spdx-python-model 0.0.5__tar.gz → 0.0.6__tar.gz

spdx_python_model-0.0.6/.github/workflows/docs.yaml

@@ -0,0 +1,160 @@
+---
+# Publish library landing page to
+# https://spdx.github.io/spdx-python-model/
+#
+# Publish API docs to
+# https://spdx.github.io/spdx-python-model/doc/stable/ -- latest release
+# https://spdx.github.io/spdx-python-model/doc/dev/ -- from main branch (unreleased)
+# https://spdx.github.io/spdx-python-model/doc/1.0/ -- for specific version (all 1.0.x will all published to this URL)
+#
+# Publish tutorials to
+# https://spdx.github.io/spdx-python-model/tutorial/
+
+name: Publish docs
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - '.github/workflows/docs.yaml'
+      - 'gen/**'
+      - 'src/**'
+      - 'tutorial/**'
+      - 'www/**'
+      - 'README.md'
+      - 'pyproject.toml'
+  release:
+    types: [published]
+  workflow_dispatch:
+
+jobs:
+  deploy-docs:
+    permissions:
+      contents: read
+      pages: write
+      id-token: write
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
+        with:
+          fetch-depth: 0
+
+      - name: Keep previously published versions
+        run: |
+          mkdir -p pages
+          if git fetch origin gh-pages 2>/dev/null; then
+            git archive origin/gh-pages | tar -x -C pages/
+          fi
+
+      - name: Set up Python
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
+        with:
+          python-version: "3.14"
+
+      - name: Install dependencies
+        run: pip install -e .
+        # Use editable install (-e) to include the generated binding submodules
+        # into the source tree so pdoc can see them.
+
+      - name: Install pdoc
+        run: pip install pdoc
+
+      - name: Install nbconvert
+        run: pip install nbconvert
+
+      - name: Get version
+        run: |
+          if [[ "${{ github.event_name }}" == "release" ]]; then
+            VERSION_RAW="${{ github.event.release.tag_name }}"
+            VERSION="${VERSION_RAW#v}"
+            echo "VERSION=$VERSION" >> $GITHUB_ENV
+            echo "MAJOR_MINOR=$(echo "$VERSION" | cut -d. -f1-2)" >> $GITHUB_ENV
+            echo "IS_RELEASE=true" >> $GITHUB_ENV
+          else
+            echo "VERSION=dev" >> $GITHUB_ENV
+            echo "MAJOR_MINOR=dev" >> $GITHUB_ENV
+            echo "IS_RELEASE=false" >> $GITHUB_ENV
+          fi
+
+      - name: Build landing page
+        run: |
+          if [[ -f www/index.html ]]; then
+            cp www/index.html pages/index.html
+          else
+            echo '<meta http-equiv="refresh" content="0; url=doc/stable/" />' > pages/index.html
+          fi
+
+      - name: Build API docs
+        run: |
+          OUT="pages/doc/$MAJOR_MINOR"
+
+          mkdir -p "$OUT"
+
+          pdoc spdx_python_model \
+            --logo "https://raw.githubusercontent.com/spdx/outreach/main/assets/SPDX_Logo/svg/SPDX%20logo%20color.svg" \
+            --logo-link "/spdx-python-model/doc/$MAJOR_MINOR/" \
+            --footer-text "spdx-python-model $VERSION" \
+            -o "$OUT"
+
+          # On release: update stable/ to match this major.minor.
+          if [[ "$IS_RELEASE" == "true" ]]; then
+            rm -rf pages/doc/stable
+            cp -r "pages/doc/$MAJOR_MINOR" pages/doc/stable
+          fi
+
+          # /doc/ redirects to site root.
+          mkdir -p pages/doc
+          echo '<meta http-equiv="refresh" content="0; url=../" />' > pages/doc/index.html
+
+      - name: Build tutorials
+        run: |
+          if [[ ! -d tutorial ]]; then
+            exit 0
+          fi
+
+          mkdir -p pages/tutorial
+
+          for nb in tutorial/*.ipynb; do
+            jupyter nbconvert --to html --output-dir pages/tutorial "$nb"
+          done
+
+          # Generate /tutorial/ index listing all tutorials.
+          if [[ ! -f tutorial/index.html ]]; then
+            {
+              echo '<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8">'
+              echo '<meta name="viewport" content="width=device-width, initial-scale=1.0">'
+              echo '<title>Tutorials - spdx-python-model</title>'
+              echo '<style>body{font-family:system-ui,sans-serif;max-width:640px;margin:4rem auto;padding:0 1.5rem;color:#222}a{color:#0969da}li{margin-bottom:.5rem}</style>'
+              echo '</head><body>'
+              echo '<h1><a href="../">spdx-python-model</a></h1>'
+              echo '<h2>Tutorials</h2><ul>'
+              for html in pages/tutorial/*.html; do
+                [[ "$(basename "$html")" == "index.html" ]] && continue
+                name=$(basename "$html" .html)
+                echo "<li><a href=\"$name.html\">$name</a> (<a href=\"https://github.com/spdx/spdx-python-model/blob/main/tutorial/$name.ipynb\">download .ipynb</a>)</li>"
+              done
+              echo '</ul></body></html>'
+            } > pages/tutorial/index.html
+          fi
+
+          # File not found (404) page from repo.
+          if [[ -f www/404.html ]]; then
+            cp www/404.html pages/404.html
+          fi
+
+      - name: Setup Pages
+        uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6.0.0
+
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0
+        with:
+          path: pages
+
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0

