compliance 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 9a2110ea9974434c5b79c50bc636450cf082c3c82342ff46fd5629679200f2c4
+  data.tar.gz: bdaa976134de96fa62ed8c0ddec64eb5ce9c1ba34c85aa35559675346ba9ae23
+SHA512:
+  metadata.gz: fd17d4f694c83c0f066b534e714b14fb490dd80dde7536a34944d149929ffb1b9521ae98111b69c979101f7c1ddd2095b0b131d9988a20beb84e428e2a0da8e6
+  data.tar.gz: a9a41edfd6662fc2767fa0414d6218512543430f37758313040f281dc3f8e8bc9200bf7cc76cf6b3849b8fa0688fdae61bc9f85ff2413d75e7fe3c44db377b73

data/bake/compliance.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2024, by Samuel Williams.
+
+def document
+	document = Compliance::Document.new
+	
+	::Gem.loaded_specs.each do |name, spec|
+		Console.logger.debug(self) {"Checking gem #{name}: #{spec.full_gem_path}..."}
+		
+		if path = spec.full_gem_path and File.directory?(path)
+			Compliance::Loader.load(path, document)
+		end
+	end
+	
+	return document
+end
+
+def check(input:)
+	policy = Compliance::Policy.new
+	document = input || self.document
+	
+	unsatisfied = {}
+	
+	document.check(policy) do |requirement, satisfied, unsatisfied|
+		Console.debug(self) {"Requirement #{requirement.id} is #{satisfied.any? ? "satisfied." : "not satisfied!"}"}
+		
+		if satisfied.empty?
+			unsatisfied[requirement.id] = requirement
+		end
+	end
+	
+	raise Compliance::Error.new(unsatisfied) unless unsatisfied.empty?
+end

data/lib/compliance/attestation.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2024, by Samuel Williams.
+
+module Compliance
+	# Represents an attestation of compliance with a requirement.
+	class Attestation
+		def initialize(metadata)
+			@metadata = metadata
+		end
+		
+		def as_json(...)
+			@metadata
+		end
+		
+		def to_json(...)
+			as_json.to_json(...)
+		end
+		
+		# The unique identifier for this attestation.
+		def id
+			@metadata[:id]
+		end
+		
+		# The metadata associated with this attestation.
+		attr :metadata
+	end
+end

data/lib/compliance/document.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2024, by Samuel Williams.
+
+require_relative 'requirement'
+require_relative 'attestation'
+
+module Compliance
+	# Represents a document containing requirements and attestations.
+	class Document
+		def initialize
+			@requirements = []
+			@attestations = []
+			
+			@attestations_by_id = {}
+		end
+		
+		def as_json(...)
+			{
+				requirements: @requirements,
+				attestations: @attestations
+			}
+		end
+		
+		def to_json(...)
+			as_json.to_json(...)
+		end
+		
+		attr :requirements
+		attr :attestations
+		
+		# Add a requirement to the document.
+		def add_requirement(requirement)
+			@requirements << requirement
+		end
+		
+		# Add an attestation to the document.
+		# @parameter attestation [Attestation] The attestation to add to the document.
+		def add_attestation(attestation)
+			@attestations << attestation
+			(@attestations_by_id[attestation.id] ||= Array.new) << attestation
+		end
+		
+		# Check the document against a given policy.
+		def check(policy)
+			return to_enum(:check, policy) unless block_given?
+			
+			@requirements.each do |requirement|
+				attestations = @attestations_by_id[requirement.id]
+				
+				satisfied = []
+				unsatisfied = []
+				
+				attestations&.each do |attestation|
+					if policy.satisfies?(requirement, attestation)
+						satisfied << attestation
+					else
+						unsatisfied << attestation
+					end
+				end
+				
+				yield requirement, satisfied, unsatisfied
+			end
+		end
+	end
+end

data/lib/compliance/error.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2024, by Samuel Williams.
+
+module Compliance
+	# Represents an error that occurs when requirements are not satisfied.
+	class Error < StandardError
+		def initialize(unsatisfied)
+			super "Unsatisfied requirements: #{unsatisfied.keys.join(', ')}"
+		end
+	end
+end

