Create new purl2vcs library #374

CHANGELOG.rst

@@ -9,10 +9,11 @@ Next Release
 
 
 v4.0.0
-------------
+---------
 
 - Add `/api/docs` Swagger API documentation for API endpoints.
 
+
 v3.0.0
 -------
 
@@ -28,7 +29,6 @@ This is a major release with major API changes
 - This is now using the latest version of ScanCode toolkit
 
 
-
 v2.0.0
 ------
 

Makefile

@@ -130,6 +130,7 @@ test:
 	${ACTIVATE} DJANGO_SETTINGS_MODULE=purldb_project.settings ${PYTHON_EXE} -m pytest -vvs packagedb/tests/test_throttling.py
 	${ACTIVATE} DJANGO_SETTINGS_MODULE=matchcode_project.settings ${PYTHON_EXE} -m pytest -vvs matchcode_pipeline
 	${ACTIVATE} ${PYTHON_EXE} -m pytest -vvs purldb-toolkit/
+	${ACTIVATE} DJANGO_SETTINGS_MODULE=purldb_project.settings ${PYTHON_EXE} -m pytest -vvs purl2vcs
 
 shell:
 	${MANAGE} shell

configure

@@ -30,8 +30,8 @@ CLI_ARGS=$1
 CUSTOM_PACKAGES=""
 
 # Requirement arguments passed to pip and used by default or with --dev.
-REQUIREMENTS="$CUSTOM_PACKAGES --editable purldb-toolkit/ --editable . --constraint requirements.txt"
-DEV_REQUIREMENTS="$CUSTOM_PACKAGES --editable purldb-toolkit/[testing] --editable .[testing] --constraint requirements.txt --constraint requirements-dev.txt"
+REQUIREMENTS="$CUSTOM_PACKAGES --editable purldb-toolkit/ --editable purl2vcs/ --editable . --constraint requirements.txt"
+DEV_REQUIREMENTS="$CUSTOM_PACKAGES --editable purldb-toolkit/[testing] --editable .[testing] --editable purl2vcs/[testing] --constraint requirements.txt --constraint requirements-dev.txt"
 DOCS_REQUIREMENTS="$CUSTOM_PACKAGES --editable purldb-toolkit/ --editable .[docs] --constraint requirements.txt"
 
 # where we create a virtualenv

packagedb/from_purl.py

@@ -14,8 +14,8 @@
 from rest_framework import viewsets
 from rest_framework.response import Response
 
-from packagedb.find_source_repo import get_package_object_from_purl
-from packagedb.find_source_repo import get_source_repo
+from purl2vcs.find_source_repo import get_package_object_from_purl
+from purl2vcs.find_source_repo import get_source_repo
 from packagedb.serializers import PurltoGitRepoResponseSerializer
 from packagedb.serializers import PurltoGitRepoSerializer
 

packagedb/management/commands/create_source_repo_packages.py

@@ -15,8 +15,8 @@
 
 from minecode.management.commands import VerboseCommand
 from minecode.model_utils import add_package_to_scan_queue
-from packagedb.find_source_repo import add_source_package_to_package_set
-from packagedb.find_source_repo import get_package_object_from_purl
+from purl2vcs.find_source_repo import add_source_package_to_package_set
+from purl2vcs.find_source_repo import get_package_object_from_purl
 from packagedb.models import Package
 from packagedb.models import PackageContentType
 

packagedb/management/commands/get_source_download_url.py

@@ -11,7 +11,7 @@
 import sys
 
 from minecode.management.commands import VerboseCommand
-from packagedb.find_source_repo import get_source_repo_and_add_to_package_set
+from purl2vcs.find_source_repo import get_source_repo_and_add_to_package_set
 
 TRACE = False
 

purl2vcs/CHANGELOG.rst

@@ -0,0 +1,8 @@
+Changelog
+=========
+
+
+v2.0.0
+------
+
+Initial release.

