From f2cf177dfb91a0a4f6f8d5cb89e88d99b659b2c9 Mon Sep 17 00:00:00 2001 From: Keshav Priyadarshi Date: Fri, 13 Dec 2024 14:39:48 +0530 Subject: [PATCH 1/4] Add CHANGELOG for aboutcode.federatedcode Signed-off-by: Keshav Priyadarshi --- aboutcode/federatedcode/CHANGELOG.rst | 9 +++++++++ aboutcode/federatedcode/__init__.py | 10 ++++++++++ pyproject.toml | 1 - 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 aboutcode/federatedcode/CHANGELOG.rst create mode 100644 aboutcode/federatedcode/__init__.py diff --git a/aboutcode/federatedcode/CHANGELOG.rst b/aboutcode/federatedcode/CHANGELOG.rst new file mode 100644 index 0000000..b343d87 --- /dev/null +++ b/aboutcode/federatedcode/CHANGELOG.rst @@ -0,0 +1,9 @@ +Changelog +============= + + + +v0.1.0 (December 12, 2024) +--------------------------- + +- Initial release of the ``aboutcode.federatedcode`` library. \ No newline at end of file diff --git a/aboutcode/federatedcode/__init__.py b/aboutcode/federatedcode/__init__.py new file mode 100644 index 0000000..ed9d504 --- /dev/null +++ b/aboutcode/federatedcode/__init__.py @@ -0,0 +1,10 @@ +# +# Copyright (c) nexB Inc. and others. All rights reserved. +# FederatedCode is a trademark of nexB Inc. +# SPDX-License-Identifier: Apache-2.0 +# See http://www.apache.org/licenses/LICENSE-2.0 for the license text. +# See https://github.com/nexB/federatedcode for support or download. +# See https://aboutcode.org for more information about AboutCode.org OSS projects. +# + +__version__ = "0.1.0" diff --git a/pyproject.toml b/pyproject.toml index d859c9e..ec0a1b4 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -50,7 +50,6 @@ addopts = [ [tool.black] line-length = 100 include = '\.pyi?$' -skip_gitignore = true # 'extend-exclude' excludes files or directories in addition to the defaults extend-exclude = "venv|fedcode/migrations" From 3e3623ef89a134694378c1a74333bab53644c378 Mon Sep 17 00:00:00 2001 From: Keshav Priyadarshi Date: Fri, 13 Dec 2024 15:34:36 +0530 Subject: [PATCH 2/4] Update README with installation and usage instruction Signed-off-by: Keshav Priyadarshi --- aboutcode/federatedcode/CHANGELOG.rst | 2 +- aboutcode/federatedcode/README.rst | 60 +++++++++++++++++++++++++-- 2 files changed, 58 insertions(+), 4 deletions(-) diff --git a/aboutcode/federatedcode/CHANGELOG.rst b/aboutcode/federatedcode/CHANGELOG.rst index b343d87..1e57a20 100644 --- a/aboutcode/federatedcode/CHANGELOG.rst +++ b/aboutcode/federatedcode/CHANGELOG.rst @@ -3,7 +3,7 @@ Changelog -v0.1.0 (December 12, 2024) +v0.1.0 (December 13, 2024) --------------------------- - Initial release of the ``aboutcode.federatedcode`` library. \ No newline at end of file diff --git a/aboutcode/federatedcode/README.rst b/aboutcode/federatedcode/README.rst index b6a682a..092b142 100644 --- a/aboutcode/federatedcode/README.rst +++ b/aboutcode/federatedcode/README.rst @@ -2,16 +2,70 @@ aboutcode.federatedcode ======================= -|license| |build| +|license| |build| |release| .. |license| image:: https://img.shields.io/badge/License-Apache--2.0-blue.svg?style=for-the-badge :target: https://opensource.org/licenses/Apache-2.0 -.. |build| image:: https://img.shields.io/github/actions/workflow/status/aboutcode-org/federatedcode/main.yml?style=for-the-badge&logo=github +.. |build| image:: https://img.shields.io/github/actions/workflow/status/aboutcode-org/federatedcode/pypi-release-aboutcode-federatedcode.yml?style=for-the-badge&logo=github -This is a library of FederatedCode client utilities to fetch and subscribe package metadata. +.. |release| image:: https://img.shields.io/pypi/v/aboutcode.federatedcode?style=for-the-badge&logo=pypi&color=%23a569bd + :target: https://pypi.org/project/aboutcode.federatedcode/ + :alt: PyPI - Version +This is a CLI and library of FederatedCode client utilities for fetching and subscribing to package metadata, and utilities for managing activity streams. + +Installation +============ + +To install the FederatedCode client, use the following command: + +.. code-block:: bash + + pip install aboutcode.federatedcode + + +CLI Usage +========= + +Use the ``federatedcode`` CLI to discover and fetch scans using the PURL: + +.. code-block:: bash + + # Display the general help for federatedcode + federatedcode --help + + # Display help for a specific command + federatedcode [command] --help + +Example +------- + +Discover a PURL in the FederatedCode AP Server: + +.. code-block:: bash + + ❯ federatedcode discover pkg:npm/%40angular/animation + http:///purls/@pkg:npm/%2540angular/animation + + +Library Usage +============= + +Use the ``client`` module to fetch scan results, subscribe to packages, or discover packages +in the AP server. + +.. code-block:: python + + from aboutcode.federatedcode import client + +Use the ``contrib`` module to get the Django mixin and various utilities to manage activity streams. + +.. code-block:: python + + from aboutcode.federatedcode.contrib import django + License ======= From 5c16dc920f5855935cf3944d9bf3fec0e83642fb Mon Sep 17 00:00:00 2001 From: Keshav Priyadarshi Date: Fri, 13 Dec 2024 15:36:20 +0530 Subject: [PATCH 3/4] Add workflows to publish aboutcode.federatedcode Signed-off-by: Keshav Priyadarshi --- .../pypi-release-aboutcode-federatedcode.yml | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 .github/workflows/pypi-release-aboutcode-federatedcode.yml diff --git a/.github/workflows/pypi-release-aboutcode-federatedcode.yml b/.github/workflows/pypi-release-aboutcode-federatedcode.yml new file mode 100644 index 0000000..96220d1 --- /dev/null +++ b/.github/workflows/pypi-release-aboutcode-federatedcode.yml @@ -0,0 +1,38 @@ +name: Build aboutcode.federatedcode Python distributions and publish on PyPI + +on: + workflow_dispatch: + push: + tags: + - "aboutcode.federatedcode/*" + +jobs: + build-and-publish: + name: Build and publish library to PyPI + runs-on: ubuntu-22.04 + + steps: + - uses: actions/checkout@v4 + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: 3.11 + + - name: Install flot + run: python -m pip install flot --user + + - name: Build binary wheel and source tarball + run: python -m flot --pyproject pyproject-aboutcode.federatedcode.toml --sdist --wheel --output-dir dist/ + + - name: Publish to PyPI + if: startsWith(github.ref, 'refs/tags') + uses: pypa/gh-action-pypi-publish@release/v1 + with: + password: ${{ secrets.PYPI_API_TOKEN_ABOUTCODE_FEDERATEDCODE }} + + - name: Upload built archives + uses: actions/upload-artifact@v4 + with: + name: pypi_archives + path: dist/* \ No newline at end of file From 7d464f94d9e1919f95d8c32ef26752e97247b082 Mon Sep 17 00:00:00 2001 From: Keshav Priyadarshi Date: Fri, 13 Dec 2024 16:03:18 +0530 Subject: [PATCH 4/4] Fix packaging for namespace package Signed-off-by: Keshav Priyadarshi --- aboutcode/__init__.py | 12 +++++++++++ aboutcode/federatedcode/client/__init__.py | 3 ++- aboutcode/federatedcode/tests/test_client.py | 22 ++++++++++++++++++++ fedcode/pipelines/sync_scancode_scans.py | 1 - fedcode/pipelines/sync_vulnerablecode.py | 2 +- 5 files changed, 37 insertions(+), 3 deletions(-) create mode 100644 aboutcode/__init__.py create mode 100644 aboutcode/federatedcode/tests/test_client.py diff --git a/aboutcode/__init__.py b/aboutcode/__init__.py new file mode 100644 index 0000000..20f670c --- /dev/null +++ b/aboutcode/__init__.py @@ -0,0 +1,12 @@ +# +# Copyright (c) nexB Inc. and others. All rights reserved. +# FederatedCode is a trademark of nexB Inc. +# SPDX-License-Identifier: Apache-2.0 +# See http://www.apache.org/licenses/LICENSE-2.0 for the license text. +# See https://github.com/nexB/federatedcode for support or download. +# See https://aboutcode.org for more information about AboutCode.org OSS projects. +# + +import pkgutil + +__path__ = pkgutil.extend_path(__path__, __name__) diff --git a/aboutcode/federatedcode/client/__init__.py b/aboutcode/federatedcode/client/__init__.py index 1549312..ae43c00 100644 --- a/aboutcode/federatedcode/client/__init__.py +++ b/aboutcode/federatedcode/client/__init__.py @@ -13,10 +13,11 @@ from urllib.parse import urljoin import requests -from aboutcode.hashid import get_package_base_dir from dotenv import load_dotenv from packageurl import PackageURL +from aboutcode.hashid import get_package_base_dir + load_dotenv() FEDERATEDCODE_GIT_RAW_URL = os.getenv( diff --git a/aboutcode/federatedcode/tests/test_client.py b/aboutcode/federatedcode/tests/test_client.py new file mode 100644 index 0000000..4a0ace5 --- /dev/null +++ b/aboutcode/federatedcode/tests/test_client.py @@ -0,0 +1,22 @@ +# +# Copyright (c) nexB Inc. and others. All rights reserved. +# FederatedCode is a trademark of nexB Inc. +# SPDX-License-Identifier: Apache-2.0 +# See http://www.apache.org/licenses/LICENSE-2.0 for the license text. +# See https://github.com/nexB/federatedcode for support or download. +# See https://aboutcode.org for more information about AboutCode.org OSS projects. +# + +from unittest.mock import patch + +from aboutcode.federatedcode.client import discover_package_in_ap_server + + +def test_discover_package_in_ap_server(): + with patch("requests.head") as mock_head: + mock_response = mock_head.return_value + mock_response.status_code = 200 + + result = discover_package_in_ap_server("pkg:foo/bar") + expected = "http://localhost:8000/purls/@pkg:npm/foo/bar" + result == expected diff --git a/fedcode/pipelines/sync_scancode_scans.py b/fedcode/pipelines/sync_scancode_scans.py index df7c475..c71149b 100644 --- a/fedcode/pipelines/sync_scancode_scans.py +++ b/fedcode/pipelines/sync_scancode_scans.py @@ -11,7 +11,6 @@ from traceback import format_exc as traceback_format_exc from aboutcode.pipeline import LoopProgress - from fedcode.models import Package from fedcode.models import Repository from fedcode.pipelines import FederatedCodePipeline diff --git a/fedcode/pipelines/sync_vulnerablecode.py b/fedcode/pipelines/sync_vulnerablecode.py index bfb3462..b5dc999 100644 --- a/fedcode/pipelines/sync_vulnerablecode.py +++ b/fedcode/pipelines/sync_vulnerablecode.py @@ -12,8 +12,8 @@ from itertools import zip_longest import saneyaml -from aboutcode.pipeline import LoopProgress +from aboutcode.pipeline import LoopProgress from fedcode.activitypub import Activity from fedcode.activitypub import UpdateActivity from fedcode.models import Note