Skip to content

[spdx] Replace CMake variables in vcpkg_download_distfile() #1607

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
BillyONeal merged 5 commits into from
Mar 31, 2025
Merged

[spdx] Replace CMake variables in vcpkg_download_distfile() #1607

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d034830
[spdx] Replace CMake variables in `vcpkg_download_distfile()`
Thomas1664 Mar 8, 2025
9ea62ca
Add unit tests
Thomas1664 Mar 22, 2025
c7ff93b
fix sourceforge
Thomas1664 Mar 22, 2025
dbbccce
Merge branch 'main' of https://github.com/microsoft/vcpkg-tool into f…
Thomas1664 Mar 23, 2025
4a110c2
Merge remote-tracking branch 'origin/main' into fix-spdx-distfile
BillyONeal Mar 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
258 changes: 258 additions & 0 deletions src/vcpkg-test/spdx.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,264 @@ TEST_CASE ("extract arg from cmake invocation args", "[spdx]")
}
}

TEST_CASE ("spdx run resource heuristics", "[spdx]")
{
auto portfile_cmake = R"(
vcpkg_download_distfile(ARCHIVE
URLS "https://vcpkg-download-distfile.dev/${VERSION}.tar.gz"
"https://vcpkg-download-distfile.dev/${VERSION}-other.tar.gz"
FILENAME "distfile-${VERSION}.tar.gz"
SHA512 distfile_test_1
)
vcpkg_from_github(
OUT_SOURCE_PATH SOURCE_PATH
REPO from/github
REF v${VERSION}
SHA512 from_github_test_1
HEAD_REF devel
)
vcpkg_from_gitlab(
OUT_SOURCE_PATH SOURCE_PATH
GITLAB_URL https://from.gitlab.org
REPO from/gitlab
REF "${VERSION}"
SHA512 from_gitlab_test_1
)
vcpkg_from_sourceforge(
OUT_SOURCE_PATH SOURCE_PATH
REPO sourceforge
REF sourceforge
FILENAME "sourceforge-${VERSION}.tar.gz"
SHA512 sourceforge_test_1
)
vcpkg_from_bitbucket(
OUT_SOURCE_PATH SOURCE_PATH
REPO from/bitbucket
REF "v${VERSION}"
SHA512 from_bitbucket_test_1
HEAD_REF master
)
vcpkg_download_distfile(ARCHIVE
URLS "https://vcpkg-download-distfile.dev/${VERSION}.tar.gz"
"https://vcpkg-download-distfile.dev/${VERSION}-other.tar.gz"
FILENAME "distfile-${VERSION}.tar.gz"
SHA512 distfile_test_2
)
vcpkg_from_github(
OUT_SOURCE_PATH SOURCE_PATH
REPO from/github
REF v${VERSION}
SHA512 from_github_test_2
HEAD_REF devel
)
vcpkg_from_gitlab(
OUT_SOURCE_PATH SOURCE_PATH
GITLAB_URL https://from.gitlab.org
REPO from/gitlab
REF "${VERSION}"
SHA512 from_gitlab_test_2
)
vcpkg_from_sourceforge(
OUT_SOURCE_PATH SOURCE_PATH
REPO sourceforge
REF sourceforge
FILENAME "sourceforge-${VERSION}.tar.gz"
SHA512 sourceforge_test_2
)
vcpkg_from_bitbucket(
OUT_SOURCE_PATH SOURCE_PATH
REPO from/bitbucket
REF "v${VERSION}"
SHA512 from_bitbucket_test_2
HEAD_REF master
)
vcpkg_from_git(
OUT_SOURCE_PATH SOURCE_PATH
URL https://from-git-1.dev
REF "${VERSION}"
HEAD_REF main
)
vcpkg_from_git(
OUT_SOURCE_PATH SOURCE_PATH
URL https://from-git-2.dev
REF "${VERSION}"
HEAD_REF main
)
)";
auto expected = Json::parse(R"json(
{
"packages": [
{
"SPDXID": "SPDXRef-resource-0",
"name": "from/github",
"downloadLocation": "git+https://github.com/from/[email protected]",
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"checksums": [
{
"algorithm": "SHA512",
"checksumValue": "from_github_test_1"
}
]
},
{
"SPDXID": "SPDXRef-resource-1",
"name": "from/github",
"downloadLocation": "git+https://github.com/from/[email protected]",
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"checksums": [
{
"algorithm": "SHA512",
"checksumValue": "from_github_test_2"
}
]
},
{
"SPDXID": "SPDXRef-resource-2",
"name": "from/gitlab",
"downloadLocation": "git+https://from.gitlab.org/from/[email protected]",
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"checksums": [
{
"algorithm": "SHA512",
"checksumValue": "from_gitlab_test_1"
}
]
},
{
"SPDXID": "SPDXRef-resource-3",
"name": "from/gitlab",
"downloadLocation": "git+https://from.gitlab.org/from/[email protected]",
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"checksums": [
{
"algorithm": "SHA512",
"checksumValue": "from_gitlab_test_2"
}
]
},
{
"SPDXID": "SPDXRef-resource-4",
"name": "https://from-git-1.dev",
"downloadLocation": "git+https://[email protected]",
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION"
},
{
"SPDXID": "SPDXRef-resource-5",
"name": "https://from-git-2.dev",
"downloadLocation": "git+https://[email protected]",
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION"
},
{
"SPDXID": "SPDXRef-resource-6",
"name": "distfile-3.2.1.tar.gz",
"packageFileName": "distfile-3.2.1.tar.gz",
"downloadLocation": "https://vcpkg-download-distfile.dev/3.2.1.tar.gz",
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"checksums": [
{
"algorithm": "SHA512",
"checksumValue": "distfile_test_1"
}
]
},
{
"SPDXID": "SPDXRef-resource-7",
"name": "distfile-3.2.1.tar.gz",
"packageFileName": "distfile-3.2.1.tar.gz",
"downloadLocation": "https://vcpkg-download-distfile.dev/3.2.1.tar.gz",
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"checksums": [
{
"algorithm": "SHA512",
"checksumValue": "distfile_test_2"
}
]
},
{
"SPDXID": "SPDXRef-resource-8",
"name": "sourceforge-3.2.1.tar.gz",
"packageFileName": "sourceforge-3.2.1.tar.gz",
"downloadLocation": "https://sourceforge.net/projects/sourceforge/files/sourceforge/sourceforge-3.2.1.tar.gz",
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"checksums": [
{
"algorithm": "SHA512",
"checksumValue": "sourceforge_test_1"
}
]
},
{
"SPDXID": "SPDXRef-resource-9",
"name": "sourceforge-3.2.1.tar.gz",
"packageFileName": "sourceforge-3.2.1.tar.gz",
"downloadLocation": "https://sourceforge.net/projects/sourceforge/files/sourceforge/sourceforge-3.2.1.tar.gz",
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"checksums": [
{
"algorithm": "SHA512",
"checksumValue": "sourceforge_test_2"
}
]
},
{
"SPDXID": "SPDXRef-resource-10",
"name": "from/bitbucket",
"downloadLocation": "git+https://bitbucket.com/from/[email protected]",
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"checksums": [
{
"algorithm": "SHA512",
"checksumValue": "from_bitbucket_test_1"
}
]
},
{
"SPDXID": "SPDXRef-resource-11",
"name": "from/bitbucket",
"downloadLocation": "git+https://bitbucket.com/from/[email protected]",
"licenseConcluded": "NOASSERTION",
"licenseDeclared": "NOASSERTION",
"copyrightText": "NOASSERTION",
"checksums": [
{
"algorithm": "SHA512",
"checksumValue": "from_bitbucket_test_2"
}
]
}
]
})json",
"test")
.value(VCPKG_LINE_INFO);

