scripts: zephyr_module: Fix PackageDownloadUrl

If download URL comes from a git repository, includes this in the pattern
of the URL as specified in SPDX specification.

Signed-off-by: Thomas Gagneret <thomas.gagneret@gmail.com>

doc/develop/modules.rst

@@ -577,7 +577,7 @@ Vulnerability monitoring
 The module description file :file:`zephyr/module.yml` can be used to improve vulnerability monitoring.
 
 If your module needs to track vulnerabilities using an external reference
-(e.g your module is forked from an other repository), you can use the ``security`` section.
+(e.g your module is forked from another repository), you can use the ``security`` section.
 It contains the field ``external-references`` that contains a list of references that needs to
 be monitored for your module. The supported formats are:
 

scripts/west_commands/zspdx/writer.py

@@ -51,6 +51,18 @@ def writeFileSPDX(f, bf):
             writeRelationshipSPDX(f, rln)
         f.write("\n")
 
+def generateDowloadUrl(url, revision):
+    # Only git is supported
+    # walker.py only parse revision if it's from git repositiory
+    if len(revision) == 0 or url.startswith("git://"):
+        return url
+
+    url = url.replace("https://", "git+https://")
+    url = url.replace("http://", "git+http://")
+    url = "@".join([url, revision])
+
+    return url
+
 # Output tag-value SPDX 2.2 content for the given Package object.
 # Arguments:
 #   1) f: file handle for SPDX document
@@ -67,7 +79,8 @@ def writePackageSPDX(f, pkg):
 """)
 
     if len(pkg.cfg.url) > 0:
-        f.write(f"PackageDownloadLocation: {pkg.cfg.url}\n")
+        downloadUrl = _generateDowloadUrl(pkg.cfg.url, pkg.cfg.revision)
+        f.write(f"PackageDownloadLocation: {downloadUrl}\n")
     else:
         f.write("PackageDownloadLocation: NOASSERTION\n")