From d4b342421aad2ee0cb896a2f2bcfc129d5b05258 Mon Sep 17 00:00:00 2001 From: Keshav Priyadarshi Date: Wed, 4 Dec 2024 13:06:56 +0530 Subject: [PATCH 1/3] Add FederatedCode client to fetch package scan Signed-off-by: Keshav Priyadarshi --- aboutcode/federatedcode/client/__init__.py | 59 ++++++++++++++++++++++ requirements.txt | 2 +- setup.cfg | 13 ++++- 3 files changed, 72 insertions(+), 2 deletions(-) create mode 100644 aboutcode/federatedcode/client/__init__.py diff --git a/aboutcode/federatedcode/client/__init__.py b/aboutcode/federatedcode/client/__init__.py new file mode 100644 index 0000000..0e97de7 --- /dev/null +++ b/aboutcode/federatedcode/client/__init__.py @@ -0,0 +1,59 @@ +# +# Copyright (c) nexB Inc. and others. All rights reserved. +# FederatedCode is a trademark of nexB Inc. +# SPDX-License-Identifier: Apache-2.0 +# See http://www.apache.org/licenses/LICENSE-2.0 for the license text. +# See https://github.com/nexB/federatedcode for support or download. +# See https://aboutcode.org for more information about AboutCode.org OSS projects. +# + +import os +from typing import Union +from urllib.parse import urljoin + +import requests +from aboutcode.hashid import get_package_base_dir +from dotenv import load_dotenv +from packageurl import PackageURL + +load_dotenv() + +FEDERATEDCODE_GITHUB_ACCOUNT_NAME = os.getenv("FEDERATEDCODE_GITHUB_ACCOUNT_NAME") + + +class ScanNotAvailableError(Exception): + pass + + +def get_package_scan(purl: Union[PackageURL, str]): + """Return the package scan result for a PURL from the FederatedCode Git repository.""" + + if not FEDERATEDCODE_GITHUB_ACCOUNT_NAME: + raise ValueError("Provide ``FEDERATEDCODE_GITHUB_ACCOUNT_NAME`` in .env file.") + + if isinstance(purl, str): + purl = PackageURL.from_string(purl) + + if not purl.version: + raise ValueError("Missing version in PURL.") + + package_path = get_package_base_dir(purl=purl) + package_path_parts = package_path.parts + + repo_name = f"{package_path_parts[0]}/refs/heads/main" + package_dir_path = "/".join(package_path_parts[1:]) + version = purl.version + file_name = "scancodeio.json" + + url_parts = [FEDERATEDCODE_GITHUB_ACCOUNT_NAME, repo_name, package_dir_path, version, file_name] + + file_url = urljoin("https://raw.githubusercontent.com", "/".join(url_parts)) + + try: + response = requests.get(file_url) + response.raise_for_status() + return response.json() + except requests.exceptions.HTTPError as err: + if response.status_code == 404: + raise ScanNotAvailableError(f"No scan available for {purl!s}") + raise err diff --git a/requirements.txt b/requirements.txt index fe08d05..2a5f8ba 100644 --- a/requirements.txt +++ b/requirements.txt @@ -51,7 +51,7 @@ mypy-extensions==1.0.0 nh3==0.2.15 oauthlib==3.2.2 openpyxl==3.1.2 -packageurl-python==0.11.1 +packageurl-python==0.15.6 packaging==23.1 pathspec==0.11.2 Pillow==9.5.0 diff --git a/setup.cfg b/setup.cfg index 50c53ca..6425027 100644 --- a/setup.cfg +++ b/setup.cfg @@ -82,7 +82,7 @@ install_requires = jwcrypto>=1.5.0 mypy-extensions>=1.0.0 oauthlib>=3.2.2 - packageurl-python>=0.11.1 + packageurl-python>=0.15.6 packaging>=23.1 pathspec>=0.11.2 Pillow>=9.5.0 @@ -105,6 +105,17 @@ install_requires = unidiff>=0.7.5 urllib3>=2.0.3 wrapt>=1.15.0 + + # Schema + django-ninja>=1.2.1 + pydantic>=2.8.2 + + # Pipeline + aboutcode.pipeline>=0.1.0 + + # aboutcode.federatedcode.client + aboutcode.hashid>=0.1.0 + python-dotenv>=1.0.1 [options.extras_require] From 5d53c0ed1c1010d4bcb2028354d6816f9b155870 