{spdx_python_model-0.0.5 → spdx_python_model-0.0.6}/.gitignore

@@ -161,5 +161,5 @@ cython_debug/
 #.idea/
 
 src/spdx_python_model/bindings/
-gen/*.py
-gen/*.pyi
+gen/**/*.py
+gen/**/*.pyi

spdx_python_model-0.0.6/PKG-INFO

@@ -0,0 +1,202 @@
+Metadata-Version: 2.4
+Name: spdx-python-model
+Version: 0.0.6
+Summary: SPDX Model Python Bindings
+Project-URL: homepage, https://spdx.github.io/spdx-python-model/
+Project-URL: repository, https://github.com/spdx/spdx-python-model.git
+Project-URL: download, https://github.com/spdx/spdx-python-model/releases
+Project-URL: documentation, https://spdx.github.io/spdx-python-model/doc/
+Project-URL: issues, https://github.com/spdx/spdx-python-model/issues
+Author-email: Joshua Watt <JPEWhacker@gmail.com>
+License-Expression: Apache-2.0
+License-File: LICENSE
+Keywords: bindings,sbom,shacl2code,software-bill-of-materials,spdx,spdx3
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.9
+Provides-Extra: dev
+Requires-Dist: mypy>=1.19.1; extra == 'dev'
+Requires-Dist: pylint>=3.3.9; extra == 'dev'
+Requires-Dist: pytest>=7.4; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# spdx-python-model
+
+[![PyPI - Version](https://img.shields.io/pypi/v/spdx-python-model)](https://pypi.org/project/spdx-python-model/)
+![Apache-2.0 license](https://img.shields.io/github/license/spdx/spdx-python-model)
+
+`spdx-python-model` is a Python library for working with the SPDX 3 data model.
+
+Read the [API documentation](https://spdx.github.io/spdx-python-model/).
+
+All bindings in this repository are auto-generated from the RDF and SHACL
+definitions of the [SPDX specification version 3][spdx-spec] using
+[shacl2code](https://github.com/JPEWdev/shacl2code) during the package build
+process.
+
+**NOTE:** The bindings are pretty low level, intended for more directly
+manipulating SPDX files. While they are fully functions, they lack higher level
+helper functions that may be useful for creating SPDX documents. If you want a
+higher level approach, please see the
+[SPDX Python Tools](https://github.com/spdx/tools-python) (however, it
+doesn't yet support SPDX 3).
+
+[spdx-spec]: https://spdx.org/specifications
+
+## Installation
+
+### Install from PyPI
+
+```shell
+python3 -m pip install spdx-python-model
+```
+
+### Install from Git
+
+If you would like to pull the bindings directly from Git instead of using a
+released version from PyPI, the following command can be used:
+
+```shell
+python3 -m pip install git+https://github.com/spdx/spdx-python-model.git@main
+```
+
+Note that this will pull the latest version from the `main` branch. If you want
+a specific commit, replace `main` with the git commit SHA.
+
+### Install/build using local SPDX model files
+
+Using local SPDX model files is ideal for testing pre-release versions
+or when official URLs are not yet live.
+
+It is also required for build systems that prohibit network access during
+packaging, such as Debian or Yocto.
