Rework the implementation of documentDescribes in SPDX module

Signed-off-by: tdruez <[email protected]>

Author: tdruez

scanpipe/pipes/output.py

@@ -700,17 +700,18 @@ def to_spdx(project, include_files=False):
     Return the path of the generated output file.
     """
     output_file = project.get_output_file_path("results", "spdx.json")
+    document_spdx_id = f"SPDXRef-DOCUMENT-{project.uuid}"
 
     discoveredpackage_qs = get_queryset(project, "discoveredpackage")
     discovereddependency_qs = get_queryset(project, "discovereddependency")
 
-    document_spdx_id = f"SPDXRef-DOCUMENT-{project.uuid}"
     project_as_root_package = spdx.Package(
         spdx_id=f"SPDXRef-scancodeio-project-{project.uuid}",
         name=project.name,
         files_analyzed=True,
     )
-    packages_as_spdx = []
+
+    packages_as_spdx = [project_as_root_package]
     license_expressions = []
     relationships = []
 
@@ -747,7 +748,7 @@ def to_spdx(project, include_files=False):
         spdx_id=document_spdx_id,
         name=f"scancodeio_{project.name}",
         namespace=f"https://scancode.io/spdxdocs/{project.uuid}",
-        describe=project_as_root_package,
+        describes=[project_as_root_package.spdx_id],
         creation_info=spdx.CreationInfo(tool=f"ScanCode.io-{scancodeio_version}"),
         packages=packages_as_spdx,
         files=files_as_spdx,

scanpipe/pipes/spdx.py

@@ -43,7 +43,6 @@
 
 Usage::
 
-    import pathlib
     from scanpipe.pipes import spdx
 
     creation_info = spdx.CreationInfo(
@@ -53,6 +52,11 @@
         tool="SPDXCode-1.0",
     )
 
+    root_package = spdx.Package(
+        spdx_id="SPDXRef-project1",
+        name="project1",
+    )
+
     package1 = spdx.Package(
         spdx_id="SPDXRef-package1",
         name="lxml",
@@ -76,8 +80,9 @@
     document = spdx.Document(
         name="Document name",
         namespace="https://[CreatorWebsite]/[pathToSpdx]/[DocumentName]-[UUID]",
+        describes=[root_package.spdx_id],
         creation_info=creation_info,
-        packages=[package1],
+        packages=[root_package, package1],
         extracted_licenses=[
             spdx.ExtractedLicensingInfo(
                 license_id="LicenseRef-1",
@@ -93,7 +98,7 @@
     print(document.as_json())
 
     # Validate document
-    schema = pathlib.Path(spdx.SPDX_JSON_SCHEMA_LOCATION).read_text()
+    schema = spdx.SPDX_SCHEMA_PATH.read_text()
     document.validate(schema)
 
     # Write document to a file:
@@ -542,7 +547,7 @@ class Document:
 
     name: str
     namespace: str
-    describe: Package
+    describes: list
     creation_info: CreationInfo
     packages: list[Package]
 
@@ -557,18 +562,15 @@ class Document:
 
     def as_dict(self):
         """Return the SPDX document as a serializable dict."""
-        packages = [self.describe.as_dict()]
-        packages.extend([package.as_dict() for package in self.packages])
-
         data = {
             "spdxVersion": f"SPDX-{self.version}",
             "dataLicense": self.data_license,
             "SPDXID": self.spdx_id,
             "name": self.safe_document_name(self.name),
             "documentNamespace": self.namespace,
-            "documentDescribes": [self.describe.spdx_id],
+            "documentDescribes": self.describes,
             "creationInfo": self.creation_info.as_dict(),
-            "packages": packages,
+            "packages": [package.as_dict() for package in self.packages],
         }
 
         if self.files:
@@ -601,6 +603,7 @@ def from_data(cls, data):
             data_license=data.get("dataLicense"),
             name=data.get("name"),
             namespace=data.get("documentNamespace"),
+            describes=data.get("documentDescribes"),
             creation_info=CreationInfo.from_data(data.get("creationInfo", {})),
             packages=[
                 Package.from_data(package_data)