fix(openapi): sync with openapi definition (#229)

github-actions[bot] · web-flow · commit 2f2e99a3d5f6 · 2024-09-18T10:34:12.000+02:00
Co-authored-by: github-actions[bot] &lt;41898282+github-actions[bot]@users.noreply.github.com&gt;
diff --git a/openapi.json b/openapi.json
@@ -1191,53 +1191,59 @@
         "additionalProperties": false,
         "description": "",
         "properties": {
-          "requiredApprovalSources": {
+          "allowedApprovalSources": {
             "type": "array",
             "items": {
               "type": "string",
               "description": "",
               "default": ""
             }
           },
-          "allowedApprovalSources": {
+          "allowedFamilies": {
             "type": "array",
             "items": {
               "type": "string",
               "description": "",
               "default": ""
             }
           },
-          "allowedFamilies": {
+          "allowedTiers": {
             "type": "array",
             "items": {
               "type": "string",
               "description": "",
               "default": ""
             }
           },
-          "allowedTiers": {
+          "allowedStrings": {
             "type": "array",
             "items": {
               "type": "string",
               "description": "",
               "default": ""
             }
           },
-          "allowedSpdxAtoms": {
+          "allowedPURLs": {
             "type": "array",
             "items": {
               "type": "string",
               "description": "",
               "default": ""
             }
+          },
+          "focusAlertsHere": {
+            "type": "boolean",
+            "default": false,
+            "description": ""
           }
         },
         "required": [
           "allowedApprovalSources",
           "allowedFamilies",
-          "allowedSpdxAtoms",
+          "allowedPURLs",
+          "allowedStrings",
           "allowedTiers",
-          "requiredApprovalSources"
+          "focusAlertsHere"
         ]
       },
       "CDXComponentSchema": {
@@ -7459,7 +7465,7 @@
             ]
           }
         ],
-        "description": "Diff the license information from a list of packages (as PURL strings) with a configurable license allow list.\nPackage URLs (PURLs) are an ecosystem agnostic way to identify packages.\n\n## Allow List Schema\n\n```json\n{\n  requiredApprovalSources?: Array<\"fsf\" | \"osi\">,\n  allowedApprovalSources?: Array<\"fsf\" | \"osi\">,\n  allowedFamilies?: Array<\"copyleft\" | \"permissive\">,\n  allowedTiers?: Array<PermissiveTier | CopyleftTier>,\n  allowedSpdxAtoms?: Array<string>\n}\n```\n\nwhere\n\nPermissiveTier ::= \"model permissive\" | \"gold\" | \"silver\" | \"bronze\" | \"lead\"\nCopyleftTier ::= \"maximal copyleft\" | \"network copyleft\" | \"strong copyleft\" | \"weak copyleft\"\n\nreaders can learn more about [copyleft tiers](https://blueoakcouncil.org/copyleft) and [permissive tiers](https://blueoakcouncil.org/list) by reading the linked resources.\n\n## Return value\n\nThe returned values are objects containing information about license data from the requested\nPURLs which violates the allow list. The returned objects contain an spdx disjunction describing the\nlicense data for the violation, the provenance of that information, and a filepath to the source\nof the violation (if one is available; there may not be an available path for things like license information\ntaken from registry metdata). Returned objects have the following shape:\n```json\n{\n  spdxDisj: string,\n  provenance: string,\n  filepath?: string,\n}\n```\n\n### Example request bodies:\n```json\n{\n  \"components\": [\n    {\n      \"purl\": \"pkg:pypi/alt-aiohttp-cors@0.7.1?artifact_id=tar-gz\"\n    },\n    {\n      \"purl\": \"pkg:npm/express@4.19.2\"\n    }\n  ],\n  \"license_allow_list\": {\n    \"allowedFamilies\": [\"permissive\"],\n    \"allowedSpdxAtoms\": [\"GPL-1.0-only WITH Autoconf-exception-3.0\"]\n  }\n}\n```\n\nThis endpoint consumes 100 units of your quota.\n\nThis endpoint requires the following org token scopes:\n- packages:list",
