initial commit added packeto buildpacks with tests and created buildpack package

NucleonGodX · NucleonGodX · commit 266b9031e3ba · 2024-12-19T12:12:43.000+05:30
diff --git a/src/packagedcode/__init__.py b/src/packagedcode/__init__.py
@@ -12,6 +12,7 @@
 from packagedcode import alpine
 from packagedcode import bower
 from packagedcode import build
+from packagedcode import buildpack
 from packagedcode import build_gradle
 from packagedcode import cargo
 from packagedcode import chef
@@ -62,6 +63,8 @@
     build.BuckMetadataBzlHandler,
     build.BuckPackageHandler,
 
+    buildpack.BuildpackHandler,
+
     cargo.CargoLockHandler,
     cargo.CargoTomlHandler,
 
diff --git a/src/packagedcode/buildpack.py b/src/packagedcode/buildpack.py
@@ -0,0 +1,111 @@
+# SPDX-License-Identifier: Apache-2.0
+
+import tomlkit
+from packagedcode import models
+from packageurl import PackageURL
+
+class BuildpackHandler(models.DatafileHandler):
+    """
+    Handle buildpack.toml manifests.
+    See https://buildpacks.io/ for details on buildpack format.
+    """
+    datasource_id = "buildpack_toml"
+    path_patterns = ("*buildpack.toml",)
+    default_package_type = "buildpack"
+    description = "Cloud Native Buildpack manifest"
+    documentation_url = "https://buildpacks.io/"
+
+    @classmethod
+    def parse(cls, location, package_only=False):
+        """
+        Parse the buildpack.toml file at `location` and yield PackageData.
+        """
+        with open(location, "r", encoding="utf-8") as f:
+            data = tomlkit.parse(f.read())
+
+        # Extract required fields
+        api_version = data.get("api")
+        buildpack = data.get("buildpack", {})
+        if not buildpack:
+            return  # Skip files missing required fields
+
+        buildpack_id = buildpack.get("id")
+        buildpack_version = buildpack.get("version", "unknown")
+        buildpack_name = buildpack.get("name")
+
+        if not (api_version and buildpack_id and buildpack_version and buildpack_name):
+            return  # Skip incomplete data
+
+        # Optional fields
+        description = buildpack.get("description")
+        homepage_url = buildpack.get("homepage")
+        licenses = buildpack.get("licenses", [])
+        keywords = buildpack.get("keywords", [])
+        sbom_formats = buildpack.get("sbom-formats", [])
+
+        # Parse licenses
+        license_expressions = []
+        for license_entry in licenses:
+            license_type = license_entry.get("type")
+            license_uri = license_entry.get("uri")
+            if license_type:
+                license_expressions.append(license_type)
+
+        # Parse dependencies from "metadata.dependencies"
+        dependencies = []
+        metadata = data.get("metadata", {})
+        metadata_dependencies = metadata.get("dependencies", [])
+        for dep in metadata_dependencies:
+            dep_purl = dep.get("purl")
+            dep_name = dep.get("name")
+            dep_version = dep.get("version")
+            if dep_purl:
+                dependencies.append(
+                    models.DependentPackage(
+                        purl=dep_purl,
+                        scope="runtime",
+                        is_runtime=True,
+                        is_optional=False,
+                    )
+                )
+            elif dep_name and dep_version:
+                dependencies.append(
+                    models.DependentPackage(
+                        purl=PackageURL(type="generic", name=dep_name, version=dep_version).to_string(),
+                        scope="runtime",
+                        is_runtime=True,
+                        is_optional=False,
+                    )
+                )
+
+        # Parse "order" section for additional dependencies
+        orders = data.get("order", [])
+        for order in orders:
+            for group in order.get("group", []):
+                group_id = group.get("id")
+                group_version = group.get("version")
+                if group_id and group_version:
+                    dependencies.append(
+                        models.DependentPackage(
+                            purl=PackageURL(type="buildpack", name=group_id, version=group_version).to_string(),
+                            scope="runtime",
+                            is_runtime=True,
+                            is_optional=group.get("optional", False),
+                        )
+                    )
+
+        package_data = dict(
+            datasource_id=cls.datasource_id,
+            type=cls.default_package_type,
+            name=buildpack_name,
+            version=buildpack_version,
+            description=description,
+            homepage_url=homepage_url,
+            keywords=keywords,
+            sbom_formats=sbom_formats,
+            declared_license_expression=" AND ".join(license_expressions) if license_expressions else None,
+            dependencies=dependencies,
+            extra_data={"id": buildpack_id},  # Store the id in extra_data
+        )
+
+        yield models.PackageData.from_data(package_data, package_only)
diff --git a/src/packagedcode/models.py b/src/packagedcode/models.py
@@ -582,6 +582,14 @@ class PackageData(IdentifiablePackageData):
     download_url = String(
         label='Download URL',
         help='A direct download URL.')
