Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update purl2url support for pypi including download URL(s) #151

Conversation

johnmhoran
Copy link
Member

Reference: #143

@keshav-space @TG1999 This covers my initial pypi work. Cocoapods is next. I'd planned to include the cocoapods work in this PR along with the pypi work unless you suggest otherwise.

Note that in purl2url.py I've added a TODO (with questions/suggestions) in the build_pypi_download_url() docstring re whether and if so how we might want to include both tar.gz and .whl download URLs. See also my issue comment from 2 weeks ago which raises this issue (#143 (comment)) -- please let me know what you think.

return download_url


def get_response(url):
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure if we want to do network calls in package-url library @tdruez what's your thoughts on this.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@TG1999 @tdruez I am also doing a requests.get for the cocoapods download function I'm currently working on.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and I think in addition I need to download and vet the cocoapods JSON in order to ID the homepage URL or similar info in order to locate the cocoapods download repo (if one exists -- for one of the PURL spec examples for cocoapods, if I recall correctly, there is no download available so the generated URL returns a 404).

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@TG1999 I think this belongs to the inspectors and not to this library.
@pombredanne Thoughts?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree. This should be moved to a library that does network calls. Here we never did this and we should keep this simple and local only.

@pombredanne
Copy link
Member

@johnmhoran could you resubmit this PR to https://github.com/nexB/fetchcode/ instead? Thanks!

@johnmhoran
Copy link
Member Author

@pombredanne I will close this PR after I've tracked the repo URL and download URL changes involved here (and in a local instance) so I can replicate where and as needed. Earlier this week I opened a fetchcode issue to address the fetchcode part -- aboutcode-org/fetchcode#116.

This current purl2url issue originally came from the now-closed PURL CLI tool issue in purldb. I understand that going forward I need to

  • add/update the cocoapods and pypi repo-URL-related code in purl2url.py, and
  • add/update the cocoapods and pypi download-URL-related code in fetchcode/package.py

Is that an accurate statement of the plan?

@johnmhoran
Copy link
Member Author

@pombredanne I've assumed my understanding of the steps (mentioned above) is correct and have deleted my local branch (143-add-purl2url-package-support) and created a new branch (143-add-purl2url-cocoapods-repo-url-support).

I'll use the new branch for my purl2url work and when ready will open a new PR here, and will add/update the cocoapods and pypi download-URL-related code in fetchcode/package.py. Closing this PR now.

@johnmhoran johnmhoran closed this Apr 5, 2024
@johnmhoran johnmhoran deleted the 143-add-purl2url-package-support branch April 5, 2024 22:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants