From a70cd2fdde2d7194cdf003de79d0ce1544e9bee5 Mon Sep 17 00:00:00 2001
From: Ian Dunbar-Hall <ian.dunbar-hall@lmco.com>
Date: Fri, 6 Sep 2024 17:29:17 -0700
Subject: [PATCH 1/3] ci: setup yaml linting of SBOM Catalog

Signed-off-by: Ian Dunbar-Hall <ian.dunbar-hall@lmco.com>
---
 .github/workflows/build-pull-request.yml | 3 +++
 SBOM-Catalog/public/data.yaml            | 5 +++--
 SBOM-Catalog/public/filters.yaml         | 3 ++-
 3 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build-pull-request.yml b/.github/workflows/build-pull-request.yml
index e1edcae..4eab76f 100644
--- a/.github/workflows/build-pull-request.yml
+++ b/.github/workflows/build-pull-request.yml
@@ -17,6 +17,9 @@ jobs:
         with:
           node-version: 'lts/*'
 
+      - name: Lint Catalog Data
+        run: yamllint -d relaxed SBOM-Catalog
+
       - name: Install dependencies
         run: cd SBOM-Catalog && npm install
 
diff --git a/SBOM-Catalog/public/data.yaml b/SBOM-Catalog/public/data.yaml
index 280ddad..d7261af 100644
--- a/SBOM-Catalog/public/data.yaml
+++ b/SBOM-Catalog/public/data.yaml
@@ -1,3 +1,4 @@
+---
 - Name: Syft
   Link: https://github.com/anchore/syft
   Publisher: Anchore
@@ -589,9 +590,9 @@
   Abilities:
     - Consume
     - Compare
-  Type: 
+  Type:
     - Source
     - Build
     - Analyzed
   Language:
-    - Generic
\ No newline at end of file
+    - Generic
diff --git a/SBOM-Catalog/public/filters.yaml b/SBOM-Catalog/public/filters.yaml
index 918f43a..1cb732c 100644
--- a/SBOM-Catalog/public/filters.yaml
+++ b/SBOM-Catalog/public/filters.yaml
@@ -1,3 +1,4 @@
+---
 - name: Standards
   enabled: true
   description: Filter to distinguish between SBOM standards like SPDX and CycloneDx
@@ -24,4 +25,4 @@
 
 - name: Language
   enabled: false
-  description: Filter to distinguish between different programming languages, build tools or operating systems
\ No newline at end of file
+  description: Filter to distinguish between different programming languages, build tools or operating systems

From a13e44cf63237aa8ab9dd7d208d9b6b422cda1a9 Mon Sep 17 00:00:00 2001
From: Ian Dunbar-Hall <ian.dunbar-hall@lmco.com>
Date: Fri, 6 Sep 2024 18:54:16 -0700
Subject: [PATCH 2/3] ci: adding schema validation

Signed-off-by: Ian Dunbar-Hall <ian.dunbar-hall@lmco.com>
---
 .github/workflows/build-pull-request.yml | 14 ++++++++++++++
 SBOM-Catalog/schemas/data.yaml           | 13 +++++++++++++
 SBOM-Catalog/schemas/filters.yaml        |  7 +++++++
 3 files changed, 34 insertions(+)
 create mode 100644 SBOM-Catalog/schemas/data.yaml
 create mode 100644 SBOM-Catalog/schemas/filters.yaml

diff --git a/.github/workflows/build-pull-request.yml b/.github/workflows/build-pull-request.yml
index 4eab76f..a7acd0d 100644
--- a/.github/workflows/build-pull-request.yml
+++ b/.github/workflows/build-pull-request.yml
@@ -16,10 +16,24 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: 'lts/*'
+      
+      - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+        with:
+          python-version: '3.10'
+          cache: 'pip' # caching pip dependencies
 
       - name: Lint Catalog Data
         run: yamllint -d relaxed SBOM-Catalog
 
+      - name: Schema Check Catalog Data
+        run: pip install yamale==5.2.1
+
+      - name: Schema Check Catalog Data
+        run: yamale -s SBOM-Catalog/schemas/data.yaml SBOM-Catalog/public/data.yaml
+
+      - name: Schema Check Catalog Filters
+        run: yamale -s SBOM-Catalog/schemas/filters.yaml SBOM-Catalog/public/filters.yaml
+
       - name: Install dependencies
         run: cd SBOM-Catalog && npm install
 
