-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update purl2url support for pypi including download URL(s) #151
Update purl2url support for pypi including download URL(s) #151
Conversation
…l#143 Reference: package-url#143 Signed-off-by: John M. Horan <[email protected]>
return download_url | ||
|
||
|
||
def get_response(url): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure if we want to do network calls in package-url library @tdruez what's your thoughts on this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and I think in addition I need to download and vet the cocoapods JSON in order to ID the homepage URL or similar info in order to locate the cocoapods download repo (if one exists -- for one of the PURL spec examples for cocoapods, if I recall correctly, there is no download available so the generated URL returns a 404).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@TG1999 I think this belongs to the inspectors and not to this library.
@pombredanne Thoughts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree. This should be moved to a library that does network calls. Here we never did this and we should keep this simple and local only.
@johnmhoran could you resubmit this PR to https://github.com/nexB/fetchcode/ instead? Thanks! |
@pombredanne I will close this PR after I've tracked the repo URL and download URL changes involved here (and in a local instance) so I can replicate where and as needed. Earlier this week I opened a fetchcode issue to address the fetchcode part -- aboutcode-org/fetchcode#116. This current purl2url issue originally came from the now-closed PURL CLI tool issue in purldb. I understand that going forward I need to
Is that an accurate statement of the plan? |
@pombredanne I've assumed my understanding of the steps (mentioned above) is correct and have deleted my local branch ( I'll use the new branch for my purl2url work and when ready will open a new PR here, and will add/update the cocoapods and pypi download-URL-related code in fetchcode/package.py. Closing this PR now. |
Reference: #143
@keshav-space @TG1999 This covers my initial pypi work. Cocoapods is next. I'd planned to include the cocoapods work in this PR along with the pypi work unless you suggest otherwise.
Note that in
purl2url.py
I've added a TODO (with questions/suggestions) in thebuild_pypi_download_url()
docstring re whether and if so how we might want to include bothtar.gz
and.whl
download URLs. See also my issue comment from 2 weeks ago which raises this issue (#143 (comment)) -- please let me know what you think.