+        "description": "Compare the license data found for a list of packages (as PURL strings) with a configurable license allow list,\nreturning information about license data which does not comply with the license allow list.\n\n## Allow List Schema\n\n```json\n{\n  allowedApprovalSources?: Array<\"fsf\" | \"osi\">,\n  allowedFamilies?: Array<\"copyleft\" | \"permissive\">,\n  allowedTiers?: Array<PermissiveTier | CopyleftTier>,\n  allowedStrings?: Array<string>\n  allowedPURLs?: Array<string>\n  focusAlertsHere?: boolean\n}\n```\n\nwhere\n\nPermissiveTier ::= \"model permissive\" | \"gold\" | \"silver\" | \"bronze\" | \"lead\"\nCopyleftTier ::= \"maximal copyleft\" | \"network copyleft\" | \"strong copyleft\" | \"weak copyleft\"\n\nreaders can learn more about [copyleft tiers](https://blueoakcouncil.org/copyleft) and [permissive tiers](https://blueoakcouncil.org/list) by reading the linked resources.\n\n## Return value\n\nFor each requested PURL, an array is returned. Each array contains a list of license policy violations \ndetected for the requested PURL.\n\nViolations are accompanied by a string identifying the offending license data as `spdxAtomOrExtraData`,\na message describing why the license data is believed to be incompatible with the license policy, and a list\nof locations (by filepath or other provenance information) where the offending license data may be found.\n\n```json\nArray<\n  Array<{\n    purl: string,\n    spdxAtomOrExtraData: string,\n    violationExplanation: string,\n    filepathOrProvenance: Array<string>\n  }>\n>\n```\n\n### Example request bodies:\n```json\n{\n  \"components\": [\n    {\n      \"purl\": \"pkg:pypi/alt-aiohttp-cors@0.7.1?artifact_id=tar-gz\"\n    },\n    {\n      \"purl\": \"pkg:npm/express@4.19.2\"\n    }\n  ],\n  \"license_allow_list\": {\n    \"allowedApprovalSources: [\"fsf\", \"osi\"],\n    \"allowedFamilies\": [\"permissive\"],\n    \"allowedStrings\": [\"License :: OSI Approved :: BSD License\", \"UniqueLicense-2.0\"]\n  }\n}\n```\n\nThis endpoint consumes 100 units of your quota.\n\nThis endpoint requires the following org token scopes:\n- packages:list",
         "responses": {
           "200": {
             "content": {
diff --git a/types/api.d.ts b/types/api.d.ts
@@ -88,18 +88,19 @@ export interface paths {
   "/license-policy": {
     /**
      * License Policy (Beta)
-     * @description Diff the license information from a list of packages (as PURL strings) with a configurable license allow list.
-     * Package URLs (PURLs) are an ecosystem agnostic way to identify packages.
+     * @description Compare the license data found for a list of packages (as PURL strings) with a configurable license allow list,
+     * returning information about license data which does not comply with the license allow list.
      *
      * ## Allow List Schema
      *
      * ```json
      * {
-     *   requiredApprovalSources?: Array<"fsf" | "osi">,
      *   allowedApprovalSources?: Array<"fsf" | "osi">,
      *   allowedFamilies?: Array<"copyleft" | "permissive">,
      *   allowedTiers?: Array<PermissiveTier | CopyleftTier>,
-     *   allowedSpdxAtoms?: Array<string>
+     *   allowedStrings?: Array<string>
+     *   allowedPURLs?: Array<string>
+     *   focusAlertsHere?: boolean
      * }
      * ```
      *
@@ -112,17 +113,22 @@ export interface paths {
      *
      * ## Return value
      *
-     * The returned values are objects containing information about license data from the requested
-     * PURLs which violates the allow list. The returned objects contain an spdx disjunction describing the
-     * license data for the violation, the provenance of that information, and a filepath to the source
-     * of the violation (if one is available; there may not be an available path for things like license information
-     * taken from registry metdata). Returned objects have the following shape:
+     * For each requested PURL, an array is returned. Each array contains a list of license policy violations
+     * detected for the requested PURL.
+     *
+     * Violations are accompanied by a string identifying the offending license data as `spdxAtomOrExtraData`,
+     * a message describing why the license data is believed to be incompatible with the license policy, and a list
+     * of locations (by filepath or other provenance information) where the offending license data may be found.
