purl 1.1.2 → 1.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f2e3a83fa55008ae8b31be8d3e5c7306556e4b7d4371e6db46927deae1edee3c
-  data.tar.gz: 5a092dfa8e630db8ca28064b1e101a62320d601708b38351a92b2f5431d692dc
+  metadata.gz: 6c6c3fd2d17a4601a4c296b18ce67d41c423a5893aeb2b79cd484c0028863abd
+  data.tar.gz: 2c5e92ca69e3bb8442df158f34944fad645319cdbac5fb45875c7c8521be5d0c
 SHA512:
-  metadata.gz: a8db461d6066ce37a6fb9c50c373e2dd6739fddb123ac0627c14f645dadc0b610b24e30a6d0dbcda28148f103870ba8cbc28e34efb65ab026b463752753fcd6d
-  data.tar.gz: 5420d53af149d4c1ef1fd8337f232bf4f03f420fcaa3a2de32a38751505167c0eb3d431b382ad803f29ed8b2230f80789cbcdb9c15b4e43a0af5b69fcb554031
+  metadata.gz: 34e7c52f43f92146d605e06338f25b5d12f80f495e320901aed32206dc3e743029be9b51eb5bcd1f84ef46ca450a76ac45fa7c74da5b2506eb3d53b82db6c840
+  data.tar.gz: 7941f3f3cb65695448599c590e75ef06198fdafe4739e7587e0f7518f6e58fc948896452c38136a3c1a1e6e0d52acac4b766c2a5f2dd22d0a33f8b2e1b61feb1

data/.gitmodules

@@ -0,0 +1,3 @@
+[submodule "purl-spec"]
+	path = purl-spec
+	url = https://github.com/package-url/purl-spec.git

data/CHANGELOG.md

@@ -7,6 +7,45 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.3.1] - 2025-08-04
+
+### Fixed
+- Remove arbitrary business logic validation, follow PURL spec for namespace requirements
+
+## [1.3.0] - 2025-07-29
+
+### Added
+- RFC 6570 URI templates for registry URL generation
+- Advanced URL templating capabilities for dynamic registry URL construction
+
+### Enhanced
+- Registry URL generation now supports more flexible URL patterns
+- Improved templating system for custom registry configurations
+
+## [1.2.0] - 2025-07-27
+
+### Added
+- Default registry URLs for 10 additional package types:
+  - `golang`: https://pkg.go.dev (Go package discovery site)
+  - `luarocks`: https://luarocks.org (Lua package repository)
+  - `clojars`: https://clojars.org (Clojure package repository)
+  - `elm`: https://package.elm-lang.org (Elm package catalog)
+  - `deno`: https://deno.land (Deno module registry)
+  - `homebrew`: https://formulae.brew.sh (Homebrew package browser)
+  - `bioconductor`: https://bioconductor.org (R bioinformatics packages)
+  - `huggingface`: https://huggingface.co (Machine learning models)
+  - `swift`: https://swiftpackageindex.com (Swift package index)
+  - `conan`: https://conan.io/center (C/C++ package center)
+
+### Enhanced
+- Registry configuration support for newly added package types
+- Updated test suite to validate all new default registries
+- Improved package type coverage with comprehensive registry URL mapping
+
+### Configuration
+- Updated `purl-types.json` to version 1.2.0 with enhanced registry configurations
+- Added specialized registry handling for Go's unique import path structure
+
 ## [1.1.2] - 2025-07-25
 
 ### Added

data/README.md

@@ -385,6 +385,25 @@ rake spec:types
 rake spec:verify_types
 ```
 
+### Testing Against Official Specification
+
+This library includes the official [purl-spec](https://github.com/package-url/purl-spec) repository as a git submodule for testing and validation:
+
+```bash
+# Initialize submodule (first time only)
+git submodule update --init --recursive
+
+# Update submodule to latest spec
+git submodule update --remote purl-spec
+```
+
+The tests use files from the submodule to:
+- **Schema validation**: Validate our `purl-types.json` against the official schema in `purl-spec/schemas/`
+- **Type compliance**: Ensure our supported types match the official types in `purl-spec/types/`
+- **Test data**: Access official test cases and examples from `purl-spec/tests/`
+
+The submodule is automatically updated weekly via Dependabot, ensuring tests stay current with the latest specification changes. When the submodule updates, you can review and merge the PR to adopt new spec requirements.