auto generated_spdx = run_resource_heuristics(portfile_cmake, "3.2.1");
auto spdx_str = Json::stringify(generated_spdx);
auto res = Json::parse(spdx_str, "test").value(VCPKG_LINE_INFO);
Test::check_json_eq(expected.value, res.value);
}

TEST_CASE ("spdx maximum serialization", "[spdx]")
{
PackagesDirAssigner packages_dir_assigner{"test_packages_root"};
Expand Down
14 changes: 8 additions & 6 deletions src/vcpkg/spdx.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -233,7 +233,7 @@ static void find_all_git(StringView text, Json::Array& packages, StringView vers
}
}

static void find_all_distfile(StringView text, Json::Array& packages)
static void find_all_distfile(StringView text, Json::Array& packages, StringView version_text)
{
auto it = text.begin();
while (it != text.end())
Expand All @@ -244,11 +244,12 @@ static void find_all_distfile(StringView text, Json::Array& packages)
it = text.end();
continue;
}
auto url = extract_arg_from_cmake_invocation_args(distfile, CMakeVariableUrls);
auto filename = extract_arg_from_cmake_invocation_args(distfile, CMakeVariableFilename);
auto url = fix_ref_version(extract_arg_from_cmake_invocation_args(distfile, CMakeVariableUrls), version_text);
auto filename =
fix_ref_version(extract_arg_from_cmake_invocation_args(distfile, CMakeVariableFilename), version_text);
auto sha = extract_arg_from_cmake_invocation_args(distfile, CMakeVariableSHA512);
packages.push_back(make_resource(
fmt::format("SPDXRef-resource-{}", packages.size()), filename, url.to_string(), sha, filename));
fmt::format("SPDXRef-resource-{}", packages.size()), filename, std::move(url), sha, filename));
it = distfile.end();
}
}
Expand All @@ -266,7 +267,8 @@ static void find_all_sourceforge(StringView text, Json::Array& packages, StringV
}
auto repo = extract_arg_from_cmake_invocation_args(sfg, CMakeVariableRepo);
auto ref = fix_ref_version(extract_arg_from_cmake_invocation_args(sfg, CMakeVariableRef), version_text);
auto filename = extract_arg_from_cmake_invocation_args(sfg, CMakeVariableFilename);
auto filename =
fix_ref_version(extract_arg_from_cmake_invocation_args(sfg, CMakeVariableFilename), version_text);
auto sha = extract_arg_from_cmake_invocation_args(sfg, CMakeVariableSHA512);
auto url = fmt::format("https://sourceforge.net/projects/{}/files/{}/{}", repo, ref, filename);
packages.push_back(make_resource(
Expand All @@ -285,7 +287,7 @@ Json::Object vcpkg::run_resource_heuristics(StringView contents, StringView vers
find_all_github(contents, packages, version_text);
find_all_gitlab(contents, packages, version_text);
find_all_git(contents, packages, version_text);
find_all_distfile(contents, packages);
find_all_distfile(contents, packages, version_text);
find_all_sourceforge(contents, packages, version_text);
find_all_bitbucket(contents, packages, version_text);

Expand Down