Merge branch 'main' into golang_purl_from_string

.github/workflows/ci.yml

@@ -9,7 +9,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Python environment
         uses: actions/setup-python@v4
@@ -43,7 +43,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Setup Python environment
         uses: actions/setup-python@v4

.github/workflows/pypi-release.yml

@@ -1,6 +1,5 @@
 name: Create library release archives, create a GH release and publish PyPI wheel and sdist on tag in main branch
 
-
 # This is executed automatically on a tag in the main branch
 
 # Summary of the steps:
@@ -21,14 +20,15 @@ on:
 jobs:
   build-pypi-distribs:
     name: Build and publish library to PyPI
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
-      - uses: actions/checkout@master
+      - uses: actions/checkout@v4
+
       - name: Set up Python
-        uses: actions/setup-python@v1
+        uses: actions/setup-python@v4
         with:
-          python-version: 3.9
+          python-version: 3.11
 
       - name: Install pypa/build
         run: python -m pip install build --user
@@ -42,12 +42,11 @@ jobs:
           name: pypi_archives
           path: dist/*
 
-
   create-gh-release:
     name: Create GH release
     needs:
       - build-pypi-distribs
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Download built archives
@@ -62,12 +61,11 @@ jobs:
           draft: true
           files: dist/*
 
-
   create-pypi-release:
     name: Create PyPI release
     needs:
       - create-gh-release
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Download built archives

CHANGELOG.rst

@@ -1,11 +1,25 @@
 Changelog
 =========
 
-0.11.2 (2023-03-27)
+0.11.4 (2023-12-08)
 -------------------
 
 - Modified `PackageURL.from_string` to properly handle golang purls.
 
+0.11.3 (2023-12-08)
+--------------------
+
+- Add support for GitLab "/archive/" URLs in `url2purl`.
+  https://github.com/package-url/packageurl-python/issues/133
+
+0.11.2 (2022-07-25)
+--------------------
+
+- Remove deprecated `purl_to_lookups` and `without_empty_values` import compatibility
+  from `packageurl.contrib.django.models`.
+  Replace those functions import using `packageurl.contrib.django.utils`.
+- Add download purl2url support for bitbucket and gitlab.
+
 0.11.1 (2022-03-24)
 -------------------
 

MANIFEST.in

@@ -5,6 +5,7 @@ include mit.LICENSE
 include setup.py
 include setup.cfg
 include README.rst
+include Makefile
 include MANIFEST.in
 include CHANGELOG.rst
 include CONTRIBUTING.rst

Makefile

@@ -0,0 +1,54 @@
+# Copyright (c) the purl authors
+# SPDX-License-Identifier: MIT
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+# Visit https://github.com/package-url/packageurl-python for support and
+# download.
+
+# Python version can be specified with `$ PYTHON_EXE=python3.x make conf`
+PYTHON_EXE?=python3
+ACTIVATE?=. bin/activate;
+VIRTUALENV_PYZ=thirdparty/virtualenv.pyz
+BLACK_ARGS=--exclude=".cache|migrations|data|lib|bin|var"
+
+virtualenv:
+	@echo "-> Bootstrap the virtualenv with PYTHON_EXE=${PYTHON_EXE}"
+	@${PYTHON_EXE} ${VIRTUALENV_PYZ} --never-download --no-periodic-update .
+
+conf: virtualenv
+	@echo "-> Install dependencies"
+	@${ACTIVATE} pip install -e .
+
+dev: virtualenv
+	@echo "-> Configure and install development dependencies"
+	@${ACTIVATE} pip install -e .[test]
+
+clean:
+	@echo "-> Clean the Python env"
+	rm -rf bin/ lib*/ include/ build/ dist/ .*cache/ pip-selfcheck.json pyvenv.cfg
+	find . -type f -name '*.py[co]' -delete -o -type d -name __pycache__ \
+		-delete -type d -name '*.egg-info' -delete
+
+test:
+	@echo "-> Run the test suite"
+	${MANAGE} test --noinput
+	bin/py.test tests
+
+.PHONY: virtualenv conf dev clean test

