diff --git a/.github/requirements.txt b/.github/requirements.txt new file mode 100644 index 0000000..aea2b7b --- /dev/null +++ b/.github/requirements.txt @@ -0,0 +1 @@ +yamale==5.2.1 \ No newline at end of file diff --git a/.github/workflows/build-pull-request.yml b/.github/workflows/build-pull-request.yml index e1edcae..535ac19 100644 --- a/.github/workflows/build-pull-request.yml +++ b/.github/workflows/build-pull-request.yml @@ -16,6 +16,21 @@ jobs: uses: actions/setup-node@v4 with: node-version: 'lts/*' + + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + with: + python-version: '3.10' + cache: 'pip' # caching pip dependencies + - run: pip install -r .github/requirements.txt + + - name: Lint Catalog Data + run: yamllint -d relaxed SBOM-Catalog + + - name: Schema Check Catalog Data + run: yamale -s SBOM-Catalog/schemas/data.yaml SBOM-Catalog/public/data.yaml + + - name: Schema Check Catalog Filters + run: yamale -s SBOM-Catalog/schemas/filters.yaml SBOM-Catalog/public/filters.yaml - name: Install dependencies run: cd SBOM-Catalog && npm install diff --git a/SBOM-Catalog/public/data.yaml b/SBOM-Catalog/public/data.yaml index 280ddad..d7261af 100644 --- a/SBOM-Catalog/public/data.yaml +++ b/SBOM-Catalog/public/data.yaml @@ -1,3 +1,4 @@ +--- - Name: Syft Link: https://github.com/anchore/syft Publisher: Anchore @@ -589,9 +590,9 @@ Abilities: - Consume - Compare - Type: + Type: - Source - Build - Analyzed Language: - - Generic \ No newline at end of file + - Generic diff --git a/SBOM-Catalog/public/filters.yaml b/SBOM-Catalog/public/filters.yaml index 918f43a..1cb732c 100644 --- a/SBOM-Catalog/public/filters.yaml +++ b/SBOM-Catalog/public/filters.yaml @@ -1,3 +1,4 @@ +--- - name: Standards enabled: true description: Filter to distinguish between SBOM standards like SPDX and CycloneDx @@ -24,4 +25,4 @@ - name: Language enabled: false - description: Filter to distinguish between different programming languages, build tools or operating systems \ No newline at end of file + description: Filter to distinguish between different programming languages, build tools or operating systems diff --git a/SBOM-Catalog/schemas/data.yaml b/SBOM-Catalog/schemas/data.yaml new file mode 100644 index 0000000..fe98b54 --- /dev/null +++ b/SBOM-Catalog/schemas/data.yaml @@ -0,0 +1,13 @@ +# Yamale schema file for SBOM-Catalog/public/data.yaml + +list(include('data_item')) +--- +data_item: + Name: str() + Link: str() + Publisher: str() + License: enum('OpenSource', 'Proprietary') + Standards: list(enum('CycloneDX', 'SPDX', 'SWID')) + Abilities: list(enum('Compare', 'Consume', 'Convert', 'Edit', 'Generate', 'Merge', 'Validate')) + Type: subset(enum('Design', 'Source', 'Build', 'Analyzed', 'Deployed', 'Runtime', 'Container'), allow_empty=True) + Language: subset(str(), allow_empty=True) diff --git a/SBOM-Catalog/schemas/filters.yaml b/SBOM-Catalog/schemas/filters.yaml new file mode 100644 index 0000000..cf4bb3f --- /dev/null +++ b/SBOM-Catalog/schemas/filters.yaml @@ -0,0 +1,7 @@ +list(include('filter_item')) + +--- +filter_item: + name: str() + enabled: bool() + description: str()