Merge branch 'main' into 1687-codebaseresource-parent-and-top-paths

Author: aayushkdev

.github/workflows/publish-docker.yml renamed to .github/workflows/publish-docker-image.yml

@@ -1,4 +1,4 @@
-name: Publish Docker image on GHCR
+name: Publish Docker image on GitHub Container Registry
 # https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions
 
 on:
@@ -15,8 +15,8 @@ env:
   IMAGE_NAME: ${{ github.repository }}
 
 jobs:
-  build-and-push-image:
-    runs-on: ubuntu-22.04
+  build-and-publish-image:
+    runs-on: ubuntu-24.04
 
     # Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
     permissions:

.github/workflows/pypi-release-aboutcode-pipeline.yml renamed to .github/workflows/publish-pypi-release-aboutcode-pipeline.yml

@@ -3,21 +3,21 @@ name: Build aboutcode.pipeline Python distributions and publish on PyPI
 on:
   workflow_dispatch:
   push:
-   tags:
-     - "aboutcode.pipeline/*"
+    tags:
+      - "aboutcode.pipeline/*"
 
 jobs:
   build-and-publish:
     name: Build and publish library to PyPI
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     steps:
       - uses: actions/checkout@v4
 
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: 3.12
+          python-version: 3.13
 
       - name: Install flot
         run: python -m pip install flot --user

.github/workflows/pypi-release.yml renamed to .github/workflows/publish-pypi-release.yml

@@ -9,15 +9,15 @@ on:
 jobs:
   build-and-publish:
     name: Build and publish library to PyPI
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
 
     steps:
       - uses: actions/checkout@v4
 
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
-          python-version: 3.12
+          python-version: 3.13
 
       - name: Install pypa/build
         run: python -m pip install build --user

.github/workflows/ci-docker.yml renamed to .github/workflows/run-unit-tests-docker.yml

@@ -1,10 +1,18 @@
-name: Test on Docker CI
+name: Run unit tests on Docker container
 
-on: [push, pull_request]
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
 
 jobs:
-  build:
-    runs-on: ubuntu-22.04
+  run-unit-tests:
+    runs-on: ubuntu-24.04
 
     steps:
       - name: Checkout code

.github/workflows/run-unit-tests-macos.yml

@@ -0,0 +1,53 @@
+name: Run unit tests on macOS
+
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+env:
+  POSTGRES_DB: scancodeio
+  POSTGRES_USER: scancodeio
+  POSTGRES_PASSWORD: scancodeio
+
+jobs:
+  run-unit-tests:
+    runs-on: macos-13
+
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: ikalnytskyi/action-setup-postgres@v7
+        id: postgres
+        with:
+          postgres-version: "14"  # 13 is not supported.
+          database: ${{ env.POSTGRES_DB }}
+          username: ${{ env.POSTGRES_USER }}
+          password: ${{ env.POSTGRES_PASSWORD }}
+          port: 5432
+
+      - name: Install Python dependencies
+        run: make dev envfile
+
+      - name: Run Django tests
+        run: .venv/bin/python manage.py test --verbosity=2 --noinput
+        env:
+          SCANCODEIO_DB_NAME: ${{ env.POSTGRES_DB }}
+          SCANCODEIO_DB_USER: ${{ env.POSTGRES_USER }}
+          SCANCODEIO_DB_PASSWORD: ${{ env.POSTGRES_PASSWORD }}

.github/workflows/ci.yml renamed to .github/workflows/run-unit-tests.yml

@@ -1,6 +1,14 @@
-name: Test CI
+name: Run unit tests
 
-on: [push, pull_request]
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
 
 env:
   POSTGRES_DB: scancodeio
@@ -9,8 +17,8 @@ env:
   POSTGRES_INITDB_ARGS: --encoding=UTF-8 --lc-collate=en_US.UTF-8 --lc-ctype=en_US.UTF-8
 
 jobs:
-  build:
-    runs-on: ubuntu-22.04
+  run-unit-tests:
+    runs-on: ubuntu-24.04
 
     services:
       postgres:
@@ -31,7 +39,7 @@ jobs:
     strategy:
       max-parallel: 4
       matrix:
-        python-version: ["3.10", "3.11", "3.12"]
+        python-version: ["3.10", "3.11", "3.12", "3.13"]
 