+
 ### Rake Tasks
 
 - `rake spec:update` - Fetch latest test cases from official PURL spec repository

data/lib/purl/package_url.rb

@@ -74,13 +74,13 @@ module Purl
     def initialize(type:, name:, namespace: nil, version: nil, qualifiers: nil, subpath: nil)
       @type = validate_and_normalize_type(type)
       @name = validate_name(name)
-      @namespace = validate_namespace(namespace) if namespace
+      @namespace = validate_namespace(namespace)
       @version = validate_version(version) if version
       @qualifiers = validate_qualifiers(qualifiers) if qualifiers
       @subpath = validate_subpath(subpath) if subpath
       
-      # Type-specific validation
-      validate_type_specific_rules
+      # Apply post-validation normalization that depends on other components
+      apply_post_validation_normalization
     end
 
     # Parse a PURL string into a PackageURL object
@@ -407,7 +407,7 @@ module Purl
         # PyPI names are case-insensitive and _ should be normalized to -
         name_str.downcase.gsub("_", "-")
       when "mlflow"
-        # MLflow name normalization is deferred until after qualifiers are set
+        # MLflow name normalization happens after qualifiers are validated
         name_str
       when "composer"
         # Composer names should be lowercase
@@ -418,6 +418,16 @@ module Purl
     end
 
     def validate_namespace(namespace)
+      # Check namespace requirements from spec
+      if namespace_required_for_type?(@type) && namespace.nil?
+        raise ValidationError.new(
+          "#{@type.capitalize} PURLs require a namespace per the type definition",
+          component: :namespace,
+          value: namespace,
+          rule: "#{@type.downcase} packages need namespace"
+        )
+      end
+      
       return nil if namespace.nil?
       
       namespace_str = namespace.to_s.strip
@@ -516,110 +526,35 @@ module Purl
       subpath_str
     end
 
-    def validate_type_specific_rules
-      case @type.downcase
-      when "conan"
-        validate_conan_specific_rules
-      when "cran"
-        validate_cran_specific_rules
-      when "swift"
-        validate_swift_specific_rules
-      when "cpan"
-        validate_cpan_specific_rules
-      when "mlflow"
-        validate_mlflow_specific_rules
+    def apply_post_validation_normalization
+      # MLflow names are case sensitive or insensitive based on repository per spec
+      if @type&.downcase == "mlflow" && @qualifiers && @qualifiers["repository_url"] && @qualifiers["repository_url"].include?("azuredatabricks")
+        # Databricks MLflow is case insensitive - normalize to lowercase per spec
+        @name = @name.downcase
       end
+      # Other MLflow repositories (like Azure ML) are case sensitive - no normalization needed
     end
 
-    def validate_conan_specific_rules
-      # For conan packages, if a namespace is present WITHOUT any qualifiers, 
-      # it's ambiguous (test case 30)
-      if @namespace && (@qualifiers.nil? || (@qualifiers["user"].nil? && @qualifiers["channel"].nil?))
-        raise ValidationError.new(
-          "Conan PURLs with namespace require 'user' and/or 'channel' qualifiers to be unambiguous",
-          component: :qualifiers,
-          value: @qualifiers,
-          rule: "conan packages with namespace need user/channel qualifiers"
-        )
-      end
+    def namespace_required_for_type?(type)
+      return false unless type
       
-      # If channel qualifier is present without namespace, user qualifier is also needed (test case 31)
-      # But if namespace is present, channel alone can be valid (test case 29)
-      if @qualifiers && @qualifiers["channel"] && @qualifiers["user"].nil? && @namespace.nil?
-        raise ValidationError.new(
-          "Conan PURLs with 'channel' qualifier require 'user' qualifier to be unambiguous",
-          component: :qualifiers,
-          value: @qualifiers,
-          rule: "conan packages with channel need user qualifier"
-        )
-      end
-    end
-
-    def validate_cran_specific_rules
-      # CRAN packages require a version to be unambiguous
-      if @version.nil?
