diff --git a/.github/workflows/validate_examples.yml b/.github/workflows/validate_examples.yml new file mode 100644 index 0000000000..a17b670e28 --- /dev/null +++ b/.github/workflows/validate_examples.yml @@ -0,0 +1,29 @@ +on: + - pull_request + - push + +jobs: + validate-examples: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3 + - name: Install dependencies + run: | + python3 -m pip install pyshacl==0.25.0 check-jsonschema==0.28.1 + - name: Check files + run: | + set -e + for f in examples/jsonld/*.json; do + echo "Checking $f" + + check-jsonschema \ + -v \ + --schemafile https://spdx.org/schema/3.0.0/spdx-json-schema.json \ + $f + + pyshacl \ + -s https://spdx.org/rdf/3.0.0/spdx-model.ttl \ + -e https://spdx.org/rdf/3.0.0/spdx-model.ttl \ + $f + done + diff --git a/examples/jsonld/package_sbom.json b/examples/jsonld/package_sbom.json new file mode 100644 index 0000000000..72a3c6d98c --- /dev/null +++ b/examples/jsonld/package_sbom.json @@ -0,0 +1,88 @@ +{ + "@context": "https://spdx.org/rdf/3.0.0/spdx-context.jsonld", + "@graph": [ + { + "type": "CreationInfo", + "@id": "_:creationinfo", + "createdBy": [ + "http://spdx.example.com/Agent/JoshuaWatt" + ], + "specVersion": "3.0.0", + "created": "2024-03-06T00:00:00Z" + }, + { + "type": "Person", + "spdxId": "http://spdx.example.com/Agent/JoshuaWatt", + "name": "Joshua Watt", + "creationInfo": "_:creationinfo", + "externalIdentifier": [ + { + "type": "ExternalIdentifier", + "externalIdentifierType": "email", + "identifier": "JPEWhacker@gmail.com" + } + ] + }, + { + "type": "SpdxDocument", + "spdxId": "http://spdx.example.com/Document1", + "creationInfo": "_:creationinfo", + "rootElement": [ + "http://spdx.example.com/BOM1" + ], + "profileConformance": [ + "core", + "software" + ] + }, + { + "type": "software_Sbom", + "spdxId": "http://spdx.example.com/BOM1", + "creationInfo": "_:creationinfo", + "rootElement": [ + "http://spdx.example.com/Package1" + ], + "software_sbomType": [ + "build" + ] + }, + { + "type": "software_Package", + "spdxId": "http://spdx.example.com/Package1", + "creationInfo": "_:creationinfo", + "name": "my-package", + "software_packageVersion": "1.0", + "software_downloadLocation": "http://dl.example.com/my-package_1.0.0.tar", + "builtTime": "2024-03-06T00:00:00Z", + "originatedBy": [ + "http://spdx.example.com/Agent/JoshuaWatt" + ] + }, + { + "type": "software_File", + "spdxId": "http://spdx.example.com/Package1/myprogram", + "creationInfo": "_:creationinfo", + "name": "myprogram", + "software_primaryPurpose": "executable", + "software_additionalPurpose": [ + "application" + ], + "software_copyrightText": "Copyright 2024, Joshua Watt", + "builtTime": "2024-03-06T00:00:00Z", + "originatedBy": [ + "http://spdx.example.com/Agent/JoshuaWatt" + ] + }, + { + "type": "Relationship", + "spdxId": "http://spdx.example.com/Relationship/1", + "creationInfo": "_:creationinfo", + "from": "http://spdx.example.com/Package1", + "relationshipType": "contains", + "to": [ + "http://spdx.example.com/Package1/myprogram" + ], + "completeness": "complete" + } + ] +}