     steps:
       - name: Checkout code

.gitignore

@@ -51,6 +51,7 @@ local
 *.rdb
 *.aof
 .vscode
+.ipynb_checkpoints
 
 # This is only created when packaging for external redistribution
 /thirdparty/

CHANGELOG.rst

@@ -1,8 +1,57 @@
 Changelog
 =========
 
-v34.12.0 (unreleased)
----------------------
+v35.2.0 (unreleased)
+--------------------
+
+- Refactor policies implementation to support more than licenses.
+  The entire ``policies`` data is now stored on the ``ScanPipeConfig`` in place of the
+  ``license_policy_index``.
+  Also, a new method ``get_policies_dict`` methods is now available on the ``Project``
+  model to easily retrieve all the policies data as a dictionary.
+  Renamed for clarity:
+  * ``policy_index`` to ``license_policy_index``
+  * ``policies_enabled`` to ``license_policies_enabled``
+  https://github.com/aboutcode-org/scancode.io/pull/1718
+
+- Add support for SPDX license identifiers as ``license_key`` in license policies
+  ``policies.yml`` file.
+  https://github.com/aboutcode-org/scancode.io/issues/1348
+
+v35.1.0 (2025-07-02)
+--------------------
+
+- Replace the ``setup.py``/``setup.cfg`` by ``pyproject.toml`` file.
+  https://github.com/aboutcode-org/scancode.io/issues/1608
+
+- Update scancode-toolkit to v32.4.0. See CHANGELOG for updates:
+  https://github.com/aboutcode-org/scancode-toolkit/releases/tag/v32.4.0
+  Adds a new ``git_sha1`` attribute to the ``CodebaseResource`` model as this
+  is now computed and returned from the ``scancode-toolkit`` ``--info`` plugin.
+  https://github.com/aboutcode-org/scancode.io/pull/1708
+
+- Add a ``--fail-on-vulnerabilities`` option in ``check-compliance`` management command.
+  When this option is enabled, the command will exit with a non-zero status if known
+  vulnerabilities are detected in discovered packages and dependencies.
+  Requires the ``find_vulnerabilities`` pipeline to be executed beforehand.
+  https://github.com/aboutcode-org/scancode.io/pull/1702
+
+- Enable ``--license-references`` scan option in the ``scan_single_package`` pipeline.
+  The ``license_references`` and ``license_rule_references`` attributes will now be
+  available in the scan results, including the details about detected licenses and
+  license rules used during the scan.
+  https://github.com/aboutcode-org/scancode.io/issues/1657
+
+- Add a new step to the ``DeployToDevelop`` pipeline, ``map_python``, to match
+  Cython source files (.pyx) to their compiled binaries.
+  https://github.com/aboutcode-org/scancode.io/pull/1703
+
+v35.0.0 (2025-06-23)
+--------------------
+
+- Add support for Python 3.13.
+  Upgrade the base image in Dockerfile to ``python:3.13-slim``.
+  https://github.com/aboutcode-org/scancode.io/pull/1469/files
 
 - Display matched snippets details in "Resource viewer", including the package,
   resource, and similarity values.
@@ -26,6 +75,17 @@ v34.12.0 (unreleased)
   Refine the CSS for the Resource viewer.
   https://github.com/aboutcode-org/scancode.io/pull/1692
 
+- Add "(No value detected)" for Copyright and Holder charts.
+  https://github.com/aboutcode-org/scancode.io/issues/1697
+
+- Add "Package Compliance Alert" chart in the Policies section.
+  https://github.com/aboutcode-org/scancode.io/pull/1699
+
+- Update univers to v31.0.0, catch ``NotImplementedError`` in
+  ``get_unique_unresolved_purls``, and properly log error in project.
+  https://github.com/aboutcode-org/scancode.io/pull/1700
+  https://github.com/aboutcode-org/scancode.io/pull/1701
+
 v34.11.0 (2025-05-02)
 ---------------------
 

Dockerfile

@@ -20,7 +20,7 @@
 # ScanCode.io is a free software code scanning tool from nexB Inc. and others.
 # Visit https://github.com/aboutcode-org/scancode.io for support and download.
 
-FROM python:3.12-slim
+FROM python:3.13-slim
 
 LABEL org.opencontainers.image.source="https://github.com/aboutcode-org/scancode.io"
 LABEL org.opencontainers.image.description="ScanCode.io"
@@ -87,7 +87,7 @@ RUN mkdir -p /var/$APP_NAME/static/ \
  && mkdir -p /var/$APP_NAME/workspace/
 
 # Install the dependencies before the codebase COPY for proper Docker layer caching
-COPY --chown=$APP_USER:$APP_USER setup.cfg setup.py $APP_DIR/
+COPY --chown=$APP_USER:$APP_USER pyproject.toml $APP_DIR/
 RUN pip install --no-cache-dir .
 
 # Copy the codebase and set the proper permissions for the APP_USER

Makefile

@@ -143,10 +143,6 @@ docs:
 	rm -rf docs/_build/
 	@${ACTIVATE} sphinx-build docs/ docs/_build/
 
-bump:
-	@echo "-> Bump the version"
-	@${ACTIVATE} bumpver update --no-fetch --patch
-
 docker-images:
 	@echo "-> Build Docker services"
 	docker compose build
@@ -163,4 +159,4 @@ offline-package: docker-images
 	@mkdir -p dist/
 	@tar -cf dist/scancodeio-offline-package-`git describe --tags`.tar build/
 
-.PHONY: virtualenv conf dev envfile install doc8 check valid check-deploy clean migrate upgrade postgresdb sqlitedb backupdb run run-docker-dev test fasttest docs bump docker-images offline-package
+.PHONY: virtualenv conf dev envfile install doc8 check valid check-deploy clean migrate upgrade postgresdb sqlitedb backupdb run run-docker-dev test fasttest docs docker-images offline-package