-        raise ValidationError.new(
-          "CRAN PURLs require a version to be unambiguous",
-          component: :version,
-          value: @version,
-          rule: "cran packages need version"
-        )
-      end
-    end
-
-    def validate_swift_specific_rules
-      # Swift packages require a namespace to be unambiguous
-      if @namespace.nil?
-        raise ValidationError.new(
-          "Swift PURLs require a namespace to be unambiguous",
-          component: :namespace,
-          value: @namespace,
-          rule: "swift packages need namespace"
-        )
-      end
+      # Read from purl-types.json (included in gem)
+      types_data = self.class.purl_types_data
+      type_config = types_data.dig("types", type.downcase)
+      return false unless type_config
       
-      # Swift packages require a version to be unambiguous
-      if @version.nil?
-        raise ValidationError.new(
-          "Swift PURLs require a version to be unambiguous",
-          component: :version,
-          value: @version,
-          rule: "swift packages need version"
-        )
-      end
-    end
-
-    def validate_mlflow_specific_rules
-      # MLflow names are case sensitive or insensitive based on repository
-      if @qualifiers && @qualifiers["repository_url"] && @qualifiers["repository_url"].include?("azuredatabricks")
-        # Azure Databricks MLflow is case insensitive - normalize to lowercase
-        @name = @name.downcase
-      end
-      # Other MLflow repositories are case sensitive - no normalization needed
+      # Check namespace_requirement field
+      type_config["namespace_requirement"] == "required"
     end
 
-    def validate_cpan_specific_rules
-      # CPAN has complex rules about module vs distribution names
-      # These test cases are checking for specific invalid patterns
-      
-      # Case 51: "Perl-Version" should be invalid (module name like distribution name)
-      if @name == "Perl-Version"
-        raise ValidationError.new(
-          "CPAN module name 'Perl-Version' conflicts with distribution naming",
-          component: :name,
-          value: @name,
-          rule: "cpan module vs distribution name conflict"
-        )
-      end
-      
-      # Case 52: namespace with distribution-like name should be invalid
-      if @namespace == "GDT" && @name == "URI::PackageURL"
-        raise ValidationError.new(
-          "CPAN distribution name 'GDT/URI::PackageURL' has invalid format",
-          component: :name,
-          value: "#{@namespace}/#{@name}",
-          rule: "cpan distribution vs module name conflict"
-        )
+    def self.purl_types_data
+      @purl_types_data ||= begin
+        require "json"
+        types_file = File.join(File.dirname(__FILE__), "..", "..", "purl-types.json")
+        JSON.parse(File.read(types_file))
+      rescue
+        # Fallback to empty structure if file can't be read
+        {"types" => {}}
       end
     end
 

data/lib/purl/registry_url.rb

@@ -1,11 +1,13 @@
 # frozen_string_literal: true
 
+require "addressable/template"
+
 module Purl
   class RegistryURL
     # Load registry patterns from JSON configuration
     def self.load_registry_patterns
       @registry_patterns ||= begin
-        # Load JSON config directly to avoid circular dependency
+        # Load extended registry configs
         config_path = File.join(__dir__, "..", "..", "purl-types.json")
         require "json"
         config = JSON.parse(File.read(config_path))
@@ -16,37 +18,18 @@ module Purl
           next unless type_config["registry_config"]
           
           registry_config = type_config["registry_config"]
-          patterns[type] = build_pattern_config(type, registry_config)
+          patterns[type] = build_pattern_config(type, registry_config, type_config)
         end
         
         patterns
       end
     end
 
-    def self.build_pattern_config(type, config)
-      # Get the default registry for this type from parent config
-      type_config = load_types_config["types"][type]
+    def self.build_pattern_config(type, config, type_config)
+      # Get the default registry for this type from the extended config
       default_registry = type_config["default_registry"]
       
-      # Build full URLs from templates if we have a default registry
-      route_patterns = []
-      if default_registry
-        # Add all template variations
-        if config["path_template"]
-          route_patterns << default_registry + config["path_template"]