diff --git a/SBOM-Catalog/schemas/data.yaml b/SBOM-Catalog/schemas/data.yaml
new file mode 100644
index 0000000..260264e
--- /dev/null
+++ b/SBOM-Catalog/schemas/data.yaml
@@ -0,0 +1,13 @@
+# Yamale schema file for SBOM-Catalog/public/data.yaml
+
+list(include('data_item'))
+---
+data_item:
+  Name: str()
+  Link: str()
+  Publisher: str()
+  License: enum('OpenSource', 'Proprietary')
+  Standards: list(enum('CycloneDX', 'SPDX', 'SWID'))
+  Abilities: list(enum('Compare', 'Consume', 'Convert', 'Edit', 'Generate', 'Merge', 'Validate'))
+  Type: subset(enum('Design', 'Source', 'Build', 'Analyzed', 'Deployed', 'Runtime', 'Container'), allow_empty=True)
+  Language: subset(str(), allow_empty=True)
\ No newline at end of file
diff --git a/SBOM-Catalog/schemas/filters.yaml b/SBOM-Catalog/schemas/filters.yaml
new file mode 100644
index 0000000..64453b1
--- /dev/null
+++ b/SBOM-Catalog/schemas/filters.yaml
@@ -0,0 +1,7 @@
+list(include('filter_item'))
+
+---
+filter_item:
+  name: str()
+  enabled: bool()
+  description: str()
\ No newline at end of file

From 078b9563d76420ee8ccd282759a305a50d86e1c7 Mon Sep 17 00:00:00 2001
From: Ian Dunbar-Hall <ian.dunbar-hall@lmco.com>
Date: Fri, 6 Sep 2024 18:57:14 -0700
Subject: [PATCH 3/3] adding requirements.txt to install yamale in the build
 environment

Signed-off-by: Ian Dunbar-Hall <ian.dunbar-hall@lmco.com>
---
 .github/requirements.txt                 | 1 +
 .github/workflows/build-pull-request.yml | 4 +---
 SBOM-Catalog/schemas/data.yaml           | 2 +-
 SBOM-Catalog/schemas/filters.yaml        | 2 +-
 4 files changed, 4 insertions(+), 5 deletions(-)
 create mode 100644 .github/requirements.txt

diff --git a/.github/requirements.txt b/.github/requirements.txt
new file mode 100644
index 0000000..aea2b7b
--- /dev/null
+++ b/.github/requirements.txt
@@ -0,0 +1 @@
+yamale==5.2.1
\ No newline at end of file
diff --git a/.github/workflows/build-pull-request.yml b/.github/workflows/build-pull-request.yml
index a7acd0d..535ac19 100644
--- a/.github/workflows/build-pull-request.yml
+++ b/.github/workflows/build-pull-request.yml
@@ -21,13 +21,11 @@ jobs:
         with:
           python-version: '3.10'
           cache: 'pip' # caching pip dependencies
+      - run: pip install -r .github/requirements.txt
 
       - name: Lint Catalog Data
         run: yamllint -d relaxed SBOM-Catalog
 
-      - name: Schema Check Catalog Data
-        run: pip install yamale==5.2.1
-
       - name: Schema Check Catalog Data
         run: yamale -s SBOM-Catalog/schemas/data.yaml SBOM-Catalog/public/data.yaml
 
diff --git a/SBOM-Catalog/schemas/data.yaml b/SBOM-Catalog/schemas/data.yaml
index 260264e..fe98b54 100644
--- a/SBOM-Catalog/schemas/data.yaml
+++ b/SBOM-Catalog/schemas/data.yaml
@@ -10,4 +10,4 @@ data_item:
   Standards: list(enum('CycloneDX', 'SPDX', 'SWID'))
   Abilities: list(enum('Compare', 'Consume', 'Convert', 'Edit', 'Generate', 'Merge', 'Validate'))
   Type: subset(enum('Design', 'Source', 'Build', 'Analyzed', 'Deployed', 'Runtime', 'Container'), allow_empty=True)
-  Language: subset(str(), allow_empty=True)
\ No newline at end of file
+  Language: subset(str(), allow_empty=True)
diff --git a/SBOM-Catalog/schemas/filters.yaml b/SBOM-Catalog/schemas/filters.yaml
index 64453b1..cf4bb3f 100644
--- a/SBOM-Catalog/schemas/filters.yaml
+++ b/SBOM-Catalog/schemas/filters.yaml
@@ -4,4 +4,4 @@ list(include('filter_item'))
 filter_item:
   name: str()
   enabled: bool()
-  description: str()
\ No newline at end of file
+  description: str()