Merge pull request #143 from shs96c/add-purl
Add `purl` to the `PackageInfo` provider
diff --git a/rules/package_info.bzl b/rules/package_info.bzl
index c79545f..bd32f3e 100644
--- a/rules/package_info.bzl
+++ b/rules/package_info.bzl
@@ -35,6 +35,7 @@
package_url = ctx.attr.package_url,
package_version = ctx.attr.package_version,
)
+
# Experimental alternate design, using a generic 'data' back to hold things
generic_provider = ExperimentalMetadataInfo(
type = "package_info_alt",
@@ -42,8 +43,8 @@
data = {
"package_name": ctx.attr.package_name or ctx.build_file_path.rstrip("/BUILD"),
"package_url": ctx.attr.package_url,
- "package_version": ctx.attr.package_version
- }
+ "package_version": ctx.attr.package_version,
+ },
)
return [provider, generic_provider]
@@ -64,7 +65,12 @@
doc = "A human readable version string identifying this package." +
" This may be used to produce an index of OSS packages used" +
" by an applicatation. It should be a value that" +
- " increases over time, rather than a commit hash."
+ " increases over time, rather than a commit hash.",
+ ),
+ "purl": attr.string(
+ doc = "A pURL conforming to the spec outlined in" +
+ " https://github.com/package-url/purl-spec This may be used when" +
+ " generating an SBOM.",
),
},
)
@@ -75,20 +81,25 @@
package_name = None,
package_url = None,
package_version = None,
+ purl = None,
**kwargs):
"""Wrapper for package_info rule.
@wraps(_package_info)
+ The purl attribute should be a valid pURL, as defined in the
+ [pURL spec](https://github.com/package-url/purl-spec).
+
Args:
name: str target name.
package_name: str A human readable name identifying this package. This
may be used to produce an index of OSS packages used by
an application.
package_url: str The canoncial URL this package distribution was retrieved from.
- Note that, because of local mirroring, that might not be the
+ Note that, because of local mirroring, that might not be the
physical URL it was retrieved from.
package_version: str A human readable name identifying version of this package.
+ purl: str The canonical pURL by which this package is known.
kwargs: other args. Most are ignored.
"""
visibility = kwargs.get("visibility") or ["//visibility:public"]
@@ -97,6 +108,7 @@
package_name = package_name,
package_url = package_url,
package_version = package_version,
+ purl = purl,
applicable_licenses = [],
visibility = visibility,
tags = [],
diff --git a/rules/providers.bzl b/rules/providers.bzl
index c9f89e0..b6a352f 100644
--- a/rules/providers.bzl
+++ b/rules/providers.bzl
@@ -55,6 +55,7 @@
"package_name": "string: Human readable package name",
"package_url": "string: URL from which this package was downloaded.",
"package_version": "string: Human readable version string",
+ "purl": "string: package url matching the purl spec (https://github.com/package-url/purl-spec)",
},
)