Skip to content

Prototype implementation of Package set #276 #301

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

Prototype implementation of Package set #276 #301

wants to merge 5 commits into from

Conversation

tdruez
Copy link
Contributor

@tdruez tdruez commented Apr 29, 2025

No description provided.

@tdruez
Copy link
Contributor Author

tdruez commented Apr 29, 2025

@DennisClark This PR includes multiple ideas and prototypes for the PackageSet implementation in DejaCode.

For now, you can have a look at the new "Package set" tab in the Package details view.
This tab displays all the Packages of the PackageSet, and is available only when at least 2 packages are in the set.

The packages are grouped in a PackageSet if they have an identical "plain" PURL, meaning the type, namespace, name, and version values are equal, while the qualifiers and subpath values of the PURL are ignored.

Let me know if that grouping make sense and how you would like to see the new tab content improved.

@DennisClark
Copy link
Member

Hi @tdruez excellent start, thanks for taking the initiative on this. We may discover more columns that you want to show in the Package Set tab, but it is fine for now I think. If possible, the download URL and the license should be live links.

I have a more fundamental question for you and @pombredanne which is deciding which PURL elements to include to define a "plain" PURL. I am inclined to think that including the type, namespace, name, and version values results in a package set that is too limited, and that maybe we only need name and version values to be equal. Just to experiment a bit, I added the [email protected] package from GitHub and it does not become part of the package set. Maybe it should? I don't have a really strong opinion about it at this point, but want to make sure we are all on the same page. I am not sure how PurlDB is exactly defining a package set right now, but if it is using all 4 values then that's OK I guess.

psycopg@3 2 6

@DennisClark
Copy link
Member

I also just now added psycopg-3.2.6.tar.gz to Dejacode from GitHub and it automatically made a package set with psycopg-3.2.6.zip. Excellent!

@DennisClark
Copy link
Member

I cannot find anything (yet) in the PURLdb documentation that defines exactly what determines a Package Set. I found this bit, but it's not very helpful:

Package Update Set List[](https://aboutcode.readthedocs.io/projects/PURLdb/en/latest/purldb/rest_api.html#package-update-set-list)

Take a list of purls (where each item is a mapping containing PURL and content_type).

If uuid is given then all purls will be added to package set if it exists else a new set would be created and all the purls will be added to that new set.

@tdruez
Copy link
Contributor Author

tdruez commented Apr 30, 2025

I cannot find anything (yet) in the PURLdb documentation that defines exactly what determines a Package Set. I found this bit, but it's not very helpful

@DennisClark Some precisions from @JonoYang about the PURLDB implementation of PackageSet are available at #276 (comment)

We create package sets and add packages to package sets [...] where we see if there is an existing package with the same type, namespace, name, version.

@DennisClark
Copy link
Member

@tdruez thanks for the explanation and the link to more details!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tdruez @DennisClark