SPDX parser and tools.
Project description
Python SPDX Library to parse, validate and create SPDX documents
Linux | macOS | Windows |
---|---|---|
This library implements an SPDX tag/value and RDF parser, validator and handler in Python. This is the result of an initial GSoC contribution by @ah450 (or https://github.com/a-h-i) and is maintained by a community of SPDX adopters and enthusiasts.
Home: https://github.com/spdx/tools-python
Issues: https://github.com/spdx/tools-python/issues
Pypi: https://pypi.python.org/pypi/spdx-tools
License
Features
- API to create and manipulate SPDX documents.
- Parse and create Tag/Value, RDF, JSON, YAML, XML format SPDX files
TODOs
- Update to full SPDX v2.1
- Add to full license expression support
How to use
Example tag/value parsing usage:
from spdx.parsers.tagvalue import Parser
from spdx.parsers.tagvaluebuilders import Builder
from spdx.parsers.loggers import StandardLogger
p = Parser(Builder(), StandardLogger())
p.build()
# data is a string containing the SPDX file.
document, error = p.parse(data)
The examples
directory contains several code samples. Here some of them:
-
parse_tv.py
is an example tag/value parsing usage. Try runningpython parse_tv.py ../data/SPDXSimpleTag.tag
-
write_tv.py
provides an example of writing tag/value files. Runpython write_tv.py sample.tag
to test it. -
pp_tv.py
demonstrates how to pretty-print a tag/value file. To test it runpython pp_tv.py ../data/SPDXTagExample.tag pretty.tag
. -
parse_rdf.py
demonstrates how to parse an RDF file and print out document information. To test it runpython parse_rdf.py ../data/SPDXRdfExample.rdf
-
rdf_to_tv.py
demonstrates how to convert an RDF file to a tag/value one. To test it runpython rdf_to_tv.py ../data/SPDXRdfExample.rdf converted.tag
-
pp_rdf.py
demonstrates how to pretty-print an RDF file, to test it runpython pp_rdf.py ../data/SPDXRdfExample.rdf pretty.rdf
Installation
As always you should work in a virtualenv or venv. You can install a local clone
of this repo with yourenv/bin/pip install .
or install from PyPI with
yourenv/bin/pip install spdx-tools
. Note that on Windows it would be Scripts
instead of bin
.
How to run tests
From the project root directory run: python setup.py test
.
You can use another test runner such as pytest or nose at your preference.
Development process
We use the GitHub flow that is described here: https://guides.github.com/introduction/flow/
So, whenever we have to make some changes to the code, we should follow these steps:
- Create a new branch:
git checkout -b fix-or-improve-something
- Make some changes and the first commit(s) to the branch:
git commit --signoff -m 'What changes we did'
- Push the branch to GitHub:
git push origin fix-or-improve-something
- Make a pull request on GitHub.
- Continue making more changes and commits on the branch, with
git commit --signoff
andgit push
. - When done, write a comment on the PR asking for a code review.
- Some other developer will review your changes and accept your PR. The merge should be done with
rebase
, if possible, or withsquash
. - The temporary branch on GitHub should be deleted (there is a button for deleting it).
- Delete the local branch as well:
git checkout master git pull -p git branch -a git branch -d fix-or-improve-something
Besides this, another requirement is that every change should be made to fix or close an issue: https://guides.github.com/features/issues/ If there is no issue for the changes that you want to make, create first an issue about it that describes what needs to be done, assign it to yourself, and then start working for closing it.
Dependencies
- PLY : https://pypi.python.org/pypi/ply/ used for parsing.
- rdflib : https://pypi.python.org/pypi/rdflib/ for handling RDF.
- PyYAML: https://pypi.org/project/PyYAML/ for handling YAML.
- xmltodict: https://pypi.org/project/xmltodict/ for handling XML.
Support
- Submit issues, questions or feedback at: https://github.com/spdx/tools-python/issues
- Join the dicussion on https://lists.spdx.org/mailman/listinfo/spdx-tech and https://spdx.org/WorkgroupTechnical
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file spdx-tools-multiple-packages-0.6.1.tar.gz
.
File metadata
- Download URL: spdx-tools-multiple-packages-0.6.1.tar.gz
- Upload date:
- Size: 145.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/4.0.1 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.61.0 CPython/3.7.9
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | cb5cf98ea88635a4db95fabaf5a52c177c49ef462903d3543851d1cb965d691d |
|
MD5 | d1e632b372a17549f001e9df9bfb98e3 |
|
BLAKE2b-256 | b0ee23211da27e0aef623b5052cc2f9b9d0a55c276b7497d32e04ca1fb0eaa5d |