+
+To build using local model files:
+
+1) Clone the repository:
+
+    ```shell
+    git clone https://github.com/spdx/spdx-python-model.git
+    cd spdx-python-model
+    ```
+
+2) Download model files:
+
+    Run the following commands to download the necessary files
+    for a specific SPDX version and keep it in a local directory:
+
+    ```shell
+    mkdir -p ~/spdx_models/v3.0.1
+    cd ~/spdx_models/v3.0.1
+    wget https://spdx.org/rdf/3.0.1/spdx-context.jsonld
+    wget https://spdx.org/rdf/3.0.1/spdx-json-serialize-annotations.ttl
+    wget https://spdx.org/rdf/3.0.1/spdx-model.ttl
+    ```
+
+    Or use your own model files.
+
+    The local directory must be organized by SPDX version,
+    with specific file names.
+
+    ```text
+    <SHACL2CODE_SPDX_DIR>/
+    └── v[VERSION]/
+        ├── spdx-context.jsonld
+        ├── spdx-json-serialize-annotations.ttl
+        └── spdx-model.ttl
+    ```
+
+3) Set the model directory:
+
+    Point `SHACL2CODE_SPDX_DIR` environment variable to that local directory.
+
+    ```shell
+    export SHACL2CODE_SPDX_DIR=~/spdx_models
+    ```
+
+4) Install/build:
+
+    ```shell
+    python3 -m pip install .
+    ```
+
+    or
+
+    ```shell
+    python3 -m build
+    ```
+
+## Usage
+
+Each version of the SPDX spec has a module named `v{MAJOR}_{MINOR}_{MICRO}`
+that contains the bindings for that version under the `spdx_python_model` top
+level. For example:
+
+```python
+import spdx_python_model
+
+p = spdx_python_model.v3_0_1.Person()
+```
+
+Alternatively, if a shorter name is desired, a specific version can be imported
+with another name:
+
+```python
+from spdx_python_model import v3_0_1 as spdx_3_0
+
+p = spdx_3_0.Person()
+```
+
+You can also have the bindings automatically detect the correct version to use
+using the `load()` API:
+
+```python
+import spdx_python_model
+
+path = Path("/path/to/file.spdx3.json")
+
+model, objset = spdx_python_model.load(path)
+
+p = model.Person()
+```
+
+Check out this short [Python notebook tutorial][tutorial]
+to get started with spdx-python-model.
+
+[tutorial]: https://spdx.github.io/spdx-python-model/tutorial/using-spdx3.html
+
+## Testing
+
+This repository has support for running tests against the bindings using `pytest`.
+To run the tests, first setup a virtual environment and install the development
+variant of the package in editable mode:
+
+```shell
+python3 -m venv .venv
+. .venv/bin/activate
+pip install -e '.[dev]'
+```
+
+Then the tests can be run with:
+
+```shell
+pytest -vx
+```
+
+## Making a new release
+
+To make a new release of this repository, bump the version number found in
+`src/spdx_python_model/version.py`, and merge it into the repo. After this,
+make a new release in GitHub with the name `v` + *VERSION*, where *VERSION*
+matches the version number specified in `version.py` (e.g. `v1.0.0`).
+
+After this, GitHub actions will do the rest to build the package and publish it
+to PyPI.

