Merge pull request #3415 from nexB/release-prep-v32.0.2

AyanSinhaMahapatra · web-flow · commit 16cd9b43288f · 2023-05-27T01:41:08.000+05:30
Release Prep v32.0.2
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -41,6 +41,17 @@ v32.1.0 (next, roadmap)
   of these in other summary plugins.
   See https://github.com/nexB/scancode-toolkit/issues/1745
 
+
+v32.0.2 - 2023-05-26
+---------------------
+
+This is a minor bugfix release with the following update:
+
+- New release v30.1.1 of license-expression with support for new license keys
+  added. Also fail verbosely in `build_spdx_license_expression` for invalid and
+  deprecated license keys.
+
+
 v32.0.1 - 2023-05-23
 ---------------------
 
diff --git a/etc/thirdparty/virtualenv.pyz b/etc/thirdparty/virtualenv.pyz
diff --git a/etc/thirdparty/virtualenv.pyz.ABOUT b/etc/thirdparty/virtualenv.pyz.ABOUT
@@ -1,7 +1,7 @@
 about_resource: virtualenv.pyz
 name: get-virtualenv
-version: 20.16.3
-download_url: https://github.com/pypa/get-virtualenv/blob/20.16.3/public/virtualenv.pyz
+version: 20.23.0
+download_url: https://github.com/pypa/get-virtualenv/raw/20.23.0/public/virtualenv.pyz
 description: virtualenv is a tool to create isolated Python environments.
 homepage_url: https://github.com/pypa/virtualenv
 license_expression: lgpl-2.1-plus AND (bsd-new OR apache-2.0) AND mit AND python AND bsd-new
@@ -10,6 +10,6 @@ copyright: Copyright (c) The Python Software Foundation and others
 redistribute: yes
 attribute: yes
 track_changes: yes
-package_url: pkg:github/pypa/get-virtualenv@20.16.3#public/virtualenv.pyz
+package_url: pkg:github/pypa/get-virtualenv@20.23.0#public/virtualenv.pyz
 notes: this archive has been modified from the original to remove extra
  embedded wheels that are not needed as we support only Python 3.7+
diff --git a/requirements.txt b/requirements.txt
@@ -34,7 +34,7 @@ jaraco.functools==3.5.1
 javaproperties==0.8.1
 Jinja2==3.1.2
 jsonstreams==0.6.0
-license-expression==30.0.0
+license-expression==30.1.1
 lxml==4.9.2
 MarkupSafe==2.1.2
 more-itertools==8.13.0
diff --git a/setup-mini.cfg b/setup-mini.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = scancode-toolkit
-version = 32.0.1
+version = 32.0.2
 license = Apache-2.0 AND CC-BY-4.0 AND LicenseRef-scancode-other-permissive AND LicenseRef-scancode-other-copyleft
 
 # description must be on ONE line https://github.com/pypa/setuptools/issues/1390
@@ -85,7 +85,7 @@ install_requires =
     javaproperties >= 0.5
     jinja2 >= 2.7.0
     jsonstreams >= 0.5.0
-    license_expression >= 30.0.0
+    license_expression >= 30.1.1
     lxml >= 4.9.2
     MarkupSafe >= 2.1.2
     packageurl_python >= 0.9.0
diff --git a/setup.cfg b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = scancode-toolkit
-version = 32.0.1
+version = 32.0.2
 license = Apache-2.0 AND CC-BY-4.0 AND LicenseRef-scancode-other-permissive AND LicenseRef-scancode-other-copyleft
 
