Update sync_vulnerablecode pipeline to import vulnerablecode git repo

docs/source/index.rst

@@ -25,7 +25,10 @@ you will find information on:
     :caption: Tutorial
 
     tutorial_getting_started
+    tutorial_sync_scan
+    tutorial_sync_vuln
     tutorial_remote_subscribe_package_update
+    tutorial_federate
 
 .. toctree::
     :maxdepth: 2
@@ -36,7 +39,6 @@ you will find information on:
     command-line-interface
     rest-api
     application-settings
-    run-application
 
 Indices and tables
 ==================

docs/source/tutorial_federate.rst

@@ -0,0 +1,42 @@
+Federating Package Activity and Repository Sync
+===============================================
+
+Federating Package Activity
+----------------------------
+
+Run the following command to send activity updates to existing subscribers of the package
+
+.. code-block:: bash
+
+    python manage.py federate
+
+Notifying FederatedCode of Repository Changes
+----------------------------------------------
+
+To create a sync request to a FederatedCode instance
+
+you can send an HTTP POST request directly to this endpoint:
+`repository/<uuid:repository_id>/sync-repo/`
+
+Example:
+http://127.0.0.1:8000/repository/3g8d-4e5d-abff-90865d1e13b1/sync-repo/
+
+**Note:** You can find the repository ID by visiting http://127.0.0.1:8000/repo-list.
+
+Here’s an example of how to send the request manually using `curl`:
+
+.. code-block:: bash
+
+  curl -v -X POST \
+    -H "Authorization: Token your-auth-token" \
+    http://127.0.0.1:8000/repository/<uuid:repository_id>/sync-repo/
+
+**Note:** You can retrieve the service token after authenticating via this endpoint:
+`api/v0/auth/token/`
+
+.. note::
+    You can also integrate this action with GitHub Actions
+    or any other CI tool to automatically trigger
+    the sync request whenever new data is pushed to the main branch.
+
+

docs/source/tutorial_getting_started.rst

@@ -4,14 +4,14 @@ Getting Started
 ===============
 
 In this tutorial, we will guide you through the step-by-step process of getting started with syncing
-and federating package metadata.
+and federating package metadata and vulnerability metadata.
 
 .. note::
     This tutorial assumes that you have a working installation of FederatedCode.
     If you don't, please refer to the :ref:`installation` page.
 
 Create Admin User
------------------
+-------------------
 
 .. code-block:: bash
 
@@ -25,53 +25,17 @@ Navigate to http://127.0.0.1:8000/admin/ and log in using the credentials create
 .. image:: img/tutorial_getting_started_admin.jpg
 
 Create Service User
--------------------
+--------------------
+1. Go to http://127.0.0.1:8000/admin/fedcode/service/add/ and create a service.
 
-Go to http://127.0.0.1:8000/admin/fedcode/service/add/ and create a service. Select the newly created superuser as the user, and leave the "remote-actor" field empty.
+2. Select the newly created superuser as the user, and leave the "remote-actor" field empty.
 
 .. image:: img/tutorial_getting_started_service_creation.jpg
 
-Clone the FederatedCode Data Repository
----------------------------------------
-
-Visit https://github.com/aboutcode-org/aboutcode-packages-npm-385 and clone the repository.
-
-Add Data Repository in FederatedCode
--------------------------------------
-
-Go to http://127.0.0.1:8000/create-repo and add the repository URL: https://github.com/<YOUR-USER-NAME>/aboutcode-packages-npm-385
-
-.. image:: img/tutorial_getting_started_repo_add.jpg
-
-Sync Package Scan
------------------
-
-Run the following command to sync the scan metadata from the FederatedCode Git repository
-
-.. code-block:: bash
-
-    python manage.py sync sync_scancode_scans
-
-Federate Package Activity
--------------------------
-
-Run the following command to send activity updates to existing subscribers of the package
-
-.. code-block:: bash
-
-    python manage.py federate
-
-Click on `Packages` link
---------------------------
-
-.. image:: img/tutorial_getting_started_step_packages.jpg
-
-Click on any PURL link
-----------------------
+.. note::
+    Or sign up and ask the FederatedCode admin to promote your account
+    to a service account.
 
