feat: Add a reporter that writes a JSON schema for ORT results

This is mostly to assist the ORT community with writing external
tooling. But it could also be used to detect breaking ORT results
changes in the future, and introduce / bump an output file format
version.

Signed-off-by: Sebastian Schuberth <[email protected]>

Author: sschuberth

gradle/libs.versions.toml

@@ -121,6 +121,7 @@ jackson-databind = { module = "com.fasterxml.jackson.core:jackson-databind", ver
 jackson-dataformat-yaml = { module = "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml", version.ref = "jackson" }
 jackson-datatype-jsr310 = { module = "com.fasterxml.jackson.datatype:jackson-datatype-jsr310", version.ref = "jackson" }
 jackson-module-kotlin = { module = "com.fasterxml.jackson.module:jackson-module-kotlin", version.ref = "jackson" }
+jackson-module-jsonSchema = { module = "com.fasterxml.jackson.module:jackson-module-jsonSchema", version.ref = "jackson" }
 jakartaMail = { module = "com.sun.mail:jakarta.mail", version.ref = "jakartaMail" }
 jakartaRestApi = { module = "jakarta.ws.rs:jakarta.ws.rs-api", version.ref = "jakartaRestApi" }
 jgit = { module = "org.eclipse.jgit:org.eclipse.jgit", version.ref = "jgit" }

integrations/completions/ort-completion.fish

@@ -149,7 +149,7 @@ complete -c ort -f -n __fish_use_subcommand -a report -d 'Present Analyzer, Scan
 ## Options for report
 complete -c ort -n "__fish_seen_subcommand_from report" -l ort-file -s i -r -F -d 'The ORT result file to use.'
 complete -c ort -n "__fish_seen_subcommand_from report" -l output-dir -s o -r -F -d 'The output directory to store the generated reports in.'
-complete -c ort -n "__fish_seen_subcommand_from report" -l report-formats -s f -r -d 'A comma-separated list of report formats to generate, any of [AOSD2.0, AOSD2.1, CtrlXAutomation, CycloneDX, DocBookTemplate, EvaluatedModel, FossID, FossIdSnippet, HtmlTemplate, ManPageTemplate, Opossum, PdfTemplate, PlainTextTemplate, SpdxDocument, StaticHTML, TrustSource, WebApp].'
+complete -c ort -n "__fish_seen_subcommand_from report" -l report-formats -s f -r -d 'A comma-separated list of report formats to generate, any of [AOSD2.0, AOSD2.1, CtrlXAutomation, CycloneDX, DocBookTemplate, EvaluatedModel, FossID, FossIdSnippet, HtmlTemplate, ManPageTemplate, Opossum, OrtResultSchema, PdfTemplate, PlainTextTemplate, SpdxDocument, StaticHTML, TrustSource, WebApp].'
 complete -c ort -n "__fish_seen_subcommand_from report" -l copyright-garbage-file -r -F -d 'A file containing copyright statements which are marked as garbage. This can make the output inconsistent with the evaluator output but is useful when testing copyright garbage.'
 complete -c ort -n "__fish_seen_subcommand_from report" -l custom-license-texts-dir -r -F -d 'A directory which maps custom license IDs to license texts. It should contain one text file per license with the license ID as the filename. A custom license text is used only if its ID has a \'LicenseRef-\' prefix and if the respective license text is not known by ORT.'
 complete -c ort -n "__fish_seen_subcommand_from report" -l how-to-fix-text-provider-script -r -F -d 'The path to a Kotlin script which returns an instance of a \'HowToFixTextProvider\'. That provider injects how-to-fix texts in Markdown format for ORT issues.'

plugins/reporters/ort-result-schema/build.gradle.kts

@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+plugins {
+    // Apply precompiled plugins.
+    id("ort-plugin-conventions")
+}
+
+dependencies {
+    api(projects.model)
+    api(projects.reporter)
+
+    ksp(projects.reporter)
+
+    implementation(libs.jackson.module.jsonSchema)
+
+    funTestImplementation(testFixtures(projects.reporter))
+    funTestImplementation(libs.jsonSchemaValidator)
+}

plugins/reporters/ort-result-schema/src/funTest/kotlin/OrtResultSchemaReporterFunTest.kt