+    
+    sbom_formats = List(
+        item_type=str,
+        label='SBOM Formats',
+        help='A list of supported SBOM formats output by the buildpack. '
+            'Supported values are the following media types: '
+            '"application/vnd.cyclonedx+json", "application/spdx+json", and "application/vnd.syft+json".'        
+    )
 
     size = Integer(
         default=None,
diff --git a/tests/packagedcode/data/buildpack/paketo-buildpacks/dotnet-execute/buildpack.toml b/tests/packagedcode/data/buildpack/paketo-buildpacks/dotnet-execute/buildpack.toml
@@ -0,0 +1,20 @@
+api = "0.8"
+
+[buildpack]
+  description = "A buildpack for running the `dotnet execute` command for an app"
+  homepage = "https://github.com/paketo-buildpacks/dotnet-execute"
+  id = "paketo-buildpacks/dotnet-execute"
+  keywords = ["dotnet"]
+  name = "Paketo Buildpack for .NET Execute"
+  sbom-formats = ["application/vnd.cyclonedx+json", "application/spdx+json", "application/vnd.syft+json"]
+
+  [[buildpack.licenses]]
+    type = "Apache-2.0"
+    uri = "https://github.com/paketo-buildpacks/dotnet-execute/blob/main/LICENSE"
+
+[metadata]
+  include-files = ["bin/build", "bin/detect", "bin/run", "bin/port-chooser", "buildpack.toml"]
+  pre-package = "./scripts/build.sh"
+
+[[stacks]]
+  id = "*"
diff --git a/tests/packagedcode/data/buildpack/paketo-buildpacks/git/buildpack.toml b/tests/packagedcode/data/buildpack/paketo-buildpacks/git/buildpack.toml
@@ -0,0 +1,13 @@
+api = "0.7"
+
+[buildpack]
+  homepage = "https://github.com/paketo-buildpacks/git"
+  id = "paketo-buildpacks/git"
+  name = "Paketo Buildpack for Git"
+
+[metadata]
+  include-files = ["bin/run", "bin/build", "bin/detect", "buildpack.toml"]
+  pre-package = "./scripts/build.sh"
+
+[[stacks]]
+  id = "*"
diff --git a/tests/packagedcode/data/buildpack/paketo-buildpacks/java-memory-assistant/buildpack.toml b/tests/packagedcode/data/buildpack/paketo-buildpacks/java-memory-assistant/buildpack.toml
@@ -0,0 +1,83 @@
+# Copyright 2018-2021 the original author or authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+api = "0.7"
+
+[buildpack]
+  description = "A Cloud Native Buildpack that installs the Java Memory Assistant agent"
+  homepage = "https://github.com/paketo-buildpacks/java-memory-assistant"
+  id = "paketo-buildpacks/java-memory-assistant"
+  keywords = ["agent"]
+  name = "Paketo Buildpack for Java Memory Assistant"
+  sbom-formats = ["application/vnd.syft+json", "application/vnd.cyclonedx+json"]
+  version = "{{.version}}"
+
+  [[buildpack.licenses]]
+    type = "Apache-2.0"
+    uri = "https://github.com/paketo-buildpacks/java-memory-assistant/blob/main/LICENSE"
+
+[metadata]
+  include-files = ["LICENSE", "NOTICE", "README.md", "linux/amd64/bin/build", "linux/amd64/bin/detect", "linux/amd64/bin/main", "linux/amd64/bin/helper", "linux/arm64/bin/build", "linux/arm64/bin/detect", "linux/arm64/bin/main", "linux/arm64/bin/helper", "buildpack.toml"]
+  pre-package = "scripts/build.sh"
+
+  [[metadata.configurations]]
+    build = true
+    default = "false"
+    description = "whether to contribute the JMA agent at build time"
+    name = "BP_JMA_ENABLED"
+
+  [[metadata.configurations]]
+    default = "false"
+    description = "whether to enable the JMA agent at runtime"
+    launch = true
+    name = "BPL_JMA_ENABLED"
+
+  [[metadata.configurations]]
+    default = "check_interval=5s,log_level=ERROR,max_frequency=1/1m,heap_dump_folder=/tmp,thresholds.heap=80%"
+    description = "arguments to configure the JMA agent"
+    launch = true
+    name = "BPL_JMA_ARGS"
+
+  [[metadata.dependencies]]
+    cpes = ["cpe:2.3:a:sap:java-memory-assistant:0.5.0:*:*:*:*:*:*:*"]
+    id = "java-memory-assistant"
+    name = "Java Memory Assistant Agent"
+    purl = "pkg:generic/sap-java-memory-assistant@0.5.0?arch=amd64"
+    sha256 = "9c5ffb4bdeec5ed6b4f1d734469500754a857d1452c3d253d89e2315addb04c5"
+    source = "https://github.com/sap/java-memory-assistant/archive/refs/tags/0.5.0.tar.gz"
+    source-sha256 = "dedf82a5c10df5b12e602c1237f00a459a38b6a55c0ff8d671fa0d3909dfe4fc"
+    stacks = ["io.buildpacks.stacks.bionic", "io.paketo.stacks.tiny", "*"]
+    uri = "https://github.com/SAP-archive/java-memory-assistant/releases/download/0.5.0/java-memory-assistant-0.5.0.jar"
+    version = "0.5.0"
+
+    [[metadata.dependencies.licenses]]
+      type = "Apache-2.0"
+      uri = "https://github.com/SAP/java-memory-assistant/blob/master/LICENSE"
+
+[[stacks]]
+  id = "io.buildpacks.stacks.bionic"
+
+[[stacks]]
+  id = "io.paketo.stacks.tiny"
+
+[[stacks]]
+  id = "*"
+
+[[targets]]
+  arch = "amd64"
+  os = "linux"
+
+[[targets]]
+  arch = "arm64"
+  os = "linux"
diff --git a/tests/packagedcode/data/buildpack/paketo-buildpacks/opentelemetry/buildpack.toml b/tests/packagedcode/data/buildpack/paketo-buildpacks/opentelemetry/buildpack.toml
@@ -0,0 +1,65 @@
+# Copyright 2018-2024 the original author or authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+api = "0.7"
+
+[buildpack]
+  description = "A Cloud Native Buildpack that contributes and configures the OpenTelemetry Agent"
+  homepage = "https://github.com/paketo-buildpacks/opentelemetry"
+  id = "paketo-buildpacks/opentelemetry"
+  keywords = ["java", "apm", "trace", "opentelemetry"]
+  name = "Paketo Buildpack for OpenTelemetry"
+  sbom-formats = ["application/vnd.cyclonedx+json", "application/vnd.syft+json"]
+  version = "{{.version}}"
+
+  [[buildpack.licenses]]
+    type = "Apache-2.0"
+    uri = "https://github.com/paketo-buildpacks/opentelemetry/blob/main/LICENSE"
+
+[metadata]
+  include-files = ["LICENSE", "NOTICE", "README.md", "linux/amd64/bin/build", "linux/amd64/bin/detect", "linux/amd64/bin/main", "linux/amd64/bin/helper", "linux/arm64/bin/build", "linux/arm64/bin/detect", "linux/arm64/bin/main", "linux/arm64/bin/helper", "buildpack.toml"]
+  pre-package = "scripts/build.sh"
+
+  [[metadata.configurations]]
+    build = true
+    default = "false"
+    description = "enable the OpenTelemetry Java Trace Agent"
+    name = "BP_OPENTELEMETRY_ENABLED"
+
+  [[metadata.dependencies]]
+    cpes = ["cpe:2.3:a:open-telemetry:opentelemetry-java-agent:2.10.0:*:*:*:*:*:*:*"]
+    id = "opentelemetry-java"