-.. image:: img/tutorial_getting_started_step_package_list.jpg
+    .. image:: img/tutorial_getting_started_user_creation.png
 
-Package Activity
-----------------
 
-.. image:: img/tutorial_getting_started_step_package_activity.jpg

docs/source/tutorial_sync_scan.rst

@@ -0,0 +1,42 @@
+.. _tutorial_federate_scan:
+
+Syncing ScanCode Metadata with FederatedCode
+==============================================
+
+Fork the FederatedCode Data Package Scan Repository
+-----------------------------------------------------
+
+Visit https://github.com/aboutcode-org/aboutcode-packages-npm-385 and fork the repository.
+
+Add Data Repository in FederatedCode
+-------------------------------------
+
+Go to http://127.0.0.1:8000/create-repo and add the repository URL: https://github.com/<YOUR-USER-NAME>/aboutcode-packages-npm-385, and click Submit.
+
+.. image:: img/tutorial_getting_started_repo_add.jpg
+
+Sync Package Scan
+-----------------
+
+Run the following command to sync the scan metadata from the FederatedCode Git repository
+
+.. code-block:: bash
+
+    python manage.py sync sync_scancode_scans
+
+
+Click on `Packages` link
+--------------------------
+
+.. image:: img/tutorial_getting_started_step_packages.jpg
+
+Click on any PURL link
+----------------------
+
+.. image:: img/tutorial_getting_started_step_package_list.jpg
+
+Package Activity
+----------------
+
+.. image:: img/tutorial_getting_started_step_package_activity.jpg
+

docs/source/tutorial_sync_vuln.rst

@@ -0,0 +1,48 @@
+.. _tutorial_federate_vuln:
+
+
+Syncing VulnerableCode Metadata with FederatedCode
+=============================================================
+
+Fork the FederatedCode Data Vulnerablecode Repository
+------------------------------------------------------
+
+Visit https://github.com/aboutcode-data/vulnerablecode-data and fork the repository.
+
+
+Add Data Repository in FederatedCode
+-------------------------------------
+
+Go to http://127.0.0.1:8000/create-repo and add the repository URL: https://github.com/<YOUR-USER-NAME>/vulnerablecode-data, and **Click "Submit" button**.
+
+1. .. image:: img/tutorial_getting_started_repo_vulnerablecode_link_add.png
+
+2. .. image:: img/tutorial_getting_started_repo_vulnerablecode_success_link.png
+
+Sync Vulnerablecode metadata
+----------------------------
+
+Run the following command to sync the vulnerablecode metadata from the FederatedCode Git repository
+
+.. code-block:: bash
+
+    python manage.py sync sync_vulnerablecode
+
+
+Click on `Packages` link
+--------------------------
+
+.. image:: img/tutorial_getting_started_step_packages.jpg
+
+Click on any PURL link
+----------------------
+
+.. image:: img/tutorial_getting_started_repo_vulnerablecode_discover.png
+
+Package Activity
+----------------
+
+You can now see the package event data.
+
+.. image:: img/tutorial_getting_started_repo_vulnerablecode_success.png
+

fedcode/activitypub.py

@@ -8,6 +8,7 @@
 #
 import json
 import logging
+from collections import defaultdict
 from dataclasses import asdict
 from dataclasses import dataclass
 from dataclasses import field
@@ -196,6 +197,21 @@ def get_actor_permissions(cls, actor, object):
         # Return the permissions for the specific actor and object type
         return permissions.get(type(actor), {}).get(type(object), lambda: {})
 
+    @classmethod
+    def bulk_federate(cls, activities):
+        """Bulk federate multiple activities"""
+        grouped = defaultdict(list)
+
+        for activity in activities:
+            targets_key = tuple(sorted(activity["targets"]))
+            grouped[targets_key].append(activity)
+
+        for targets, group in grouped.items():
+            for activity in group:
+                cls.federate(
+                    targets=list(targets), body=activity["body"], key_id=activity["key_id"]
+                )
+
 
 @dataclass
 class ApActor:

fedcode/migrations/0006_note_is_deleted_package_is_deleted.py

@@ -0,0 +1,23 @@
+# Generated by Django 5.1.2 on 2025-08-19 13:59
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("fedcode", "0005_remove_person_avatar"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="note",
+            name="is_deleted",
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name="package",
+            name="is_deleted",
+            field=models.BooleanField(default=False),
+        ),
+    ]