aboutcode-org · ziadhany · Sep 11, 2023 · Sep 11, 2023 · Sep 11, 2023 · Sep 16, 2023
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
diff --git a/.github/workflows/pypi-release.yml b/.github/workflows/pypi-release.yml
diff --git a/.github/workflows/test-import-using-nix.yml b/.github/workflows/test-import-using-nix.yml
diff --git a/.github/workflows/upstream_test.yml b/.github/workflows/upstream_test.yml
diff --git a/.gitignore b/.gitignore
@@ -103,3 +103,4 @@ Pipfile
 *.bak
 /.cache/
 /tmp/
+/purl_sync/venv_purl/
diff --git a/purl_sync/Dockerfile b/purl_sync/Dockerfile
@@ -0,0 +1,23 @@
+#
+# Copyright (c) nexB Inc. and others. All rights reserved.
+# VulnerableCode is a trademark of nexB Inc.
+# SPDX-License-Identifier: Apache-2.0
+# See http://www.apache.org/licenses/LICENSE-2.0 for the license text.
+# See https://github.com/nexB/vulnerablecode for support or download.
+# See https://aboutcode.org for more information about nexB OSS projects.
+#
+FROM python:3.10
+# Python settings: Force unbuffered stdout and stderr (i.e. they are flushed to terminal immediately)
+ENV PYTHONUNBUFFERED 1
+# Python settings: do not write pyc files
+ENV PYTHONDONTWRITEBYTECODE 1
+
+RUN pip install --upgrade pip
+
+WORKDIR /purl_sync
+
+COPY requirements.txt pyproject.toml /purl_sync/
+
+RUN pip install -r requirements.txt
+
+COPY . /purl_sync
diff --git a/purl_sync/Makefile b/purl_sync/Makefile
@@ -0,0 +1,97 @@
+# SPDX-License-Identifier: Apache-2.0
+#
+# http://nexb.com and https://github.com/nexB/scancode.io
+# The ScanCode.io software is licensed under the Apache License version 2.0.
+# Data generated with ScanCode.io is provided as-is without warranties.
+# ScanCode is a trademark of nexB Inc.
+#
+# You may not use this software except in compliance with the License.
+# You may obtain a copy of the License at: http://apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software distributed
+# under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+# CONDITIONS OF ANY KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations under the License.
+#
+# Data Generated with ScanCode.io is provided on an "AS IS" BASIS, WITHOUT WARRANTIES
+# OR CONDITIONS OF ANY KIND, either express or implied. No content created from
+# ScanCode.io should be considered or used as legal advice. Consult an Attorney
+# for any legal advice.
+#
+# ScanCode.io is a free software code scanning tool from nexB Inc. and others.
+# Visit https://github.com/nexB/scancode.io for support and download.
+# Modified for VulnerableCode use
+
+# Python version can be specified with `$ PYTHON_EXE=python3.x make conf`
+PYTHON_EXE?=python3
+VENV=venv
+MANAGE=${VENV}/bin/python manage.py
+ACTIVATE?=. ${VENV}/bin/activate;
+VIRTUALENV_PYZ=etc/thirdparty/virtualenv.pyz
+# Do not depend on Python to generate the SECRET_KEY
+GET_SECRET_KEY=`base64 /dev/urandom | head -c50`
+# Customize with `$ make envfile ENV_FILE=/etc/vulnerablecode/.env`
+ENV_FILE=.env
+# Customize with `$ make postgres VULNERABLECODE_DB_PASSWORD=YOUR_PASSWORD`
+VULNERABLECODE_DB_PASSWORD=vulnerablecode
+
+virtualenv:
+	@echo "-> Bootstrap the virtualenv with PYTHON_EXE=${PYTHON_EXE}"
+	@${PYTHON_EXE} ${VIRTUALENV_PYZ} --never-download --no-periodic-update ${VENV}
+
+conf: virtualenv
+	@echo "-> Install dependencies"
+	@${ACTIVATE} pip install -e . -c requirements.txt
+
+dev: virtualenv
+	@echo "-> Configure and install development dependencies"
+	@${ACTIVATE} pip install -e .[dev] -c requirements.txt
+
+envfile:
+	@echo "-> Create the .env file and generate a secret key"
+	@if test -f ${ENV_FILE}; then echo ".env file exists already"; exit 1; fi
+	@mkdir -p $(shell dirname ${ENV_FILE}) && touch ${ENV_FILE}
+	@echo SECRET_KEY=\"${GET_SECRET_KEY}\" > ${ENV_FILE}
+
+isort:
+	@echo "-> Apply isort changes to ensure proper imports ordering"
+	${VENV}/bin/isort .
+
+black:
+	@echo "-> Apply black code formatter"
+	${VENV}/bin/black .
+
+valid: isort black
+
+check:
+	@echo "-> Run pycodestyle (PEP8) validation"
+	@${ACTIVATE} pycodestyle --max-line-length=100 --exclude=venv,lib,thirdparty,docs,migrations,settings.py .
+	@echo "-> Run isort imports ordering validation"
+	@${ACTIVATE} isort --check-only .
+	@echo "-> Run black validation"
+	@${ACTIVATE} black --check ${BLACK_ARGS}
+
+clean:
+	@echo "-> Clean the Python env"
+	rm -rf ${VENV} build/ dist/ vulnerablecode.egg-info/ docs/_build/ pip-selfcheck.json
+	find . -type f -name '*.py[co]' -delete -o -type d -name __pycache__ -delete
+
+migrate:
+	@echo "-> Apply database migrations"
+	${MANAGE} migrate
+
+sqlite:
+	@echo "-> Configure SQLite database"
+	@echo VULNERABLECODE_DB_ENGINE=\"django.db.backends.sqlite3\" >> ${ENV_FILE}
+	@echo VULNERABLECODE_DB_NAME=\"sqlite3.db\" >> ${ENV_FILE}
+	@$(MAKE) migrate
+
+run:
+	${MANAGE} runserver 8000 --insecure
+
+test:
+	@echo "-> Run the test suite"
+	${ACTIVATE} ${PYTHON_EXE} -m pytest -vvs -m "not webtest"
+
+webtest:
+	@echo "-> Run web tests"
+	${ACTIVATE} ${PYTHON_EXE} -m pytest -vvs -m "webtest"
diff --git a/purl_sync/README.rst b/purl_sync/README.rst
@@ -0,0 +1,9 @@
+# How to export VCIO and import in Purl-Sync
+
+## How to export
+1. VCIO run exporter command and save the data in a git repo like https://github.com/nexB/vulnerablecode-data
+
+## How to import/sync:
+1. Service Actor ( Activitypub admin ) Create a new git Repository instance
+2. Service Actor Send a Sync-Activity
+3. the Activitypub server pull all git repo data and run import command