Mon Sep 17 00:00:00 2001 From: Keshav Priyadarshi Date: Wed, 4 Dec 2024 13:54:18 +0530 Subject: [PATCH 2/3] Add README for FederatedCode client Signed-off-by: Keshav Priyadarshi --- aboutcode/federatedcode/README.rst | 35 ++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 aboutcode/federatedcode/README.rst diff --git a/aboutcode/federatedcode/README.rst b/aboutcode/federatedcode/README.rst new file mode 100644 index 0000000..b6a682a --- /dev/null +++ b/aboutcode/federatedcode/README.rst @@ -0,0 +1,35 @@ +======================= +aboutcode.federatedcode +======================= + +|license| |build| + +.. |license| image:: https://img.shields.io/badge/License-Apache--2.0-blue.svg?style=for-the-badge + :target: https://opensource.org/licenses/Apache-2.0 + +.. |build| image:: https://img.shields.io/github/actions/workflow/status/aboutcode-org/federatedcode/main.yml?style=for-the-badge&logo=github + +This is a library of FederatedCode client utilities to fetch and subscribe package metadata. + + +License +======= + +Copyright (c) nexB Inc. and others. All rights reserved. + +SPDX-License-Identifier: Apache-2.0 + +See https://aboutcode.org for more information about AboutCode OSS projects. + +.. code-block:: none + + You may not use this software except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. \ No newline at end of file From 8f438adf6aeb84d0e62f77fbea26cff8520ee84c Mon Sep 17 00:00:00 2001 From: Keshav Priyadarshi Date: Wed, 4 Dec 2024 13:54:55 +0530 Subject: [PATCH 3/3] Add pyproject toml for FederatedCode client Signed-off-by: Keshav Priyadarshi --- pyproject-aboutcode.federatedcode.toml | 74 ++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 pyproject-aboutcode.federatedcode.toml diff --git a/pyproject-aboutcode.federatedcode.toml b/pyproject-aboutcode.federatedcode.toml new file mode 100644 index 0000000..fea69ec --- /dev/null +++ b/pyproject-aboutcode.federatedcode.toml @@ -0,0 +1,74 @@ +[build-system] +requires = [ "flot>=0.7.0" ] +build-backend = "flot.buildapi" + +[project] +name = "aboutcode.federatedcode" +version = "0.1.0" +description = "A library for FederatedCode client" +readme = "aboutcode/federatedcode/README.rst" +license = { text = "Apache-2.0 AND Python-2.0" } +requires-python = ">=3.9" + +authors = [ + { name = "AboutCode, nexB Inc. and others", email = "info@aboutcode.org" }, +] + +keywords = [ + "purl", + "Package-URL", + "open source", + "package", + "sca", + "scan", + "activitypub", + "dependencies", +] + +classifiers = [ + "Development Status :: 5 - Production/Stable", + "Intended Audience :: Developers", + "Programming Language :: Python :: 3", + "Programming Language :: Python :: 3 :: Only", + "Topic :: Software Development", + "Topic :: Utilities", +] + +dependencies = [ + "packageurl_python >= 0.15.6", + "aboutcode.hashid>=0.1.0", + "python-dotenv>=1.0.1", +] + +urls = { Homepage = "https://github.com/aboutcode-org/federatedcode" } + + +[tool.bumpversion] +current_version = "0.1.0" +allow_dirty = true + +files = [ + { filename = "pyproject-aboutcode.federatedcode.toml" }, +] + +[tool.flot] +includes = [ + "aboutcode/**/*", +] + +excludes = [ + # Python compiled files + "**/*.py[cod]", + "**/*.egg-info", + # Various junk and temp files + "**/.DS_Store", + "**/*~", + "**/.*.sw[po]", + "**/.ve", + "**/*.bak", + "**/.ipynb_checkpoints", + "aboutcode/federatedcode/tests/**/*", +] + +metadata_files = ["apache-2.0.LICENSE", "NOTICE"] +editable_paths = ["aboutcode"]