@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.reporters.ortresultschema
+
+import com.fasterxml.jackson.databind.JsonNode
+
+import com.networknt.schema.JsonSchemaFactory
+import com.networknt.schema.SpecVersion
+import com.networknt.schema.serialization.JsonNodeReader
+
+import io.kotest.core.spec.style.WordSpec
+import io.kotest.engine.spec.tempdir
+import io.kotest.matchers.collections.beEmpty
+import io.kotest.matchers.collections.shouldBeSingleton
+import io.kotest.matchers.file.aFile
+import io.kotest.matchers.result.shouldBeSuccess
+import io.kotest.matchers.should
+import io.kotest.matchers.shouldBe
+
+import org.ossreviewtoolkit.model.jsonMapper
+import org.ossreviewtoolkit.reporter.ORT_RESULT
+import org.ossreviewtoolkit.reporter.ReporterInput
+
+class OrtResultSchemaReporterFunTest : WordSpec({
+    "The generated schema" should {
+        "successfully validate the ORT_RESULT constant" {
+            val nodeReader = JsonNodeReader.builder().jsonMapper(jsonMapper).build()
+            val schemaV4 = JsonSchemaFactory
+                .builder(JsonSchemaFactory.getInstance(SpecVersion.VersionFlag.V4))
+                .jsonNodeReader(nodeReader)
+                .build()
+
+            val outputDir = tempdir()
+            val reportFiles = OrtResultSchemaReporter().generateReport(ReporterInput(ORT_RESULT), outputDir)
+
+            reportFiles.shouldBeSingleton { result ->
+                result shouldBeSuccess { file ->
+                    file shouldBe aFile()
+
+                    val schema = file.readText()
+                    val node = jsonMapper.valueToTree<JsonNode>(ORT_RESULT)
+                    val errors = schemaV4.getSchema(schema).validate(node)
+
+                    errors should beEmpty()
+                }
+            }
+        }
+    }
+})

plugins/reporters/ort-result-schema/src/main/kotlin/OrtResultSchemaReporter.kt

@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2025 The ORT Project Authors (see <https://github.com/oss-review-toolkit/ort/blob/main/NOTICE>)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.plugins.reporters.ortresultschema
+
+import com.fasterxml.jackson.databind.ObjectMapper
+import com.fasterxml.jackson.module.jsonSchema.JsonSchemaGenerator
+
+import java.io.File
+
+import org.ossreviewtoolkit.model.OrtResult
+import org.ossreviewtoolkit.plugins.api.OrtPlugin
+import org.ossreviewtoolkit.plugins.api.PluginDescriptor
+import org.ossreviewtoolkit.reporter.Reporter
+import org.ossreviewtoolkit.reporter.ReporterFactory
+import org.ossreviewtoolkit.reporter.ReporterInput
+
+@OrtPlugin(
+    id = "OrtResultSchema",
+    displayName = "ORT result JSON schema",
+    description = "A reporter to serialize the JSON schema for ORT result files.",
+    factory = ReporterFactory::class
+)
+class OrtResultSchemaReporter(
+    override val descriptor: PluginDescriptor = OrtResultSchemaReporterFactory.descriptor
+) : Reporter {
+    private val nullableRuns = setOf("analyzer", "scanner", "advisor", "evaluator")
+
+    override fun generateReport(input: ReporterInput, outputDir: File): List<Result<File>> {
+        val mapper = ObjectMapper()
+        val generator = JsonSchemaGenerator(mapper)
+
+        val schemeFileResult = runCatching {
+            val schema = generator.generateSchema(OrtResult::class.java)
+
+            outputDir.resolve("ort-result-schema.json").also { schemaFile ->
+                val schemaJson = mapper.writerWithDefaultPrettyPrinter().writeValueAsString(schema)
+
+                // Fixup the V3 schema generated by Jackson to be V4 validatable.
+                val finalSchemaJson = nullableRuns.fold(schemaJson) { updatedSchemaJson, tool ->
+                    updatedSchemaJson.replace(
+                        """
+                        |    "$tool" : {
+                        |      "type" : "object",
+                        """.trimMargin(),
+                        """
+                        |    "$tool" : {
+                        |      "type" : ["object", "null"],
+                        """.trimMargin()
+                    )
+                }
+
+                schemaFile.writeText(finalSchemaJson)
+            }
+        }
+
+        return listOf(schemeFileResult)
+    }
+}

website/docs/tools/reporter.md

@@ -28,6 +28,7 @@ Currently, the following formats are supported (reporter names are case-insensit
   * Summarize all license texts and copyrights (`-f PlainTextTemplate -O PlainTextTemplate=template.id=NOTICE_SUMMARY`)
   * Customizable with [Apache Freemarker](https://freemarker.apache.org/) templates
 * [OpossumUI](https://github.com/opossum-tool/opossumUI) input (`-f Opossum`)
+* [ORT Result Schema](https://github.com/oss-review-toolkit/ort/blob/main/model/src/main/kotlin/OrtResult.kt) input (`-f OrtResultSchema`)
 * [SPDX Document](https://spdx.dev/specifications/), version 2.2 (`-f SpdxDocument`)
 * Static HTML (`-f StaticHtml`)
 * [TrustSource](https://www.trustsource.io/) JSON file (`-f TrustSource`)