From f7fadaa35e8271ecb95eb64e8e71aebe7c14e25b Mon Sep 17 00:00:00 2001 From: Ben Selwyn-Smith Date: Thu, 31 Aug 2023 09:18:27 +1000 Subject: [PATCH] chore: extended docstring of repo finder Signed-off-by: Ben Selwyn-Smith --- src/macaron/repo_finder/repo_finder.py | 31 +++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/src/macaron/repo_finder/repo_finder.py b/src/macaron/repo_finder/repo_finder.py index 3904538c1..411ee3e7e 100644 --- a/src/macaron/repo_finder/repo_finder.py +++ b/src/macaron/repo_finder/repo_finder.py @@ -1,7 +1,36 @@ # Copyright (c) 2023 - 2023, Oracle and/or its affiliates. All rights reserved. # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/. -"""This module contains the logic for using/calling the different repo finders.""" +""" +This module contains the logic for using/calling the different repo finders. + +Input +----- +The entry point of the repo finder depends on the type of PURL being analyzed. +- If passing a PURL representing an artifact, the ``find_repo`` function in this file should be called. +- If passing a PURL representing a repository, the ``to_repo_path`` function in this file should be called. + +Artifact PURLs +-------------- +For artifact PURLs, the PURL type determines how the repositories are searched for. +Currently, for Maven PURLs, SCM meta data is retrieved from the matching POM retrieved from Maven Central (or +other configured location). + +For Python, .NET, Rust, and NodeJS type PURLs, Google's Open Source Insights API is used to find the meta data. + +In either case, any repository links are extracted from the meta data, then checked for validity via +``DependencyAnalyzer::find_valid_url`` which accepts URLs that point to a Github repository or similar. + +Repository PURLs +---------------- +For repository PURLs, the type is checked against the configured valid domains, and accepted or rejected based +on that data. + +Result +------ +If all goes well, a repository URL that matches the initial artifact or repository PURL will be returned for +analysis. +""" import logging import os