-        end
-        if config["namespace_path_template"]
-          route_patterns << default_registry + config["namespace_path_template"]
-        end
-        if config["version_path_template"]
-          route_patterns << default_registry + config["version_path_template"]
-        end
-        if config["namespace_version_path_template"]
-          route_patterns << default_registry + config["namespace_version_path_template"]
-        end
-      end
-      # Fall back to legacy route_patterns if available
-      route_patterns = config["route_patterns"] if route_patterns.empty? && config["route_patterns"]
+      # Route patterns are replaced by URI templates
       
       # Build reverse regex from template or use legacy format
       reverse_regex = nil
@@ -63,10 +46,13 @@ module Purl
       
       {
         base_url: config["base_url"] || (default_registry ? default_registry + config["path_template"]&.split('/:').first : nil),
-        route_patterns: route_patterns,
         reverse_regex: reverse_regex,
         pattern: build_generation_lambda(type, config, default_registry),
-        reverse_parser: reverse_regex ? build_reverse_parser(type, config) : nil
+        reverse_parser: reverse_regex ? build_reverse_parser(type, config) : nil,
+        uri_template: config["uri_template"] ? Addressable::Template.new(config["uri_template"]) : nil,
+        uri_template_no_namespace: config["uri_template_no_namespace"] ? Addressable::Template.new(config["uri_template_no_namespace"]) : nil,
+        uri_template_with_version: config["uri_template_with_version"] ? Addressable::Template.new(config["uri_template_with_version"]) : nil,
+        uri_template_with_version_no_namespace: config["uri_template_with_version_no_namespace"] ? Addressable::Template.new(config["uri_template_with_version_no_namespace"]) : nil
       }
     end
 
@@ -394,18 +380,41 @@ module Purl
       pattern_config = REGISTRY_PATTERNS[type.to_s.downcase]
       return [] unless pattern_config
       
-      pattern_config[:route_patterns] || []
+      # Generate route patterns from URI templates
+      patterns = []
+      
+      if pattern_config[:uri_template]
+        patterns << uri_template_to_route_pattern(pattern_config[:uri_template])
+      end
+      
+      if pattern_config[:uri_template_no_namespace]
+        patterns << uri_template_to_route_pattern(pattern_config[:uri_template_no_namespace])
+      end
+      
+      if pattern_config[:uri_template_with_version]
+        patterns << uri_template_to_route_pattern(pattern_config[:uri_template_with_version])
+      end
+      
+      if pattern_config[:uri_template_with_version_no_namespace]
+        patterns << uri_template_to_route_pattern(pattern_config[:uri_template_with_version_no_namespace])
+      end
+      
+      patterns.uniq
     end
 
     def self.all_route_patterns
       result = {}
       REGISTRY_PATTERNS.each do |type, config|
-        if config[:route_patterns]
-          result[type] = config[:route_patterns]
-        end
+        patterns = route_patterns_for(type)
+        result[type] = patterns unless patterns.empty?
       end
       result
     end
+    
+    private_class_method def self.uri_template_to_route_pattern(template)
+      # Convert URI template format {variable} to route pattern format :variable
+      template.pattern.gsub(/\{([^}]+)\}/, ':\1')
+    end
 
     def initialize(purl)
       @purl = purl
@@ -426,8 +435,12 @@ module Purl
         if base_url
           # Use custom base URL with the same URL structure
           generate_with_custom_base_url(base_url, pattern_config)
+        elsif pattern_config[:uri_template]
+          # Use URI template if available
+          template = select_uri_template(pattern_config, include_version: false)
+          generate_with_uri_template(template)
         else
-          # Use default base URL
+          # Fall back to legacy lambda pattern
           pattern_config[:pattern].call(@purl)
         end
       rescue MissingRegistryInfoError
@@ -438,27 +451,121 @@ module Purl
     end
 
     def generate_with_version(base_url: nil)
-      registry_url = generate(base_url: base_url)
+      return generate(base_url: base_url) unless @purl.version
+      
+      pattern_config = REGISTRY_PATTERNS[@purl.type.downcase]
+      
+      if base_url
+        # Use custom base URL with version
+        generate_with_custom_base_url_and_version(base_url, pattern_config)