README.rst

@@ -49,7 +49,14 @@ Utilities
 Django models
 ^^^^^^^^^^^^^
 
-`packageurl.contrib.django_models.PackageURLMixin` is a Django abstract model mixin to use Package URLs in Django.
+`packageurl.contrib.django.models.PackageURLMixin` is a Django abstract model mixin to
+use Package URLs in Django.
+
+SQLAlchemy mixin
+^^^^^^^^^^^^^^^^
+
+`packageurl.contrib.sqlalchemy.mixin.PackageURLMixin` is a SQLAlchemy declarative mixin
+to use Package URLs in SQLAlchemy models.
 
 URL to PURL
 ^^^^^^^^^^^
@@ -65,9 +72,12 @@ URL to PURL
 PURL to URL
 ^^^^^^^^^^^
 
-- `packageurl.contrib.purl2url.get_repo_url(purl)` returns a repository URL inferred from a Package URL.
-- `packageurl.contrib.purl2url.get_download_url(purl)` returns a download URL inferred from a Package URL.
-- `packageurl.contrib.purl2url.get_inferred_urls(purl)` return all inferred URLs (repository, download) from a Package URL.
+- `packageurl.contrib.purl2url.get_repo_url(purl)` returns a repository URL inferred
+  from a Package URL.
+- `packageurl.contrib.purl2url.get_download_url(purl)` returns a download URL inferred
+  from a Package URL.
+- `packageurl.contrib.purl2url.get_inferred_urls(purl)` return all inferred URLs
+  (repository, download) from a Package URL.
 
 ::
 
@@ -97,31 +107,21 @@ Run tests::
 Make a new release
 ==================
 
-- start a new release branch
-- update the CHANGELOG.rst and AUTHORS.rst
-- update README.rst if needed
-- bump version in setup.cfg
-- run all tests
-- install restview and validate that all .rst docs are correct
-- commit and push this branch
-- tag and push that tag
-- make a PR to merge branch
-- once merged, run::
-
-    bin/pip install --upgrade pip wheel twine setuptools
-
-- delete the "dist" and "build" directories::
-
-    rm -rf dist/ build/
-
-- create a source distribution and wheel with::
-
-    bin/python setup.py sdist bdist_wheel
-
-- finally, upload to PyPI::
-
-    bin/twine upload dist/*
-
+- Start a new release branch
+- Update the CHANGELOG.rst, AUTHORS.rst, and README.rst if needed
+- Bump version in setup.cfg
+- Run all tests
+- Install restview and validate that all .rst docs are correct
+- Commit and push this branch
+- Make a PR and merge once approved
+- Tag and push that tag. This triggers the pypi-release.yml workflow that takes care of
+  building the dist release files and upload those to pypi::
+
+    git tag -a vx.x.x -m "Tag vx.x.x"
+    git push origin vx.x.x
+
+- Review and publish the "draft" release created by the workflow at
+  https://github.com/package-url/packageurl-python/releases
 
 .. |ci-tests| image:: https://github.com/package-url/packageurl-python/actions/workflows/ci.yml/badge.svg?branch=main
     :target: https://github.com/package-url/packageurl-python/actions/workflows/ci.yml

setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 name = packageurl-python
-version = 0.11.1
+version = 0.11.3
 license = MIT
 description = A purl aka. Package URL parser and builder
 long_description = file:README.rst
@@ -56,6 +56,8 @@ test =
     pytest
 build =
     wheel
+sqlalchemy =
+    sqlalchemy >= 2.0.0
 
 [isort]
 force_single_line = True
@@ -64,7 +66,7 @@ known_django = django
 sections = FUTURE,STDLIB,DJANGO,THIRDPARTY,FIRSTPARTY,LOCALFOLDER
 
 [mypy]
-python_version = 3.6
+python_version = 3.7
 
 files = src/packageurl/__init__.py
 show_error_codes = True

src/packageurl/contrib/django/models.py

@@ -24,33 +24,12 @@
 # Visit https://github.com/package-url/packageurl-python for support and
 # download.
 
