Skip to content

add on demand package data collection for golang #596 #608

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

add on demand package data collection for golang #596 #608

wants to merge 7 commits into from

Conversation

chinyeungli
Copy link
Contributor

No description provided.

@chinyeungli
#596 - Added code for golang collector and updated the miner code for…
0882289 
… golang

Signed-off-by: Chin Yeung Li <tli@nexb.com>
@chinyeungli
#596 - Working in progress to handle bitbucket.org (It contains a lot…
1c1fbd7 
… of test code that will need to be removed).

Signed-off-by: Chin Yeung Li <tli@nexb.com>
@chinyeungli
#596 - Added the following data collection for golang
b0f1a22 
```
pkg:golang/github.com/*
pkg:golang/gitlab.com/*
pkg:golang/bitbucket.org/*
```

Signed-off-by: Chin Yeung Li <tli@nexb.com>
@chinyeungli
Correct typo
82cb1fb 
Signed-off-by: Chin Yeung Li <tli@nexb.com>
@chinyeungli
#596 - Add on-demand package data collection for golang
18f9413 
 * Collect metadata from API for the following "namespace"
 ```
 pkg:golang/github.com/*
 pkg:golang/gitlab.com/*
 pkg:golang/bitbucket.org/*
```
 * Add tests
 * Add "golang" in the "supported_ecosystems" list in the api.py

Signed-off-by: Chin Yeung Li <tli@nexb.com>
@chinyeungli chinyeungli requested a review from JonoYang April 15, 2025 22:40
@chinyeungli chinyeungli changed the title 596 add on demand package data collection for golang add on demand package data collection for golang #596 Apr 15, 2025
JonoYang
JonoYang requested changes Apr 16, 2025
View reviewed changes
Copy link
Member

@JonoYang JonoYang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@chinyeungli I am looking at https://github.com/package-url/purl-spec/blob/main/PURL-SPECIFICATION.rst#rules-for-each-purl-component and I am not sure if we can add gitlab.com in the package namespace otherwise, the code looks good.

minecode/collectors/generic.py
@@ -116,6 +116,9 @@ def map_fetchcode_supported_package(package_url, pipelines, priority=0):
logger.error(error)
return error

if from_go_lang:
packages[0].type = "golang"
packages[0].namespace = "github.com/" + packages[0].namespace
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@chinyeungli could there be golang packages not from github?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. Only golang packages from github use this map_fetchcode_supported_package function.
Others will use map_golang_package()

minecode/collectors/golang.py
version = ""
if "@" in purl_str:
version = purl_str.rpartition("@")[2]
subset = purl_str.partition("pkg:golang/gitlab.com/")[2].partition("@")[0]
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pombredanne https://github.com/package-url/purl-spec/blob/main/PURL-SPECIFICATION.rst#rules-for-each-purl-component

Does this mean we cannot have things like gitlab.com in the namespace field?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI, this is about getting the subset and version from a purl str that then pass to https://github.com/aboutcode-org/purldb/blob/596_add_on-demand_package_data_collection_for_golang/minecode/collectors/golang.py#L253

@chinyeungli chinyeungli mentioned this pull request Apr 16, 2025
Open
chinyeungli and others added 2 commits April 16, 2025 15:04
@chinyeungli @JonoYang
Update minecode/collectors/golang.py
905195a 
Signed-off-by: Chin Yeung Li <tli@nexb.com>

Co-authored-by: Jono Yang <JonoYang@users.noreply.github.com>
@chinyeungli
Merge branch 'main' into 596_add_on-demand_package_data_collection_fo…
16e9fac 
…r_golang
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JonoYang JonoYang JonoYang requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@chinyeungli @JonoYang