Added new commands to tool

.github/workflows/build_on_push.yaml

@@ -16,7 +16,13 @@ jobs:
           6.x
           8.x
 
-    - name: Install dependencies
+    - name: Restore Tools
+      run: >
+        dotnet
+        tool
+        restore
+
+    - name: Restore Dependencies
       run: > 
         dotnet
         restore
@@ -34,3 +40,31 @@ jobs:
         test
         --no-build
         --configuration Release
+
+    - name: Generate SBOM
+      run: >
+        dotnet
+        sbom-tool
+        generate
+        -b src/DemaConsulting.SpdxTool/bin/Release
+        -bc src/DemaConsulting.SpdxTool
+        -pn DemaConsulting.SpdxTool
+        -pv 0.0.0-cibuild
+        -ps DemaConsulting
+        -nsb https://DemaConsulting.com/SpdxTool
+
+    - name: Run SBOM Workflow
+      run: >
+        dotnet
+        src/DemaConsulting.SpdxTool/bin/Release/net8.0/DemaConsulting.SpdxTool.dll
+        run-workflow
+        spdx-workflow.yaml
+
+    - name: Upload Artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: artifacts
+        path: |
+          **/manifest.spdx.json
+          **/manifest.spdx.json.sha256
+          manifest.spdx.summary.md

.github/workflows/release.yaml

@@ -31,7 +31,7 @@ jobs:
         tool
         restore
 
-    - name: Install dependencies
+    - name: Restore Dependencies
       run: >
         dotnet
         restore
@@ -64,13 +64,12 @@ jobs:
         -ps DemaConsulting
         -nsb https://DemaConsulting.com/SpdxTool
 
-    - name: Generate SBOM Summary
+    - name: Run SBOM Workflow
       run: >
         dotnet
         src/DemaConsulting.SpdxTool/bin/Release/net8.0/DemaConsulting.SpdxTool.dll
-        to-markdown
-        src/DemaConsulting.SpdxTool/bin/Release/_manifest/spdx_2.2/manifest.spdx.json
-        manifest.spdx.summary.md
+        run-workflow
+        spdx-workflow.yaml
 
     - name: Create Dotnet Tool
       run: >

DemaConsulting.SpdxTool.sln.DotSettings

@@ -1,3 +1,4 @@
 <wpf:ResourceDictionary xml:space="preserve" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" xmlns:s="clr-namespace:System;assembly=mscorlib" xmlns:ss="urn:shemas-jetbrains-com:settings-storage-xaml" xmlns:wpf="http://schemas.microsoft.com/winfx/2006/xaml/presentation">
 	<s:Boolean x:Key="/Default/UserDictionary/Words/=Dema/@EntryIndexedValue">True</s:Boolean>
+	<s:Boolean x:Key="/Default/UserDictionary/Words/=NOASSERTION/@EntryIndexedValue">True</s:Boolean>
 	<s:Boolean x:Key="/Default/UserDictionary/Words/=SPDXID/@EntryIndexedValue">True</s:Boolean></wpf:ResourceDictionary>

README.md

@@ -38,10 +38,13 @@ Options:
 
 Commands:
   help <command>                         Display extended help about a command
+  add-package                            Add package to SPDX document (workflow only).
+  copy-package <arguments>               Copy package information from one SPDX document to another.
+  query <pattern> <command> [arguments]  Query program output for value
+  rename-id <arguments>                  Rename an element ID in an SPDX document.
   run-workflow <workflow.yaml>           Runs the workflow file
+  sha256 <operation> <file>              Generate or verify sha256 hashes of files
   to-markdown <spdx.yaml> <out.md>       Create Markdown summary for SPDX document
-  rename-id <arguments>                  Rename an element ID in an SPDX document.
-  copy-package <arguments>               Copy package information from one SPDX document to another.
 ```
 
 
@@ -50,42 +53,90 @@ Commands:
 The SpdxTool can be driven using workflow yaml files of the following format:
 
 ```yaml
+# Workflow parameters
+parameters:
+  parameter-name: value
+
+# Workflow steps
 steps:
 - command: <command-name>
   inputs:
     <arguments mapping>
 
 - command: <command-name>
   inputs:
-    <arguments mapping>
+    input1: value
+    input2: ${{ parameter-name }}
 ```
 
-## YAML Commands
+## YAML Variables
 
-The following are the supported commands and their formats:
+Variables are specified at the top of the workflow file in a parameters section:
 