+     *
      * ```json
-     * {
-     *   spdxDisj: string,
-     *   provenance: string,
-     *   filepath?: string,
-     * }
+     * Array<
+     *   Array<{
+     *     purl: string,
+     *     spdxAtomOrExtraData: string,
+     *     violationExplanation: string,
+     *     filepathOrProvenance: Array<string>
+     *   }>
+     * >
      * ```
      *
      * ### Example request bodies:
@@ -137,8 +143,9 @@ export interface paths {
      *     }
      *   ],
      *   "license_allow_list": {
+     *     "allowedApprovalSources: ["fsf", "osi"],
      *     "allowedFamilies": ["permissive"],
-     *     "allowedSpdxAtoms": ["GPL-1.0-only WITH Autoconf-exception-3.0"]
+     *     "allowedStrings": ["License :: OSI Approved :: BSD License", "UniqueLicense-2.0"]
      *   }
      * }
      * ```
@@ -834,11 +841,13 @@ export interface components {
       purl: string;
     };
     LicenseAllowList: {
-      requiredApprovalSources: string[];
       allowedApprovalSources: string[];
       allowedFamilies: string[];
       allowedTiers: string[];
-      allowedSpdxAtoms: string[];
+      allowedStrings: string[];
+      allowedPURLs: string[];
+      /** @default false */
+      focusAlertsHere: boolean;
     };
     CDXComponentSchema: {
       /** @default */
@@ -2527,18 +2536,19 @@ export interface operations {
   };
   /**
    * License Policy (Beta)
-   * @description Diff the license information from a list of packages (as PURL strings) with a configurable license allow list.
-   * Package URLs (PURLs) are an ecosystem agnostic way to identify packages.
+   * @description Compare the license data found for a list of packages (as PURL strings) with a configurable license allow list,
+   * returning information about license data which does not comply with the license allow list.
    *
    * ## Allow List Schema
    *
    * ```json
    * {
-   *   requiredApprovalSources?: Array<"fsf" | "osi">,
    *   allowedApprovalSources?: Array<"fsf" | "osi">,
    *   allowedFamilies?: Array<"copyleft" | "permissive">,
    *   allowedTiers?: Array<PermissiveTier | CopyleftTier>,
-   *   allowedSpdxAtoms?: Array<string>
+   *   allowedStrings?: Array<string>
+   *   allowedPURLs?: Array<string>
+   *   focusAlertsHere?: boolean
    * }
    * ```
    *
@@ -2551,17 +2561,22 @@ export interface operations {
    *
    * ## Return value
    *
-   * The returned values are objects containing information about license data from the requested
-   * PURLs which violates the allow list. The returned objects contain an spdx disjunction describing the
-   * license data for the violation, the provenance of that information, and a filepath to the source
-   * of the violation (if one is available; there may not be an available path for things like license information
-   * taken from registry metdata). Returned objects have the following shape:
+   * For each requested PURL, an array is returned. Each array contains a list of license policy violations
+   * detected for the requested PURL.
+   *
+   * Violations are accompanied by a string identifying the offending license data as `spdxAtomOrExtraData`,
+   * a message describing why the license data is believed to be incompatible with the license policy, and a list
+   * of locations (by filepath or other provenance information) where the offending license data may be found.
+   *
    * ```json
-   * {
-   *   spdxDisj: string,
-   *   provenance: string,
-   *   filepath?: string,
-   * }
+   * Array<
+   *   Array<{
+   *     purl: string,
+   *     spdxAtomOrExtraData: string,
+   *     violationExplanation: string,
+   *     filepathOrProvenance: Array<string>
+   *   }>
+   * >
    * ```
    *
    * ### Example request bodies:
@@ -2576,8 +2591,9 @@ export interface operations {
    *     }
    *   ],
    *   "license_allow_list": {
+   *     "allowedApprovalSources: ["fsf", "osi"],
    *     "allowedFamilies": ["permissive"],
-   *     "allowedSpdxAtoms": ["GPL-1.0-only WITH Autoconf-exception-3.0"]
+   *     "allowedStrings": ["License :: OSI Approved :: BSD License", "UniqueLicense-2.0"]
    *   }
    * }
    * ```
