-
Notifications
You must be signed in to change notification settings - Fork 135
How to migrate from 0.7 to 0.8
Below is an overview of changes in the new release. Keep in mind that the whole codebase has gotten a total makeover, so please do not expect things to work out of the box with your 0.7 code.
All data model classes can now be found in src/spdx/model
. All methods contained in model classes have been removed (except for auto-generated @dataclass
methods like __eq__()
) in favor of working directly on the class properties. For example, instead of
document.add_annotation(my_annotation)
use*
document.annotations = document.annotations + [my_annotation]
For validation purposes, a new validation layer has been introduced, see the corresponding section below.
Many properties have undergone a renaming and/or type change to better fit the specification names and types. Take special note of the following:
- Licenses and license expressions are now handled by the
license-expression
package. Example:is nowLicenseConjunction(License.from_identifier("Apache-2.0"), License.from_identifier("BSD-2-Clause"))
get_spdx_licensing().parse("Apache-2.0 and BSD-2-Clause")
- The constructor for
Relationship
no longer parses the relationship properties from a relationship string but uses the regular formdef __init__(self, spdx_element_id: str, relationship_type: RelationshipType, related_spdx_element_id: Union[str, SpdxNone, SpdxNoAssertion], comment: Optional[str] = None)
-
relationship_type
is now of typeRelationshipType
. -
license_info_from_files
,license_info_in_file
andlicense_info_in_snippet
are now always lists (for example[NoAssertion()]
). -
attribution_texts
is now a list. -
Person
,Organization
andTool
have been combined intoActor
, which has a propertyactor_type
. -
Review
has been removed (useAnnotation
withannotation_type = AnnotationType.REVIEW
instead). -
verif_code
andverif_exc_files
have been combined into a single classPackageVerificationCode
.
For a full overview have a look at this spreadsheet or this pdf which compares the names, types and imports of all fields in the 0.7 and 0.8 versions.
The validation of correct Python types is now ensured by runtime type checks when fields are set or retrieved. The reference for the correct type of a field is the type hint in the class definition it belongs to.
The validation of conformity with the SPDX specification has been separated into its own layer found in src/spdx/validation
. Entry point is the validate_full_spdx_document()
method. Validation methods now return a list of ValidationMessage
objects which consist of a validation_message
String describing the invalidity and a Context
object which helps pinpointing the location of the invalidity.
Due to much stricter validation rules, only SPDX documents with the right types in all of their properties can be parsed. In the case of invalid types, an error with a comprehensive summary of all encountered problems will be raised.
Now, when calling write_file()
, by default a Document
will be validated against the specification before it can be written to a file.
*Note: Using inplace manipulations like document.annotations.append(my_annotation)
circumvents the runtime type checking. If a wrong type is set this way, a TypeError
would still be raised when calling document.annotations
at some later time.