spdx_python_model-0.0.6/README.md

@@ -0,0 +1,172 @@
+# spdx-python-model
+
+[![PyPI - Version](https://img.shields.io/pypi/v/spdx-python-model)](https://pypi.org/project/spdx-python-model/)
+![Apache-2.0 license](https://img.shields.io/github/license/spdx/spdx-python-model)
+
+`spdx-python-model` is a Python library for working with the SPDX 3 data model.
+
+Read the [API documentation](https://spdx.github.io/spdx-python-model/).
+
+All bindings in this repository are auto-generated from the RDF and SHACL
+definitions of the [SPDX specification version 3][spdx-spec] using
+[shacl2code](https://github.com/JPEWdev/shacl2code) during the package build
+process.
+
+**NOTE:** The bindings are pretty low level, intended for more directly
+manipulating SPDX files. While they are fully functions, they lack higher level
+helper functions that may be useful for creating SPDX documents. If you want a
+higher level approach, please see the
+[SPDX Python Tools](https://github.com/spdx/tools-python) (however, it
+doesn't yet support SPDX 3).
+
+[spdx-spec]: https://spdx.org/specifications
+
+## Installation
+
+### Install from PyPI
+
+```shell
+python3 -m pip install spdx-python-model
+```
+
+### Install from Git
+
+If you would like to pull the bindings directly from Git instead of using a
+released version from PyPI, the following command can be used:
+
+```shell
+python3 -m pip install git+https://github.com/spdx/spdx-python-model.git@main
+```
+
+Note that this will pull the latest version from the `main` branch. If you want
+a specific commit, replace `main` with the git commit SHA.
+
+### Install/build using local SPDX model files
+
+Using local SPDX model files is ideal for testing pre-release versions
+or when official URLs are not yet live.
+
+It is also required for build systems that prohibit network access during
+packaging, such as Debian or Yocto.
+
+To build using local model files:
+
+1) Clone the repository:
+
+    ```shell
+    git clone https://github.com/spdx/spdx-python-model.git
+    cd spdx-python-model
+    ```
+
+2) Download model files:
+
+    Run the following commands to download the necessary files
+    for a specific SPDX version and keep it in a local directory:
+
+    ```shell
+    mkdir -p ~/spdx_models/v3.0.1
+    cd ~/spdx_models/v3.0.1
+    wget https://spdx.org/rdf/3.0.1/spdx-context.jsonld
+    wget https://spdx.org/rdf/3.0.1/spdx-json-serialize-annotations.ttl
+    wget https://spdx.org/rdf/3.0.1/spdx-model.ttl
+    ```
+
+    Or use your own model files.
+
+    The local directory must be organized by SPDX version,
+    with specific file names.
+
+    ```text
+    <SHACL2CODE_SPDX_DIR>/
+    └── v[VERSION]/
+        ├── spdx-context.jsonld
+        ├── spdx-json-serialize-annotations.ttl
+        └── spdx-model.ttl
+    ```
+
+3) Set the model directory:
+
+    Point `SHACL2CODE_SPDX_DIR` environment variable to that local directory.
+
+    ```shell
+    export SHACL2CODE_SPDX_DIR=~/spdx_models
+    ```
+
+4) Install/build:
+
+    ```shell
+    python3 -m pip install .
+    ```
+
+    or
+
+    ```shell
+    python3 -m build
+    ```
+
+## Usage
+
+Each version of the SPDX spec has a module named `v{MAJOR}_{MINOR}_{MICRO}`
+that contains the bindings for that version under the `spdx_python_model` top
+level. For example:
+
+```python
+import spdx_python_model
+
+p = spdx_python_model.v3_0_1.Person()
+```
+
+Alternatively, if a shorter name is desired, a specific version can be imported
+with another name:
+
+```python
+from spdx_python_model import v3_0_1 as spdx_3_0
+
+p = spdx_3_0.Person()
+```
+
+You can also have the bindings automatically detect the correct version to use
+using the `load()` API:
+
+```python
+import spdx_python_model
+
+path = Path("/path/to/file.spdx3.json")
+
+model, objset = spdx_python_model.load(path)
+
+p = model.Person()
+```
+
+Check out this short [Python notebook tutorial][tutorial]
+to get started with spdx-python-model.
+
+[tutorial]: https://spdx.github.io/spdx-python-model/tutorial/using-spdx3.html
+
+## Testing
+
+This repository has support for running tests against the bindings using `pytest`.
+To run the tests, first setup a virtual environment and install the development
+variant of the package in editable mode:
+
+```shell
+python3 -m venv .venv
+. .venv/bin/activate
+pip install -e '.[dev]'
+```
+
+Then the tests can be run with:
+
+```shell
+pytest -vx
+```
+
+## Making a new release
+
+To make a new release of this repository, bump the version number found in
+`src/spdx_python_model/version.py`, and merge it into the repo. After this,
+make a new release in GitHub with the name `v` + *VERSION*, where *VERSION*
+matches the version number specified in `version.py` (e.g. `v1.0.0`).
+
+After this, GitHub actions will do the rest to build the package and publish it
+to PyPI.