+      elsif pattern_config[:uri_template_with_version] || pattern_config[:uri_template]
+        # Use version-specific URI template if available
+        template = select_uri_template(pattern_config, include_version: true)
+        generate_with_uri_template(template, include_version: true)
+      else
+        # Fall back to legacy version handling
+        registry_url = generate(base_url: base_url)
+        
+        case @purl.type.downcase
+        when "npm"
+          "#{registry_url}/v/#{@purl.version}"
+        when "pypi"
+          "#{registry_url}#{@purl.version}/"
+        when "gem"
+          "#{registry_url}/versions/#{@purl.version}"
+        when "maven"
+          "#{registry_url}/#{@purl.version}"
+        when "nuget"
+          "#{registry_url}/#{@purl.version}"
+        else
+          registry_url
+        end
+      end
+    end
+
+    private
+
+    def select_uri_template(pattern_config, include_version: false)
+      if include_version
+        if @purl.namespace && pattern_config[:uri_template_with_version]
+          pattern_config[:uri_template_with_version]
+        elsif !@purl.namespace && pattern_config[:uri_template_with_version_no_namespace]
+          pattern_config[:uri_template_with_version_no_namespace]
+        elsif pattern_config[:uri_template_with_version]
+          pattern_config[:uri_template_with_version]
+        elsif @purl.namespace && pattern_config[:uri_template]
+          pattern_config[:uri_template]
+        elsif !@purl.namespace && pattern_config[:uri_template_no_namespace]
+          pattern_config[:uri_template_no_namespace]
+        else
+          pattern_config[:uri_template]
+        end
+      else
+        if @purl.namespace && pattern_config[:uri_template]
+          pattern_config[:uri_template]
+        elsif !@purl.namespace && pattern_config[:uri_template_no_namespace]
+          pattern_config[:uri_template_no_namespace]
+        else
+          pattern_config[:uri_template]
+        end
+      end
+    end
+
+    def generate_with_uri_template(template, include_version: false)
+      variables = {
+        name: @purl.name
+      }
+      
+      # Add namespace if present and required
+      if @purl.namespace
+        variables[:namespace] = @purl.namespace
+      end
+      
+      # Add version if requested and present
+      if include_version && @purl.version
+        variables[:version] = @purl.version
+      end
+      
+      # Handle namespace requirements based on package type
+      case @purl.type.downcase
+      when "composer", "maven", "swift", "elm"
+        unless @purl.namespace
+          raise MissingRegistryInfoError.new(
+            "#{@purl.type.capitalize} packages require a namespace",
+            type: @purl.type,
+            missing: "namespace"
+          )
+        end
+      end
+      
+      # Build the URL manually to avoid encoding issues with special characters like @
+      result = template.pattern
+      
+      variables.each do |key, value|
+        result = result.gsub("{#{key}}", value.to_s)
+      end
+      
+      result
+    end
+
+    def generate_with_custom_base_url_and_version(custom_base_url, pattern_config)
+      # For now, fall back to the existing custom base URL method and add version
+      base_result = generate_with_custom_base_url(custom_base_url, pattern_config)
       
       case @purl.type.downcase
       when "npm"
-        @purl.version ? "#{registry_url}/v/#{@purl.version}" : registry_url
+        "#{base_result}/v/#{@purl.version}"
       when "pypi"
-        @purl.version ? "#{registry_url}#{@purl.version}/" : registry_url
+        "#{base_result}#{@purl.version}/"
       when "gem"
-        @purl.version ? "#{registry_url}/versions/#{@purl.version}" : registry_url
-      when "maven"
-        @purl.version ? "#{registry_url}/#{@purl.version}" : registry_url
-      when "nuget"
-        @purl.version ? "#{registry_url}/#{@purl.version}" : registry_url
+        "#{base_result}/versions/#{@purl.version}"
+      when "maven", "nuget"
+        "#{base_result}/#{@purl.version}"
       else
-        # For other types, just return the base URL since version-specific URLs vary
-        registry_url
+        base_result
       end
     end
 
-    private
-
     def generate_with_custom_base_url(custom_base_url, pattern_config)
       
       # Replace the base URL in the pattern lambda

data/lib/purl/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Purl
-  VERSION = "1.1.2"
+  VERSION = "1.3.1"
 end