Merge branch 'main' into sync-scancode-scan

Author: pombredanne

aboutcode/federatedcode/README.rst

@@ -0,0 +1,35 @@
+=======================
+aboutcode.federatedcode
+=======================
+
+|license| |build|
+
+.. |license| image:: https://img.shields.io/badge/License-Apache--2.0-blue.svg?style=for-the-badge
+    :target: https://opensource.org/licenses/Apache-2.0
+
+.. |build| image:: https://img.shields.io/github/actions/workflow/status/aboutcode-org/federatedcode/main.yml?style=for-the-badge&logo=github
+
+This is a library of FederatedCode client utilities to fetch and subscribe package metadata.
+
+
+License
+=======
+
+Copyright (c) nexB Inc. and others. All rights reserved.
+
+SPDX-License-Identifier: Apache-2.0
+
+See https://aboutcode.org for more information about AboutCode OSS projects.
+
+.. code-block:: none
+
+    You may not use this software except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.

aboutcode/federatedcode/client/__init__.py

@@ -0,0 +1,59 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# FederatedCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/federatedcode for support or download.
+# See https://aboutcode.org for more information about AboutCode.org OSS projects.
+#
+
+import os
+from typing import Union
+from urllib.parse import urljoin
+
+import requests
+from aboutcode.hashid import get_package_base_dir
+from dotenv import load_dotenv
+from packageurl import PackageURL
+
+load_dotenv()
+
+FEDERATEDCODE_GITHUB_ACCOUNT_NAME = os.getenv("FEDERATEDCODE_GITHUB_ACCOUNT_NAME")
+
+
+class ScanNotAvailableError(Exception):
+    pass
+
+
+def get_package_scan(purl: Union[PackageURL, str]):
+    """Return the package scan result for a PURL from the FederatedCode Git repository."""
+
+    if not FEDERATEDCODE_GITHUB_ACCOUNT_NAME:
+        raise ValueError("Provide ``FEDERATEDCODE_GITHUB_ACCOUNT_NAME`` in .env file.")
+
+    if isinstance(purl, str):
+        purl = PackageURL.from_string(purl)
+
+    if not purl.version:
+        raise ValueError("Missing version in PURL.")
+
+    package_path = get_package_base_dir(purl=purl)
+    package_path_parts = package_path.parts
+
+    repo_name = f"{package_path_parts[0]}/refs/heads/main"
+    package_dir_path = "/".join(package_path_parts[1:])
+    version = purl.version
+    file_name = "scancodeio.json"
+
+    url_parts = [FEDERATEDCODE_GITHUB_ACCOUNT_NAME, repo_name, package_dir_path, version, file_name]
+
+    file_url = urljoin("https://raw.githubusercontent.com", "/".join(url_parts))
+
+    try:
+        response = requests.get(file_url)
+        response.raise_for_status()
+        return response.json()
+    except requests.exceptions.HTTPError as err:
+        if response.status_code == 404:
+            raise ScanNotAvailableError(f"No scan available for {purl!s}")
+        raise err

pyproject-aboutcode.federatedcode.toml

@@ -0,0 +1,74 @@
+[build-system]
+requires = [ "flot>=0.7.0" ]
+build-backend = "flot.buildapi"
+
+[project]
+name = "aboutcode.federatedcode"
+version = "0.1.0"
+description = "A library for FederatedCode client"
+readme = "aboutcode/federatedcode/README.rst"
+license = { text = "Apache-2.0 AND Python-2.0" }
+requires-python = ">=3.9"
+
+authors = [
+    { name = "AboutCode, nexB Inc. and others", email = "info@aboutcode.org" },
+]
+
+keywords = [
+    "purl",
+    "Package-URL",
+    "open source",
+    "package",
+    "sca",
+    "scan",
+    "activitypub",
+    "dependencies",
+]
+
+classifiers = [
+    "Development Status :: 5 - Production/Stable",
+    "Intended Audience :: Developers",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3 :: Only",
+    "Topic :: Software Development",
+    "Topic :: Utilities",
+]
+
+dependencies = [
+    "packageurl_python >= 0.15.6",
+    "aboutcode.hashid>=0.1.0",
+    "python-dotenv>=1.0.1",
+]
+
+urls = { Homepage = "https://github.com/aboutcode-org/federatedcode" }
+
+
+[tool.bumpversion]
+current_version = "0.1.0"
+allow_dirty = true
+
+files = [
+    { filename = "pyproject-aboutcode.federatedcode.toml" },
+]
+
+[tool.flot]
+includes = [
+    "aboutcode/**/*",
+]
+
+excludes = [
+    # Python compiled files
+    "**/*.py[cod]",
+    "**/*.egg-info",
+    # Various junk and temp files
+    "**/.DS_Store",
+    "**/*~",
+    "**/.*.sw[po]",
+    "**/.ve",
+    "**/*.bak",
+    "**/.ipynb_checkpoints",
+    "aboutcode/federatedcode/tests/**/*",
+]
+
+metadata_files = ["apache-2.0.LICENSE", "NOTICE"]
+editable_paths = ["aboutcode"]

requirements.txt

@@ -52,7 +52,7 @@ mypy-extensions==1.0.0
 nh3==0.2.15
 oauthlib==3.2.2
 openpyxl==3.1.2
-packageurl-python==0.11.1
+packageurl-python==0.15.6
 packaging==23.1
 pathspec==0.11.2
 Pillow==9.5.0

setup.cfg

@@ -80,7 +80,7 @@ install_requires =
     jwcrypto>=1.5.0
     mypy-extensions>=1.0.0
     oauthlib>=3.2.2
-    packageurl-python>=0.11.1
+    packageurl-python>=0.15.6
     packaging>=23.1
     pathspec>=0.11.2
 
@@ -107,13 +107,16 @@ install_requires =
     urllib3>=2.0.3
     wrapt>=1.15.0
 
-    #schema
+    # Schema
     django-ninja>=1.2.1
     pydantic>=2.8.2
 
-    #pipeline
+    # Pipeline
     aboutcode.pipeline>=0.1.0
 
+    # aboutcode.federatedcode.client
+    aboutcode.hashid>=0.1.0
+    python-dotenv>=1.0.1
 
 [options.extras_require]
 testing =