Pauldorsch/public cd contract update (#1678)

* add non-required props to typed component

* add another test

* Update test/Microsoft.ComponentDetection.Contracts.Tests/ActorInfoTests.cs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update test/Microsoft.ComponentDetection.Contracts.Tests/TypedComponentSerializationTests.cs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* updated the component type id to include the optional props

* updated othercomponent so it is backwards compatible

* update manifest

* remove non-required props

* update pip generation in validation tests

* Update src/Microsoft.ComponentDetection.Contracts/TypedComponent/TypedComponent.cs

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* update actor info

* pr feedback

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: pauld-msft

.github/workflows/snapshot-publish.yml

@@ -63,7 +63,7 @@ jobs:
         run:
           dotnet run scan --Verbosity Verbose --SourceDirectory ${{ github.workspace }}/test/Microsoft.ComponentDetection.VerificationTests/resources --Output ${{ github.workspace }}/output
           --DockerImagesToScan "docker.io/library/debian@sha256:9b0e3056b8cd8630271825665a0613cc27829d6a24906dc0122b3b4834312f7d,mcr.microsoft.com/cbl-mariner/base/core@sha256:c1bc83a3d385eccbb2f7f7da43a726c697e22a996f693a407c35ac7b4387cd59,docker.io/library/alpine@sha256:1304f174557314a7ed9eddb4eab12fed12cb0cd9809e4c28f29af86979a3c870"
-          --DetectorArgs DockerReference=EnableIfDefaultOff,SPDX22SBOM=EnableIfDefaultOff --DirectoryExclusionList "**/pip/parallel/**;**/pip/roots/**;**/pip/pre-generated/**"
+          --DetectorArgs DockerReference=EnableIfDefaultOff,SPDX22SBOM=EnableIfDefaultOff --DirectoryExclusionList "**/pip/parallel/**;**/pip/roots/**;**/pip/pre-generated/**;**/pip/fallback/**;**/pip/index-removal/**;**/pip/simple-extras/**;**/pip/pytestresultpkg/**"
 
       - name: Upload output folder
         uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0

.github/workflows/snapshot-verify.yml

@@ -101,7 +101,7 @@ jobs:
         run:
           dotnet run scan --Verbosity Verbose --SourceDirectory ${{ github.workspace }}/test/Microsoft.ComponentDetection.VerificationTests/resources --Output ${{ github.workspace }}/output
           --DockerImagesToScan "docker.io/library/debian@sha256:9b0e3056b8cd8630271825665a0613cc27829d6a24906dc0122b3b4834312f7d,mcr.microsoft.com/cbl-mariner/base/core@sha256:c1bc83a3d385eccbb2f7f7da43a726c697e22a996f693a407c35ac7b4387cd59,docker.io/library/alpine@sha256:1304f174557314a7ed9eddb4eab12fed12cb0cd9809e4c28f29af86979a3c870"
-          --DetectorArgs DockerReference=EnableIfDefaultOff,SPDX22SBOM=EnableIfDefaultOff --MaxDetectionThreads 5 --DirectoryExclusionList "**/pip/parallel/**;**/pip/roots/**;**/pip/pre-generated/**"
+          --DetectorArgs DockerReference=EnableIfDefaultOff,SPDX22SBOM=EnableIfDefaultOff --MaxDetectionThreads 5 --DirectoryExclusionList "**/pip/parallel/**;**/pip/roots/**;**/pip/pre-generated/**;**/pip/fallback/**;**/pip/index-removal/**;**/pip/simple-extras/**;**/pip/pytestresultpkg/**"
 