+    name = "OpenTelemetry Java Agent"
+    purl = "pkg:generic/opentelemetry-java@2.10.0"
+    sha256 = "d05f6e36fac8db629263a6aaec2841cc934d064d7b19bfe38425b604b8b54926"
+    source = "https://github.com/open-telemetry/opentelemetry-java-instrumentation/archive/refs/tags/v2.10.0.tar.gz"
+    source-sha256 = "3a921baa391e9fa3f3622bedf1770567bcfed2a13de07642a2273b8beeca934a"
+    stacks = ["*"]
+    uri = "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v2.10.0/opentelemetry-javaagent.jar"
+    version = "2.10.0"
+
+    [[metadata.dependencies.licenses]]
+      type = "Apache-2.0"
+      uri = "https://github.com/open-telemetry/opentelemetry-java-instrumentation/blob/main/LICENSE"
+
+[[stacks]]
+  id = "*"
+
+[[targets]]
+  arch = "amd64"
+  os = "linux"
+
+[[targets]]
+  arch = "arm64"
+  os = "linux"
diff --git a/tests/packagedcode/data/buildpack/paketo-buildpacks/pipeline-builder-canary/buildpack.toml b/tests/packagedcode/data/buildpack/paketo-buildpacks/pipeline-builder-canary/buildpack.toml
@@ -0,0 +1,64 @@
+# Copyright 2018-2021 the original author or authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+api = "0.7"
+
+[buildpack]
+  description = "A Cloud Native Buildpack that provides/does nothing. For testing only."
+  homepage = "https://github.com/paketo-buildpacks/pipeline-builder-canary"
+  id = "paketo-buildpacks/pipeline-builder-canary"
+  keywords = ["nothing"]
+  name = "Paketo Buildpack for Pipeline Builder Canary"
+  version = "{{.version}}"
+
+  [[buildpack.licenses]]
+    type = "Apache-2.0"
+    uri = "https://github.com/paketo-buildpacks/pipeline-builder-canary/blob/main/LICENSE"
+
+[metadata]
+  include-files = ["LICENSE", "NOTICE", "README.md", "linux/amd64/bin/build", "linux/amd64/bin/detect", "linux/amd64/bin/main", "linux/arm64/bin/build", "linux/arm64/bin/detect", "linux/arm64/bin/main", "buildpack.toml"]
+  pre-package = "scripts/build.sh"
+
+  [[metadata.dependencies]]
+    cpes = ["cpe:2.3:a:apache:maven:3.9.9:*:*:*:*:*:*:*"]
+    id = "maven"
+    name = "Apache Maven"
+    purl = "pkg:generic/apache-maven@3.9.9"
+    sha256 = "7a9cdf674fc1703d6382f5f330b3d110ea1b512b51f1652846d9e4e8a588d766"
+    source = "https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-src.tar.gz"
+    source-sha256 = "8a24c448d4ac397e6b0c019a4d7250068c02d1cdb553299e6bb71c3ccca78b2c"
+    stacks = ["io.buildpacks.stacks.bionic", "io.paketo.stacks.tiny", "*"]
+    uri = "https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-bin.tar.gz"
+    version = "3.9.9"
+
+    [[metadata.dependencies.licenses]]
+      type = "Apache-2.0"
+      uri = "https://www.apache.org/licenses/"
+
+[[stacks]]
+  id = "io.buildpacks.stacks.bionic"
+
+[[stacks]]
+  id = "io.paketo.stacks.tiny"
+
+[[stacks]]
+  id = "*"
+
+[[targets]]
+  arch = "amd64"
+  os = "linux"
+
+[[targets]]
+  arch = "arm64"
+  os = "linux"
diff --git a/tests/packagedcode/data/buildpack/paketo-buildpacks/source-removal/buildpack.toml b/tests/packagedcode/data/buildpack/paketo-buildpacks/source-removal/buildpack.toml
diff --git a/tests/packagedcode/test_buildpack.py b/tests/packagedcode/test_buildpack.py
