Tests will be broken until #229 or #226 goes in. Can we validate the string, perhaps? That would provide a negative example. Specifically, these are in the PEP:

[project]
sbom-files = ["..\bom.json"]

[project]
sbom-files = ["bom{.json*"]

Edit: this would be fine as a followup, unless we happen to have a validator for this already.

We could also put in

[project]
name = "example"
version = "1.2.3"
sbom-files ="sboms/bom.cdx.json"

as a negative example. IIRC we manually update the changelog before release, so don't think anything is required there. But @abravalheri does releases, so not sure.

@henryiii Those are good suggestions, if I add a validator for the values I can copy that to license-files too (which makes me think it should be follow-up?)

I'll add that as a negative example to show we're intentionally not supporting strings.

Yes, reusing validators is good. ;)

I can see if I can make a PR for pyproject-metadata.

@sethmlarson I don't see dynamic listed in the PEP. Is the new field allowed to be listed in pyproject.dynamic? Separately, is it allowed in the Dynamic metadata field (meaning it can differ between the SDist and the wheel)? I think the answer is yes since that's the default for everything other than name/Name and Version?

Edit: looks like it based on the discussion thread. I think I missed license-files in Dynamic before in pyproject-metadata, as well.

Edit 2: Looks like you've listed it here in dynamic, I think that answers my question, at least about dynamic, I think that answers it for Dynamic as well.

PR at pypa/pyproject-metadata#225.

Please hold off on merging this PR, the PEP hasn't yet reached provisional status.

Understood (went ahead and set to draft too)

The PEP is accepted now, I think?

I had a look at the PEP on the occasion of the approval and I belive that the latest version does not include any changes in pyproject.toml correct?

Indeed the changes to pyproject.toml were removed from the PEP so this PR can be closed. Statically defined SBOMs will be worked on in a separate PEP.

I read it after commenting. :) I plan to work on the dynamic and static metadata PEP before PyCon, would that help yours? That’s the one I mentioned two PyCons ago and would allow something to be listed statically and also be in dynamic, allowing purely additive changes to be injected.