data/lib/compliance/loader.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2024, by Samuel Williams.
+
+require_relative 'requirement'
+require_relative 'attestation'
+
+require 'json'
+
+module Compliance
+	# Load compliance data from JSON files.
+	module Loader
+		def self.add(compliance, document)
+			compliance[:requirements].each do |metadata|
+				document.add_requirement(Requirement.new(metadata))
+			end
+			
+			compliance[:attestations]&.each do |metadata|
+				document.add_attestation(Attestation.new(metadata))
+			end
+		end
+		
+		# Load compliance data from a directory.
+		# @parameter root [String] The root directory to load compliance data from.
+		# @parameter document [Document] The document to load compliance data into.
+		def self.load(root, document)
+			compliance_json_path = File.expand_path("compliance.json", root)
+			
+			if File.file?(compliance_json_path)
+				data = JSON.load_file(compliance_json_path, symbolize_names: true)
+				self.add(data, document)
+			end
+			
+			compliance_directory = File.expand_path("compliance", root)
+			
+			if File.directory?(compliance_directory)
+				Dir.glob(File.join(compliance_directory, "*.json")) do |path|
+					data = JSON.load_file(path, symbolize_names: true)
+					self.add(data, document)
+				end
+			end
+		end
+	end
+end

data/lib/compliance/policy.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2024, by Samuel Williams.
+
+module Compliance
+	# Represents a policy for checking compliance.
+	class Policy
+		def satisfies?(requirement, attestation)
+			requirement.id == attestation.id
+		end
+	end
+end

data/lib/compliance/requirement.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2024, by Samuel Williams.
+
+module Compliance
+	# Represents a requirement that can be satisfied by an attestation.
+	class Requirement
+		def initialize(metadata)
+			@metadata = metadata
+		end
+		
+		def as_json(...)
+			@metadata
+		end
+		
+		def to_json(...)
+			as_json.to_json(...)
+		end
+		
+		# The unique identifier for this requirement.
+		def id
+			@metadata[:id]
+		end
+		
+		# The metadata associated with this requirement.
+		attr :metadata
+	end
+end

data/lib/compliance/version.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2024, by Samuel Williams.
+
+module Compliance
+	VERSION = "0.0.1"
+end

data/lib/compliance.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+# Released under the MIT License.
+# Copyright, 2024, by Samuel Williams.
+
+require_relative 'compliance/version'
+require_relative 'compliance/document'
+require_relative 'compliance/loader'
+require_relative 'compliance/policy'

data/license.md

@@ -0,0 +1,21 @@
+# MIT License
+
+Copyright, 2024, by Samuel Williams.  
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/readme.md

@@ -0,0 +1,29 @@
+# Compliance
+
+A simple framework for tracking requirements and attestations across projects with dependencies.
+
+[![Development Status](https://github.com/ioquatix/compliance/workflows/Test/badge.svg)](https://github.com/ioquatix/compliance/actions?workflow=Test)
+
+## Usage
+
+Please see the [project documentation](https://ioquatix.github.io/compliance/) for more details.
+
+  - [Getting Started](https://ioquatix.github.io/compliance/guides/getting-started/index) - This guide gives a general overview to the `compliance` gem, and how to track requirements and attestations across projects with dependencies.
+
+## Contributing
+
+We welcome contributions to this project.
+
+1.  Fork it.
+2.  Create your feature branch (`git checkout -b my-new-feature`).
+3.  Commit your changes (`git commit -am 'Add some feature'`).
+4.  Push to the branch (`git push origin my-new-feature`).
+5.  Create new Pull Request.
+
+### Developer Certificate of Origin
+
+This project uses the [Developer Certificate of Origin](https://developercertificate.org/). All contributors to this project must agree to this document to have their contributions accepted.
+
+### Contributor Covenant
+
+This project is governed by the [Contributor Covenant](https://www.contributor-covenant.org/). All contributors and participants agree to abide by its terms.