 # description must be on ONE line https://github.com/pypa/setuptools/issues/1390
@@ -85,7 +85,7 @@ install_requires =
     javaproperties >= 0.5
     jinja2 >= 2.7.0
     jsonstreams >= 0.5.0
-    license_expression >= 30.0.0
+    license_expression >= 30.1.1
     lxml >= 4.9.2
     MarkupSafe >= 2.1.2
     packageurl_python >= 0.9.0
diff --git a/src/licensedcode/cache.py b/src/licensedcode/cache.py
@@ -510,5 +510,47 @@ def build_spdx_license_expression(license_expression, licensing=None):
     """
     if not licensing:
         licensing = get_licensing()
+    validate_spdx_license_keys(license_expression=license_expression, licensing=licensing)
     parsed = licensing.parse(license_expression)
     return parsed.render(template='{symbol.wrapped.spdx_license_key}')
+
+
+def validate_spdx_license_keys(license_expression, licensing):
+    """
+    Raise InvalidLicenseKeyError for the cases where the there is no corresponding :
+
+    """
+    from licensedcode.models import load_licenses
+
+    license_keys = licensing.license_keys(license_expression)
+    license_db = get_licenses_db()
+
+    messages = []
+
+    for key in license_keys:
+        if not type(key) == str:
+            msg = f"Invalid license key: {key} of type {type(key)}, license key should be a string"
+            messages.append(msg)
+    
+        lic = license_db.get(key, None)
+        if not lic:
+            licenses = load_licenses(with_deprecated=True)
+            if licenses.get(key, None):
+                msg = f"License key: {key} is deprecated license key in LicenseDB"
+            else:
+                msg = f"License key: {key} is not a valid license key from LicenseDB"
+            messages.append(msg)
+
+        parsed = licensing.parse(key)
+        try:
+            parsed.render(template='{symbol.wrapped.spdx_license_key}')
+        except AttributeError:
+            messages.append(msg)
+            pass
+
+    if messages:
+        raise InvalidLicenseKeyError(messages)
+
+
+class InvalidLicenseKeyError(Exception):
+    pass
diff --git a/src/scancode_config.py b/src/scancode_config.py
@@ -132,11 +132,11 @@ def _create_dir(location):
 # 4. hardcoded This is the default, fallback version in case package is not installed or we
 # do not have a proper version otherwise.
 if not __version__:
-    __version__ = '32.0.1'
+    __version__ = '32.0.2'
 
 #######################
 # used to warn user when the version is out of date
-__release_date__ = datetime.datetime(2023, 5, 23)
+__release_date__ = datetime.datetime(2023, 5, 26)
 
 # See https://github.com/nexB/scancode-toolkit/issues/2653 for more information
 # on the data format version
diff --git a/tests/licensedcode/test_zzzz_cache.py b/tests/licensedcode/test_zzzz_cache.py
@@ -155,3 +155,32 @@ def test_get_spdx_symbols_checks_duplicates_with_deprecated_on_live_db(self):
         from licensedcode.models import load_licenses
         test_licenses = load_licenses(with_deprecated=True)
         cache.get_spdx_symbols(licenses_db=test_licenses)
+
+    def test_build_spdx_license_expression(self):
+        from licensedcode.cache import build_spdx_license_expression
+        assert build_spdx_license_expression("mit")
+    
+    def test_build_spdx_license_expression_fails_on_invalid_key_none(self):
+        from licensedcode.cache import build_spdx_license_expression
+        from licensedcode.cache import InvalidLicenseKeyError
+        try:
+            build_spdx_license_expression("mit AND None")
+        except InvalidLicenseKeyError:
+            pass
+
+    def test_build_spdx_license_expression_fails_on_deprecated_license(self):
+        # TODO: this should not fail, see https://github.com/nexB/scancode-toolkit/issues/3400
+        from licensedcode.cache import build_spdx_license_expression
+        from licensedcode.cache import InvalidLicenseKeyError
+        try:
+            assert build_spdx_license_expression("broadcom-linking-unmodified")
+        except InvalidLicenseKeyError:
+            pass
+
+    def test_build_spdx_license_expression_fails_on_invalid_key(self):
+        from licensedcode.cache import build_spdx_license_expression
+        from licensedcode.cache import InvalidLicenseKeyError
+        try:
+            assert build_spdx_license_expression("mitt")
+        except InvalidLicenseKeyError:
+            pass