       - name: Run Verification Tests
         working-directory: test/Microsoft.ComponentDetection.VerificationTests

docs/schema/manifest.schema.json

@@ -1,5 +1,38 @@
 {
   "definitions": {
+    "ActorInfo": {
+      "type": [
+        "object",
+        "null"
+      ],
+      "properties": {
+        "name": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "email": {
+          "type": [
+            "string",
+            "null"
+          ]
+        },
+        "url": {
+          "type": [
+            "string",
+            "null"
+          ],
+          "format": "uri"
+        },
+        "type": {
+          "type": [
+            "string",
+            "null"
+          ]
+        }
+      }
+    },
     "ContainerDetails": {
       "type": [
         "object",
@@ -118,8 +151,10 @@
               "Spdx",
               "Vcpkg",
               "DockerReference",
+              "Conan",
+              "Swift",
               "DotNet",
-              "Conan"
+              "CppSdk"
             ]
           }
         }
@@ -285,6 +320,15 @@
             "$ref": "#/definitions/TypedComponent"
           }
         },
+        "ancestralReferrers": {
+          "type": [
+            "array",
+            "null"
+          ],
+          "items": {
+            "$ref": "#/definitions/TypedComponent"
+          }
+        },
         "containerDetailIds": {
           "type": [
             "array",
@@ -308,6 +352,18 @@
               "type": "integer"
             }
           }
+        },
+        "targetFrameworks": {
+          "type": [
+            "array",
+            "null"
+          ],
+          "items": {
+            "type": [
+              "string",
+              "null"
+            ]
+          }
         }
       },
       "required": [
@@ -317,8 +373,10 @@
         "isDevelopmentDependency",
         "dependencyScope",
         "topLevelReferrers",
+        "ancestralReferrers",
         "containerDetailIds",
-        "containerLayerIds"
+        "containerLayerIds",
+        "targetFrameworks"
       ]
     },
     "TypedComponent": {
@@ -346,8 +404,10 @@
             "Spdx",
             "Vcpkg",
             "DockerReference",
+            "Conan",
+            "Swift",
             "DotNet",
-            "Conan"
+            "CppSdk"
           ]
         },
         "id": {
@@ -358,6 +418,41 @@
         },
         "packageUrl": {
           "$ref": "#/definitions/PackageURL"
+        },
+        "licenses": {
+          "type": [
+            "array",
+            "null"
+          ],
+          "items": {
+            "type": [
+              "string",
+              "null"
+            ]
+          }
+        },
+        "authorsInfo": {
+          "type": [
+            "array",
+            "null"
+          ],
+          "items": {
+            "$ref": "#/definitions/ActorInfo"
+          }
+        },
+        "downloadUrl": {
+          "type": [
+            "string",
+            "null"
+          ],
+          "format": "uri"
+        },
+        "sourceUrl": {
+          "type": [
+            "string",
+            "null"
+          ],
+          "format": "uri"
         }
       },
       "required": [
@@ -388,6 +483,15 @@
         "$ref": "#/definitions/Detector"
       }
     },
+    "detectorsNotInScan": {
+      "type": [
+        "array",
+        "null"
+      ],
+      "items": {
+        "$ref": "#/definitions/Detector"
+      }
+    },
     "containerDetailsMap": {
       "type": [
         "object",
@@ -417,8 +521,9 @@
   "required": [
     "componentsFound",
     "detectorsInScan",
+    "detectorsNotInScan",
     "containerDetailsMap",
     "resultCode",
     "sourceDirectory"
   ]
-}
+}

src/Microsoft.ComponentDetection.Contracts/TypedComponent/ActorInfo.cs

@@ -0,0 +1,38 @@
+namespace Microsoft.ComponentDetection.Contracts.TypedComponent;
+
+using System;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Serialization;
+using SystemTextJson = System.Text.Json.Serialization;
+
+/// <summary>
+/// Represents an actor (person, organization, or software agent) involved with a component.
+/// At least one of <see cref="Name"/>, <see cref="Email"/>, or <see cref="Url"/> should be populated.
+/// Aligned with SPDX 3.0.1 Agent subclasses.
+/// </summary>
+[JsonObject(MemberSerialization.OptOut, NamingStrategyType = typeof(CamelCaseNamingStrategy))]
+public class ActorInfo
+{
+    [SystemTextJson.JsonPropertyName("name")]
+    [SystemTextJson.JsonIgnore(Condition = SystemTextJson.JsonIgnoreCondition.WhenWritingNull)]
+    [JsonProperty("name", NullValueHandling = NullValueHandling.Ignore)]
+    public string? Name { get; set; }
+
+    [SystemTextJson.JsonPropertyName("email")]
+    [SystemTextJson.JsonIgnore(Condition = SystemTextJson.JsonIgnoreCondition.WhenWritingNull)]
+    [JsonProperty("email", NullValueHandling = NullValueHandling.Ignore)]
+    public string? Email { get; set; }
+
+    [SystemTextJson.JsonPropertyName("url")]
+    [SystemTextJson.JsonIgnore(Condition = SystemTextJson.JsonIgnoreCondition.WhenWritingNull)]
+    [JsonProperty("url", NullValueHandling = NullValueHandling.Ignore)]
+    public Uri? Url { get; set; }
+
+    /// <summary>
+    /// The type of actor. One of: "Person", "Organization", or "SoftwareAgent".
+    /// </summary>
+    [SystemTextJson.JsonPropertyName("type")]
+    [SystemTextJson.JsonIgnore(Condition = SystemTextJson.JsonIgnoreCondition.WhenWritingNull)]
+    [JsonProperty("type", NullValueHandling = NullValueHandling.Ignore)]
+    public string? Type { get; set; }
+}