metadata

@@ -0,0 +1,99 @@
+--- !ruby/object:Gem::Specification
+name: compliance
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Samuel Williams
+autorequire:
+bindir: bin
+cert_chain:
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIE2DCCA0CgAwIBAgIBATANBgkqhkiG9w0BAQsFADBhMRgwFgYDVQQDDA9zYW11
+  ZWwud2lsbGlhbXMxHTAbBgoJkiaJk/IsZAEZFg1vcmlvbnRyYW5zZmVyMRIwEAYK
+  CZImiZPyLGQBGRYCY28xEjAQBgoJkiaJk/IsZAEZFgJuejAeFw0yMjA4MDYwNDUz
+  MjRaFw0zMjA4MDMwNDUzMjRaMGExGDAWBgNVBAMMD3NhbXVlbC53aWxsaWFtczEd
+  MBsGCgmSJomT8ixkARkWDW9yaW9udHJhbnNmZXIxEjAQBgoJkiaJk/IsZAEZFgJj
+  bzESMBAGCgmSJomT8ixkARkWAm56MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIB
+  igKCAYEAomvSopQXQ24+9DBB6I6jxRI2auu3VVb4nOjmmHq7XWM4u3HL+pni63X2
+  9qZdoq9xt7H+RPbwL28LDpDNflYQXoOhoVhQ37Pjn9YDjl8/4/9xa9+NUpl9XDIW
+  sGkaOY0eqsQm1pEWkHJr3zn/fxoKPZPfaJOglovdxf7dgsHz67Xgd/ka+Wo1YqoE
+  e5AUKRwUuvaUaumAKgPH+4E4oiLXI4T1Ff5Q7xxv6yXvHuYtlMHhYfgNn8iiW8WN
+  XibYXPNP7NtieSQqwR/xM6IRSoyXKuS+ZNGDPUUGk8RoiV/xvVN4LrVm9upSc0ss
+  RZ6qwOQmXCo/lLcDUxJAgG95cPw//sI00tZan75VgsGzSWAOdjQpFM0l4dxvKwHn
+  tUeT3ZsAgt0JnGqNm2Bkz81kG4A2hSyFZTFA8vZGhp+hz+8Q573tAR89y9YJBdYM
+  zp0FM4zwMNEUwgfRzv1tEVVUEXmoFCyhzonUUw4nE4CFu/sE3ffhjKcXcY//qiSW
+  xm4erY3XAgMBAAGjgZowgZcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0O
+  BBYEFO9t7XWuFf2SKLmuijgqR4sGDlRsMC4GA1UdEQQnMCWBI3NhbXVlbC53aWxs
+  aWFtc0BvcmlvbnRyYW5zZmVyLmNvLm56MC4GA1UdEgQnMCWBI3NhbXVlbC53aWxs
+  aWFtc0BvcmlvbnRyYW5zZmVyLmNvLm56MA0GCSqGSIb3DQEBCwUAA4IBgQB5sxkE
+  cBsSYwK6fYpM+hA5B5yZY2+L0Z+27jF1pWGgbhPH8/FjjBLVn+VFok3CDpRqwXCl
+  xCO40JEkKdznNy2avOMra6PFiQyOE74kCtv7P+Fdc+FhgqI5lMon6tt9rNeXmnW/
+  c1NaMRdxy999hmRGzUSFjozcCwxpy/LwabxtdXwXgSay4mQ32EDjqR1TixS1+smp
+  8C/NCWgpIfzpHGJsjvmH2wAfKtTTqB9CVKLCWEnCHyCaRVuKkrKjqhYCdmMBqCws
+  JkxfQWC+jBVeG9ZtPhQgZpfhvh+6hMhraUYRQ6XGyvBqEUe+yo6DKIT3MtGE2+CP
+  eX9i9ZWBydWb8/rvmwmX2kkcBbX0hZS1rcR593hGc61JR6lvkGYQ2MYskBveyaxt
+  Q2K9NVun/S785AP05vKkXZEFYxqG6EW012U4oLcFl5MySFajYXRYbuUpH6AY+HP8
+  voD0MPg1DssDLKwXyt1eKD/+Fq0bFWhwVM/1XiAXL7lyYUyOq24KHgQ2Csg=
+  -----END CERTIFICATE-----
+date: 2024-04-17 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description:
+email:
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- bake/compliance.rb
+- lib/compliance.rb
+- lib/compliance/attestation.rb
+- lib/compliance/document.rb
+- lib/compliance/error.rb
+- lib/compliance/loader.rb
+- lib/compliance/policy.rb
+- lib/compliance/requirement.rb
+- lib/compliance/version.rb
+- license.md
+- readme.md
+homepage: https://github.com/ioquatix/compliance
+licenses:
+- MIT
+metadata:
+  documentation_uri: https://ioquatix.github.io/compliance/
+  funding_uri: https://github.com/sponsors/ioquatix/
+  source_code_uri: https://github.com/ioquatix/compliance.git
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.1'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.3
+signing_key:
+specification_version: 4
+summary: A framework for tracking compliance requirements and attestations.
+test_files: []