spdx_python_model-0.0.6/gen/generate-bindings

@@ -0,0 +1,85 @@
+#! /bin/sh
+#
+# SPDX-FileType: SOURCE
+# SPDX-License-Identifier: Apache-2.0
+#
+# Generate the per-version bindings and the bindings package __init__.py.
+
+set -e
+
+# SPDX versions to generate
+SPDX_VERSIONS="3.0.1"
+
+get_context_url() {
+    echo "https://spdx.org/rdf/$1/spdx-context.jsonld"
+}
+
+# Generate the per-version bindings with shacl2code.
+# Each version ends up in its own subpackage (e.g. "v3_0_1").
+for v in $SPDX_VERSIONS; do
+    MODNAME="v$(echo "$v" | sed 's/[^a-zA-Z0-9_]/_/g')"
+
+    CONTEXT_URL="$(get_context_url "$v")"
+    if [ -n "${SHACL2CODE_SPDX_DIR}" ] && [ -d "${SHACL2CODE_SPDX_DIR}/$v" ]
+    then
+        shacl2code generate --input "file://${SHACL2CODE_SPDX_DIR}/$v/spdx-model.ttl" \
+            --input "file://${SHACL2CODE_SPDX_DIR}/$v/spdx-json-serialize-annotations.ttl" \
+            --context-url "file://${SHACL2CODE_SPDX_DIR}/$v/spdx-context.jsonld" $CONTEXT_URL \
+            --license Apache-2.0 \
+            python \
+            --output "$MODNAME"
+    else
+        shacl2code generate --input https://spdx.org/rdf/$v/spdx-model.ttl \
+            --input https://spdx.org/rdf/$v/spdx-json-serialize-annotations.ttl \
+            --context $CONTEXT_URL \
+            --license Apache-2.0 \
+            python \
+            --output "$MODNAME"
+    fi
+done
+
+# Generate the bindings package __init__.py.
+{
+    echo '# SPDX-FileType: SOURCE'
+    echo '# SPDX-License-Identifier: Apache-2.0'
+    echo '#'
+    echo '# Generated by generate-bindings at build time. DO NOT EDIT.'
+    echo '"""SPDX model bindings, one submodule per version.'
+    echo
+    echo 'Versions are not imported here, so importing one does not load the others.'
+    echo '"""'
+    echo
+    echo '# JSON-LD @context URL -> version submodule name, for lazy lookup by load().'
+    echo '_CONTEXT_TABLE = {'
+    for v in $SPDX_VERSIONS; do
+        MODNAME="v$(echo "$v" | sed 's/[^a-zA-Z0-9_]/_/g')"
+        CONTEXT_URL="$(get_context_url "$v")"
+        echo "    \"$CONTEXT_URL\": \"$MODNAME\","
+    done
+    echo '}'
+} > __init__.py
+
+# Generate _reexport.pyi: lets type checkers resolve spdx_python_model.vX types
+# while the runtime loads versions lazily (imported only under TYPE_CHECKING).
+{
+    echo '# SPDX-FileType: SOURCE'
+    echo '# SPDX-License-Identifier: Apache-2.0'
+    echo '#'
+    echo '# Generated by generate-bindings at build time. DO NOT EDIT.'
+    echo '"""Type-checking-only re-exports so ``spdx_python_model.vX`` types resolve.'
+    echo
+    echo 'Imported under TYPE_CHECKING only; the runtime loads versions lazily via the'
+    echo 'package __getattr__. __all__ marks the names as re-exports for --no-implicit-reexport.'
+    echo '"""'
+    for v in $SPDX_VERSIONS; do
+        MODNAME="v$(echo "$v" | sed 's/[^a-zA-Z0-9_]/_/g')"
+        echo "from . import $MODNAME"
+    done
+    echo
+    echo '__all__ = ['
+    for v in $SPDX_VERSIONS; do
+        MODNAME="v$(echo "$v" | sed 's/[^a-zA-Z0-9_]/_/g')"
+        echo "    \"$MODNAME\","
+    done
+    echo ']'
+} > _reexport.pyi