src/Microsoft.ComponentDetection.Contracts/TypedComponent/CargoComponent.cs

@@ -46,5 +46,5 @@ public CargoComponent(string name, string version, string author = null, string
     [JsonPropertyName("packageUrl")]
     public override PackageURL PackageUrl => new PackageURL("cargo", string.Empty, this.Name, this.Version, null, string.Empty);
 
-    protected override string ComputeId() => $"{this.Name} {this.Version} - {this.Type}";
+    protected override string ComputeBaseId() => $"{this.Name} {this.Version} - {this.Type}";
 }

src/Microsoft.ComponentDetection.Contracts/TypedComponent/ConanComponent.cs

@@ -40,5 +40,5 @@ public ConanComponent(string name, string version, string previous, string packa
     [JsonPropertyName("packageUrl")]
     public override PackageURL PackageUrl => new PackageURL("conan", string.Empty, this.Name, this.Version, null, string.Empty);
 
-    protected override string ComputeId() => $"{this.Name} {this.Version} - {this.Type}";
+    protected override string ComputeBaseId() => $"{this.Name} {this.Version} - {this.Type}";
 }

src/Microsoft.ComponentDetection.Contracts/TypedComponent/CondaComponent.cs

@@ -49,5 +49,5 @@ public CondaComponent()
     [JsonIgnore]
     public override ComponentType Type => ComponentType.Conda;
 
-    protected override string ComputeId() => $"{this.Name} {this.Version} {this.Build} {this.Channel} {this.Subdir} {this.Namespace} {this.Url} {this.MD5} - {this.Type}";
+    protected override string ComputeBaseId() => $"{this.Name} {this.Version} {this.Build} {this.Channel} {this.Subdir} {this.Namespace} {this.Url} {this.MD5} - {this.Type}";
 }

src/Microsoft.ComponentDetection.Contracts/TypedComponent/CppSdkComponent.cs

@@ -51,5 +51,5 @@ public override PackageURL PackageUrl
         }
     }
 
-    protected override string ComputeId() => $"{this.Name} {this.Version} - {this.Type}";
+    protected override string ComputeBaseId() => $"{this.Name} {this.Version} - {this.Type}";
 }

src/Microsoft.ComponentDetection.Contracts/TypedComponent/DockerImageComponent.cs

@@ -29,5 +29,5 @@ public DockerImageComponent(string hash, string name = null, string tag = null)
     [JsonIgnore]
     public override ComponentType Type => ComponentType.DockerImage;
 
-    protected override string ComputeId() => $"{this.Name} {this.Tag} {this.Digest}";
+    protected override string ComputeBaseId() => $"{this.Name} {this.Tag} {this.Digest}";
 }

src/Microsoft.ComponentDetection.Contracts/TypedComponent/DockerReferenceComponent.cs

@@ -44,5 +44,5 @@ public DockerReference FullReference
         }
     }
 
-    protected override string ComputeId() => $"{this.Repository} {this.Tag} {this.Digest}";
+    protected override string ComputeBaseId() => $"{this.Repository} {this.Tag} {this.Digest}";
 }