-import warnings
-
 from django.core.exceptions import ValidationError
 from django.db import models
 from django.utils.translation import gettext_lazy as _
 
 from packageurl import PackageURL
-from packageurl.contrib.django.utils import purl_to_lookups as _purl_to_lookups
-from packageurl.contrib.django.utils import without_empty_values as _without_empty_values
-
-
-def purl_to_lookups(purl, encode=True):
-    warnings.warn(
-        "purl_to_lookups is deprecated and will be removed in a future version. "
-        "Use packageurl.contrib.django.utils.purl_to_lookups instead.",
-        DeprecationWarning,
-    )
-    return _purl_to_lookups(purl_str=purl, encode=encode)
-
-
-def without_empty_values(input_dict):
-    warnings.warn(
-        "without_empty_values is deprecated and will be removed in a future version. "
-        "Use packageurl.contrib.django.utils.without_empty_values instead.",
-        DeprecationWarning,
-    )
-    return _without_empty_values(input_dict)
+from packageurl.contrib.django.utils import purl_to_lookups
 
 
 class PackageURLQuerySetMixin:
@@ -63,7 +42,7 @@ def for_package_url(self, purl_str, encode=True):
         Filter the QuerySet with the provided Package URL string.
         The purl string is validated and transformed into filtering lookups.
         """
-        lookups = purl_to_lookups(purl=purl_str, encode=encode)
+        lookups = purl_to_lookups(purl_str=purl_str, encode=encode)
         if lookups:
             return self.filter(**lookups)
         return self.none()

src/packageurl/contrib/purl2url.py

@@ -28,6 +28,26 @@
 from packageurl.contrib.route import NoRouteAvailable
 from packageurl.contrib.route import Router
 
+
+def get_repo_download_url_by_package_type(
+    type, namespace, name, version, archive_extension="tar.gz"
+):
+    """
+    Return the download URL for a hosted git repository given a package type
+    or None.
+    """
+    assert archive_extension in (
+        "zip",
+        "tar.gz",
+    )
+    download_url_by_type = {
+        "github": f"https://github.com/{namespace}/{name}/archive/refs/tags/{version}.{archive_extension}",
+        "bitbucket": f"https://bitbucket.org/{namespace}/{name}/get/{version}.{archive_extension}",
+        "gitlab": f"https://gitlab.com/{namespace}/{name}/-/archive/{version}/{name}-{version}.{archive_extension}",
+    }
+    return download_url_by_type.get(type)
+
+
 repo_router = Router()
 download_router = Router()
 
@@ -327,14 +347,24 @@ def build_nuget_download_url(purl):
         return f"https://www.nuget.org/api/v2/package/{name}/{version}"
 
 
-@download_router.route("pkg:github/.*")
-def build_github_download_url(purl):
+@download_router.route("pkg:gitlab/.*", "pkg:bitbucket/.*", "pkg:github/.*")
+def build_repo_download_url(purl):
     """
-    Return a github download URL from the `purl` string.
+    Return a gitlab download URL from the `purl` string.
+    """
+    return get_repo_download_url(purl)
+
+
+def get_repo_download_url(purl):
+    """
+    Return ``download_url`` if present in ``purl`` qualifiers or
+    if ``namespace``, ``name`` and ``version`` are present in ``purl``
+    else return None.
     """
     purl_data = PackageURL.from_string(purl)
 
     namespace = purl_data.namespace
+    type = purl_data.type
     name = purl_data.name
     version = purl_data.version
     qualifiers = purl_data.qualifiers
@@ -349,4 +379,6 @@ def build_github_download_url(purl):
     version_prefix = qualifiers.get("version_prefix", "")
     version = f"{version_prefix}{version}"
 
-    return f"https://github.com/{namespace}/{name}/archive/refs/tags/{version}.zip"
+    return get_repo_download_url_by_package_type(
+        type=type, namespace=namespace, name=name, version=version
+    )