 ```yaml
-steps:
+# Workflow parameters
+parameters:
+  parameter1: value1
+  parameter2: value2
+```
 
-  # Run a separate workflow file
-- command: run-workflow
+Variables can be expanded in step inputs using the dollar expansion syntax
+
+```yaml
+# Workflow steps
+steps:
+- command: <command-name>
   inputs:
-    file: other-workflow-file.yaml
-    parameters:
-      <optional parameters>
+    input1: ${{ parameter1 }}
+    input2: Insert ${{ parameter2 }} in the middle
+```
 
-  # Create a summary markdown from the specified SPDX document
-- command: to-markdown
+Variables can be overridden on the command line:
+
+```
+spdx-tool run-workflow workflow.yaml parameter1=command parameter2=line
+```
+
+Variables can be changed at runtime by some steps:
+
+```yaml
+# Workflow parameters
+parameters:
+  dotnet-version: unknown
+
+steps:
+- command: query
   inputs:
-    spdx: input.spdx.json
-    markdown: output.md
+    output: dotnet-version
+    pattern: '(?<value>\d+\.\d+\.\d+)'
+    program: dotnet
+    arguments:
+    - '--version'
+```
 
-  # Rename the SPDX-ID of an element in an SPDX document
-- command: rename-id
+
+## YAML Commands
+
+The following are the supported commands and their formats:
+
+```yaml
+steps:
+
+  # Add a package to an SPDX document
+- command: add-package
   inputs:
+    package:
+      id: <id>
+      name: <name>
+      copyright: <copyright>
+      version: <version>
+      download: <download-url>
+      license: <license>       # optional
+      purl: <package-url>      # optional
+      cpe23: <cpe-identifier>  # optional
     spdx: <spdx.json>
-    old: <old-id>
-    new: <new-id>
+    relationship: <relationship>
+    element: <element>
 
   # Copy a package from one SPDX document to another SPDX document  
 - command: copy-package
@@ -95,4 +146,40 @@ steps:
     package: <package>
     relationship: <relationship>
     element: <element>
+
+  # Query information from the output of a program
+- command: query
+  inputs:
+    output: <variable>
+    pattern: <regex with 'value' capture>
+    program: <program>
+    arguments:
+    - <argument>
+    - <argument>
+
+  # Rename the SPDX-ID of an element in an SPDX document
+- command: rename-id
+  inputs:
+    spdx: <spdx.json>
+    old: <old-id>
+    new: <new-id>
+
+  # Run a separate workflow file
+- command: run-workflow
+  inputs:
+    file: other-workflow-file.yaml
+    parameters:
+      <optional parameters>
+
+  # Perform Sha256 operations on the specified file
+- command: help
+  inputs:
+    operation: generate | verify
+    file: <file>
+
+  # Create a summary markdown from the specified SPDX document
+- command: to-markdown
+  inputs:
+    spdx: input.spdx.json
+    markdown: output.md
 ```

spdx-workflow.yaml

@@ -0,0 +1,45 @@
+# This workflow demonstrates using spdx-tool to manipulate an SPDX document
+# adding new packages, updating the sha256 digest, and generating a
+# summary markdown document describing the contents.
+
+
+# Workflow Parameters
+parameters:
+  dotnet-version: unknown
+  spdx: src/DemaConsulting.SpdxTool/bin/Release/_manifest/spdx_2.2/manifest.spdx.json
+  summary-markdown: manifest.spdx.summary.md
+
+# Steps
+steps:
+
+  # Query the version of dotnet
+- command: query
+  inputs:
+    output: dotnet-version
+    pattern: '(?<value>\d+\.\d+\.\d+)'
+    program: dotnet
+    arguments:
+    - '--version'
+
+  # Add DotNet SDK as a build tool of the package
+- command: add-package
+  inputs:
+    package:
+      id: SPDXRef-Package-DotNetSDK
+      name: DotNet SDK ${{ dotnet-version }}
+      version: ${{ dotnet-version }}
+      download: https://dotnet.microsoft.com/download
+    spdx: ${{ spdx }}
+    relationship: BUILD_TOOL_OF
+    element: SPDXRef-RootPackage
+
+  # Update the Sha256 digest on the SPDX document
+- command: sha256
+  inputs:
+    operation: generate
+    file: ${{ spdx }}
+
+- command: to-markdown
+  inputs:
+    spdx: ${{ spdx }}
+    markdown: ${{ summary-markdown }}