Merge pull request #1895 from aboutcode-org/pull-tag-from-manifest

keshav-space · web-flow · commit 735e15ea10d7 · 2025-06-02T21:25:41.000+05:30
Get tag from VERSION manifest
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -2,6 +2,18 @@ Release notes
 =============
 
 
+Version v36.1.2
+---------------------
+
+- Get tag from VERSION manifest #1895
+
+
+Version v36.1.1
+---------------------
+
+- Update is_active help text in pipeline migration #1887
+
+
 Version v36.1.0
 ---------------------
 
diff --git a/docs/source/user-interface.rst b/docs/source/user-interface.rst
@@ -15,11 +15,11 @@ package URL or purl prefix fragment such as
 
 The search by packages is available at the following URL:
 
-    `https://public.vulnerablecode.io/packages/search <https://public.vulnerablecode.io/packages/search>`_
+    `https://public.vulnerablecode.io/packages/search/ <https://public.vulnerablecode.io/packages/search/>`_
 
 How to search by packages:
 
-    1. Go to the URL: `https://public.vulnerablecode.io/packages/search <https://public.vulnerablecode.io/packages/search>`_
+    1. Go to the URL: `https://public.vulnerablecode.io/packages/search/ <https://public.vulnerablecode.io/packages/search/>`_
     2. Enter the package URL or purl prefix fragment such as ``pkg:pypi``
        or by package name in the search box.
     3. Click on the search button.
@@ -46,11 +46,11 @@ fragment of these identifiers like ``CVE-2021``.
 
 The search by vulnerabilities is available at the following URL:
 
-    `https://public.vulnerablecode.io/vulnerabilities/search <https://public.vulnerablecode.io/vulnerabilities/search>`_
+    `https://public.vulnerablecode.io/vulnerabilities/search/ <https://public.vulnerablecode.io/vulnerabilities/search/>`_
 
 How to search by vulnerabilities:
 
-    1. Go to the URL: `https://public.vulnerablecode.io/vulnerabilities/search <https://public.vulnerablecode.io/vulnerabilities/search>`_
+    1. Go to the URL: `https://public.vulnerablecode.io/vulnerabilities/search/ <https://public.vulnerablecode.io/vulnerabilities/search/>`_
     2. Enter the VCID, CVE, GHSA, CPEs etc. in the search box.
     3. Click on the search button.
 
diff --git a/setup.cfg b/setup.cfg
@@ -1,6 +1,6 @@
 [metadata]
 name = vulnerablecode
-version = 36.1.0
+version = 36.1.2
 license = Apache-2.0 AND CC-BY-SA-4.0
 
 # description must be on ONE line https://github.com/pypa/setuptools/issues/1390
diff --git a/vulnerabilities/models.py b/vulnerabilities/models.py
@@ -2005,7 +2005,7 @@ def set_vulnerablecode_version_and_commit(self):
             msg = f"Field vulnerablecode_version already set to {self.vulnerablecode_version}"
             raise ValueError(msg)
 
-        self.vulnerablecode_version = VULNERABLECODE_VERSION
+        self.vulnerablecode_version = vulnerablecode.get_git_tag()
         self.vulnerablecode_commit = vulnerablecode.get_short_commit()
         self.save(update_fields=["vulnerablecode_version", "vulnerablecode_commit"])
 
diff --git a/vulnerablecode/__init__.py b/vulnerablecode/__init__.py
@@ -14,7 +14,7 @@
 
 import git
 
-__version__ = "36.1.0"
+__version__ = "36.1.2"
 
 
 PROJECT_DIR = Path(__file__).resolve().parent
@@ -49,6 +49,29 @@ def get_git_commit_from_version_file():
         return
 
 
+def get_git_tag_from_version_file():
+    """Return the tag from the ".VERSION" file."""
+    version_file = ROOT_DIR / ".VERSION"
+    if not version_file.exists():
+        return
+
+    try:
+        lines = version_file.read_text().splitlines()
+        ref_line = lines[0]
+        if "tag:" in ref_line:
+            if vcio_tag := ref_line.split("tag:")[-1].strip():
+                return vcio_tag
+    except (UnicodeDecodeError):
+        return
+
+
+def get_git_tag():
+    """Return the tag from the ".VERSION" file or __version__."""
+    if vcio_tag := get_git_tag_from_version_file():
+        return vcio_tag
+    return __version__
+
+
 def get_short_commit():
     """
     Return the short commit hash from the .VERSION file or from `git describe`
