
+                "dotnet",
+                "DemaConsulting.SpdxTool.dll",
+                "run-workflow",
+                "workflow.yaml");
+
+            // Verify success
+            Assert.AreEqual(0, exitCode);
+
+            // Read the SPDX document
+            Assert.IsTrue(File.Exists("spdx.json"));
+            var doc = Spdx2JsonDeserializer.Deserialize(File.ReadAllText("spdx.json"));
+
+            // Verify package present
+            Assert.AreEqual(1, doc.Packages.Length);
+            Assert.AreEqual("SPDXRef-Package-1", doc.Packages[0].Id);
+
+            // Verify no relationships
+            Assert.AreEqual(0, doc.Relationships.Length);
+        }
+        finally
+        {
+            File.Delete("spdx.json");
+            File.Delete("workflow.yaml");
+        }
+    }
+
     [TestMethod]
     public void AddPackageFromQuery()
     {