chore: tools.yaml validator/schema (#324)

fixes #323

---------

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

.github/workflows/validate_tools_yaml.yml

@@ -0,0 +1,21 @@
+name: validate tools yaml
+
+on:
+  pull_request:
+    paths: ["_data/tools.yml"]
+  push:
+    paths: ["_data/tools.yml"]
+  workflow_dispatch:
+
+permissions: read-all
+
+jobs:
+  lint-yaml:
+    runs-on: ubuntu-latest
+    steps:
+      - name: install yamale
+        run: pip install 'yamale>=5.2.1,<6'
+      - name: checkout
+        uses: actions/checkout@v4
+      - name: lint tools yaml
+        run: yamale -s _data/.schema/tools.schema.yaml  _data/tools.yml

_data/.schema/tools.schema.yaml

@@ -0,0 +1,29 @@
+# yamale schema syntax: https://github.com/23andMe/Yamale#schema
+list(include('tool'))
+
+---
+
+tool:
+  name: str()
+  publisher: str()
+  description: str() # all after 250 chars is truncated
+  repoUrl: str(required=False)
+  websiteUrl: str(matches='^https?://.+')
+  categories: list(include('category'))
+
+# see _data/tool-categories.yml
+category: >
+  enum(
+  'opensource',
+  'proprietary',
+  'build-integration',
+  'analysis',
+  'author',
+  'github-action',
+  'github-app',
+  'transform',
+  'library',
+  'signing-notary',
+  'distribute'
+  )
+

_data/tools.yml

@@ -1,4 +1,8 @@
 ---
+
+# `description` will be truncated at 250 characters
+# `categories` values may be the keys from `tool-categories.yml` file
+
 - name: CycloneDX Core for Java
   publisher: CycloneDX
   description: Library which facilitates the creation of SBOMs from Java objects,
@@ -783,7 +787,7 @@
   websiteUrl: https://github.com/conan-io/conan-extensions
   categories:
   - opensource
-  - build-integration  
+  - build-integration
 - name: Checkov
   publisher: Checkov
   description: Prevent cloud misconfigurations during build-time for Terraform, Cloudformation,
@@ -1708,7 +1712,7 @@
   websiteUrl: https://github.com/nscuro/cdx-central
   categories:
     - opensource
-    - distribution
+    - distribute
 - name: cdx-vs-cdx
   publisher: marcosanchotene
   description: GUI tool to compare two SBOMs in CycloneDX JSON format.
@@ -1800,10 +1804,10 @@
   - distribute
   - build-integration
   - proprietary
-  - gitHub-app
+  - github-app
   - analysis
   - author
-- name: Athena 
+- name: Athena
   publisher: Medical Aegis Inc
   description: Athena is a SaaS solution for medical device makers that overlays the product development lifecycle to address risks before devices go to market.
   websiteUrl: https://medicalaegis.com
@@ -1884,7 +1888,7 @@
   categories:
   - opensource
   - analysis
-  - distribution
+  - distribute
 - name: SUM Platform
   publisher: Security Pattern
   description: SBOM management and vulnerability monitoring platform for IoT and embedded systems. Show compliance to regulations and standards and manage risk across the entire product lifecycle.
@@ -1947,7 +1951,7 @@
   - author
   - build-integration
   - distribute
-  - gitHub-app
+  - github-app
   - github-action
 - name: cyclonedx_deps_to_mermaid.xsl
   publisher: Jan Kowalleck
@@ -1981,3 +1985,6 @@
   categories:
   - analysis
   - opensource
+
+# `description` will be truncated at 250 characters
+# `categories` values may be the keys from `tool-categories.yml` file