purl2vcs/CODE_OF_CONDUCT.rst

@@ -0,0 +1 @@
+../CODE_OF_CONDUCT.rst

purl2vcs/NOTICE

@@ -0,0 +1 @@
+../NOTICE

purl2vcs/README.rst

@@ -0,0 +1,69 @@
+purl2vcs
+==========
+
+purl2vcs is an add-on library working with the PurlDB to find the version control system (VCS) URL of a package and detect the commit, and tags for a given version.
+
+In the future, it will also find paths and branches, which is useful for monorepos.
+
+Usage
+-------
+
+- First, import the main module: ``from purl2vcs import find_source_repo``
+
+- To use the functions you first need to acquire some Package objects:
+  Use the ``get_package_object_from_purl(package_url)`` passing a PURL string to get an object from the database
+
+- To find the source repository of a Package, call `get_source_repo(package)`
+  to will get a PackageURL object back.
+
+- To generate all the source repository URLs of a Package, call `get_repo_urls(package)`.
+
+- To convert a single source repo URLs to PURLs, call  ``convert_repo_url_to_purls``
+- To convert a list of source repo URLs to PURLs, call  ``convert_repo_urls_to_purls``
+
+- To find the commit or tags from a source repo PURL use ``get_tags_and_commits``
+
+- The low level ``get_tags_and_commits`` is used in ``find_package_version_tag_and_commit`` to find the tag and commit of a given package ``version`` in a source repo PURL.
+
+
+Installation
+------------
+
+Requirements
+############
+
+* install purldb dependencies
+* `pip install purl2vcs`
+
+
+Funding
+-------
+
+This project was funded through the NGI Assure Fund https://nlnet.nl/assure, a
+fund established by NLnet https://nlnet.nl/ with financial support from the
+European Commission's Next Generation Internet programme, under the aegis of DG
+Communications Networks, Content and Technology under grant agreement No 957073.
+
+This project is also funded through grants from the Google Summer of Code
+program, continuing support and sponsoring from nexB Inc. and generous
+donations from multiple sponsors.
+
+
+License
+-------
+
+Copyright (c) nexB Inc. and others. All rights reserved.
+
+purldb is a trademark of nexB Inc.
+
+SPDX-License-Identifier: Apache-2.0
+
+pur2vcs is licensed under the Apache License version 2.0.
+
+See https://www.apache.org/licenses/LICENSE-2.0 for the license text.
+
+See https://creativecommons.org/licenses/by-sa/4.0/legalcode for the license text.
+
+See https://github.com/nexB/purldb for support or download.
+
+See https://aboutcode.org for more information about nexB OSS projects.

purl2vcs/apache-2.0.LICENSE

@@ -0,0 +1 @@
+../apache-2.0.LICENSE

purl2vcs/pyproject.toml

@@ -0,0 +1,116 @@
+[build-system]
+requires = [ "flot>=0.7.0" ]
+build-backend = "flot.buildapi"
+
+[project]
+name = "purl2vcs"
+# keep version same as purldb for now
+version = "1.0.0"
+description = "purl2vcs is an add-on library working with the PurlDB to find the version control system (VCS) URL of a package and detect the commit, tags and path for a given version."
+readme = "README.rst"
+license = { text = "Apache-2.0" }
+requires-python = ">=3.8"
+authors = [
+    { name = "nexB. Inc. and others", email = "info@aboutcode.org" },
+]
+keywords = [
+    "package-url",
+    "purl",
+    "git",
+    "version",
+    "hg",
+    "svn",
+    "tag",
+    "commit",
+    "open source",
+    "scan",
+    "package",
+    "dependency",
+    "sca",
+]
+
+classifiers = [
+    "Development Status :: 5 - Production/Stable",
+    "Intended Audience :: Developers",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3 :: Only",
+    "Programming Language :: Python :: 3.8",
+    "Programming Language :: Python :: 3.9",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Topic :: Software Development",
+    "Topic :: Utilities",
+]
+
+
+dependencies = [
+    # get packagedb, purldb, minecode and related module for now from this single package
+    "purldb",
+    "requests >= 2.7.0",
+    "scancode-toolkit >= 32.0.0",
+    "packageurl_python >= 0.9.0",
+]
+
+[project.urls]
+Homepage = "https://github.com/nexB/purldb"
+
+
+[project.optional-dependencies]
+
+testing = [
+    "flot",
+    "pytest >= 6, != 7.0.0",
+    "pytest-xdist >= 2",
+    "aboutcode-toolkit >= 7.0.2",
+    "pycodestyle >= 2.8.0",
+    "twine",
+    "black",
+    "isort",
+    "pytest-rerunfailures",
+    "bump-my-version",
+]
+
+[tool.bumpversion]
+current_version = "1.0.0"
+allow_dirty = true
+
+files = [
+    { filename = "pyproject.toml" },
+
+]
+
+
+[tool.flot]
+wheel_path_prefixes_to_strip = [ "src" ]
+
+includes = [
+    "src/**/*",
+]
+
+excludes = [
+    # Python compiled files
+    "**/*.py[cod]",
+    "**/*.egg-info",
+    # Various junk and temp files
+    "**/.DS_Store",
+    "**/*~",
+    "**/.*.sw[po]",
+    "**/.ve",
+    "**/*.bak",
+    "**/.ipynb_checkpoints",
+]
+
+metadata_files = [
+    "apache-2.0.LICENSE",
+    "NOTICE",
+    "CHANGELOG.rst",
+    "README.rst",
+    "CODE_OF_CONDUCT.rst",
+]
+
+editable_paths = [ "src", "tests" ]
+
+sdist_extra_includes = [
+    "tests/**/*",
+]