-
Notifications
You must be signed in to change notification settings - Fork 502
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BOM: Feature complete SPDX and license packages #2064
Conversation
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: puerco, saschagrunert The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This PR is heavy and I did not manage to review in every detail. Let's iterate on it and get the main functionality in. Great work! 🥳 |
What type of PR is this?
/kind feature
What this PR does / why we need it:
This PR contains the final updates to the go packages needed to produce the SPDX Bill of Materials for Kubernetes releases. This code now produces SPDX compliant manifests from naked files, docker archives, and images pulled from registries.
This PR does the following:
license.Catalog
objectWhich issue(s) this PR fixes:
Part of #1837
Special notes for your reviewer:
This is the first commit of the final form of the packages. The packages are not in use yet by anything. The tests and fakes for the spdx package are coming in a follow-up
Does this PR introduce a user-facing change?