Generate externalRefs with PURL #150
Conversation
| @@ -478,9 +478,16 @@ public class CreateSpdxMojo extends AbstractMojo | |||
| * If true, use ${project.groupId}:${artifactId} as the SPDX package name. | |||
| * Otherwise, ${project.name} will be used | |||
| */ | |||
| @Parameter | |||
| @Parameter( property = "spdx.useArtifactID" ) | |||
There was a problem hiding this comment.
I've included the property here so the parameter can work running the goal via CLI.
| @@ -4,7 +4,7 @@ | |||
| <modelVersion>4.0.0</modelVersion> | |||
|
|
|||
| <groupId>org.spdx</groupId> | |||
| <artifactId>spdx maven plugin test</artifactId> | |||
| <artifactId>spdx-maven-plugin-test</artifactId> | |||
There was a problem hiding this comment.
In the test, a PURL cannot be created with whitespaces. I've changed whitespaces to dashes.
There was a problem hiding this comment.
are spaces allowed in artifact IDs? I noticed the naming guidelines suggest "no strange symbols", but nothing specific about spaces.
If spaces are allowed, do we need to change the PURL generator to escape the spaces (e.g. %20)?
There was a problem hiding this comment.
Thanks to you for the quick review!
Good point here. I've URL encoded the artifactId, which replaces the whitespaces with +. This will also encode any other symbol not valid in a PURL.
There was a problem hiding this comment.
One question and one suggested change.
Thanks @rogelio-o for pulling this together!
| * If true, adds an external reference to every package with category "PACKAGE-MANAGER", type "purl" | ||
| * and locator "pkg:maven/${project.groupId}/${project.artifactId}@${project.version}". | ||
| */ | ||
| @Parameter( property = "spdx.generatePurls" ) |
There was a problem hiding this comment.
I'm thinking we default this to true - it really is something useful and a recommended practice for SPDX document generation.
There was a problem hiding this comment.
Agree, it can be very handy. Set default value to true in ae2294f.
| @@ -4,7 +4,7 @@ | |||
| <modelVersion>4.0.0</modelVersion> | |||
|
|
|||
| <groupId>org.spdx</groupId> | |||
| <artifactId>spdx maven plugin test</artifactId> | |||
| <artifactId>spdx-maven-plugin-test</artifactId> | |||
There was a problem hiding this comment.
are spaces allowed in artifact IDs? I noticed the naming guidelines suggest "no strange symbols", but nothing specific about spaces.
If spaces are allowed, do we need to change the PURL generator to escape the spaces (e.g. %20)?
There was a problem hiding this comment.
LGTM - I did check to see if we needed to URLEncode the group ID, but based on the naming conventions, it should already be URL safe.
Thanks @rogelio-o for implementing this.
|
@rogelio-o - It looks like the recent merge of your other pull request caused a merge conflict - if you could resolve, I'll go ahead and merge. |
Thanks to you for your quick feedback!
@goneall done! |
|
@nishakm - you may be interested in this PR |
Type of change
Changes proposed in this pull request
Project name: Generate externalRefs with PURL #149
Description