python-ort 0.1.4__tar.gz → 0.3.0__tar.gz

{python_ort-0.1.4 → python_ort-0.3.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: python-ort
-Version: 0.1.4
+Version: 0.3.0
 Summary: A Python Ort model serialization library
 License-Expression: MIT
 License-File: LICENSE
@@ -11,9 +11,9 @@ Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
-Requires-Dist: pydantic>=2.11.10
-Requires-Dist: pyyaml>=6.0.3
+Requires-Dist: pydantic>=2.12.4
 Requires-Python: >=3.10
 Description-Content-Type: text/markdown
 

{python_ort-0.1.4 → python_ort-0.3.0}/pyproject.toml

@@ -1,5 +1,5 @@
 [build-system]
-requires = ["uv_build>=0.8.12,<0.9.0"]
+requires = ["uv_build>=0.8.12,<0.10.0"]
 build-backend = "uv_build"
 
 [tool.hatch.build.targets.wheel]
@@ -7,15 +7,14 @@ packages = ["src/ort"]
 
 [project]
 name = "python-ort"
-version = "0.1.4"
+version = "0.3.0"
 description = "A Python Ort model serialization library"
 readme = "README.md"
 license = "MIT"
 license-files = ["LICENSE"]
 requires-python = ">=3.10"
 dependencies = [
-    "pydantic>=2.11.10",
-    "pyyaml>=6.0.3",
+    "pydantic>=2.12.4",
 ]
 classifiers = [
     "Development Status :: 3 - Alpha",
@@ -25,6 +24,7 @@ classifiers = [
     "Programming Language :: Python :: 3.11",
     "Programming Language :: Python :: 3.12",
     "Programming Language :: Python :: 3.13",
+    "Programming Language :: Python :: 3.14",
     "Topic :: Software Development :: Libraries :: Python Modules",
 ]
 
@@ -34,12 +34,12 @@ module-root = "src"
 
 [dependency-groups]
 dev = [
-    "datamodel-code-generator[http]>=0.34.0",
+    "datamodel-code-generator[http]>=0.35.0",
     "pre-commit>=4.3.0",
     "pycodestyle>=2.14.0",
-    "pyrefly>=0.35.0",
+    "pyrefly>=0.40.0",
     "pytest>=8.4.2",
-    "ruff>=0.13.3",
+    "ruff>=0.14.4",
     "types-pyyaml>=6.0.12.20250915",
 ]
 

python_ort-0.3.0/src/ort/models/config/curations.py

@@ -0,0 +1,30 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from ort.models.config.license_finding_curation import LicenseFindingCuration
+from ort.models.package_curation import PackageCuration
+
+
+class Curations(BaseModel):
+    """
+    Curations for artifacts in a repository.
+
+    Attributes:
+        packages(list[PackageCuration]): Curations for third-party packages.
+        license_findings(list[LicenseFindingCuration]): Curations for license findings.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+    packages: list[PackageCuration] = Field(
+        default_factory=list,
+        description="Curations for third-party packages.",
+    )
+    license_findings: list[LicenseFindingCuration] = Field(
+        default_factory=list,
+        description="Curations for license findings.",
+    )

python_ort-0.3.0/src/ort/models/config/license_finding_curation.py

@@ -0,0 +1,61 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from ort.models.config.license_finding_curation_reason import LicenseFindingCurationReason
+
+
+class LicenseFindingCuration(BaseModel):
+    """
+    A curation for a license finding. Use it to correct a license finding or to add a license
+    that was not previously detected.
+
+    Attributes:
+        path (str): A glob to match the file path of a license finding.
+        start_lines (list[int] | None): A matcher for the start line of a license finding, matches if the start line
+            matches any of [startLines] or if [startLines] is empty.
+        line_count (int | None): A matcher for the line count of a license finding
+            matches if the line count equals [lineCount] or if [lineCount] is None
+        detected_license (str | None): The concluded license as SPDX expression or None
+            for no license, see https://spdx.dev/spdx-specification-21-web-version#h.jxpfx0ykyb60.
+        concluded_license (str): The concluded license as SPDX expression or None for no license,
+            see https://spdx.dev/spdx-specification-21-web-version#h.jxpfx0ykyb60.
+        reason (LicenseFindingCurationReason): The reason why the curation was made, out of a predefined choice.
+        comment (str | None): A comment explaining this [LicenseFindingCuration].
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+    path: str = Field(
+        description="A glob to match the file path of a license finding.",
+    )
+    start_lines: list[int] | None = Field(
+        default=None,
+        description="A matcher for the start line of a license finding, matches if the start line matches any of"
+        "[startLines] or if [startLines] is empty.",
+    )
+    line_count: int | None = Field(
+        default=None,
+        description="A matcher for the line count of a license finding"
+        "matches if the line count equals [lineCount] or if [lineCount] is None",
+    )
+
+    detected_license: str | None = Field(
+        default=None,
+        description="The concluded license as SPDX expression or None"
+        "for no license, see https://spdx.dev/spdx-specification-21-web-version#h.jxpfx0ykyb60.",
+    )
+    concluded_license: str = Field(
+        description="The concluded license as SPDX expression or None for no license,"
+        " see https://spdx.dev/spdx-specification-21-web-version#h.jxpfx0ykyb60.",
+    )
+    reason: LicenseFindingCurationReason = Field(
+        description="The reason why the curation was made, out of a predefined choice.",
+    )
+    comment: str | None = Field(
+        default=None,
+        description="A comment explaining this [LicenseFindingCuration].",
+    )

python_ort-0.3.0/src/ort/models/config/license_finding_curation_reason.py

@@ -0,0 +1,28 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+#
+# SPDX-License-Identifier: MIT
+
+
+from enum import Enum
+
+
+class LicenseFindingCurationReason(Enum):
+    """
+    A curation for a license finding. Use it to correct a license finding or to add a license that was not
+    previously detected.
+
+    Attributes:
+        CODE: The findings occur in source code, for example the name of a variable.
+        DATA_OF: The findings occur in a data, for example a JSON object defining all SPDX licenses.
+        DOCUMENTATION_OF: The findings occur in documentation, for example in code comments or in the README.md.
+        INCORRECT: The detected licenses are not correct. Use only if none of the other reasons apply.
+        NOT_DETECTED: Add applicable license as the scanner did not detect it.
+        REFERENCE: The findings reference a file or URL, e.g. SEE LICENSE IN LICENSE or https://jquery.org/license/.
+    """
+
+    CODE = "CODE"
+    DATA_OF = "DATA_OF"
+    DOCUMENTATION_OF = "DOCUMENTATION_OF"
+    INCORRECT = "INCORRECT"
+    NOT_DETECTED = "NOT_DETECTED"
+    REFERENCE = "REFERENCE"

python_ort-0.3.0/src/ort/models/hash.py

@@ -0,0 +1,19 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+from pydantic import BaseModel, Field
+
+from ort.models.hash_algorithm import HashAlgorithm
+
+
+class Hash(BaseModel):
+    """
+    A class that bundles a hash algorithm with its hash value.
+
+    Attributes:
+        value (str): The value calculated using the hash algorithm.
+        algorithm (HashAlgorithm): The algorithm used to calculate the hash value.
+    """
+
+    value: str = Field(description="The value calculated using the hash algorithm.")
+    algorithm: HashAlgorithm = Field(description="The algorithm used to calculate the hash value.")

python_ort-0.3.0/src/ort/models/hash_algorithm.py

@@ -0,0 +1,37 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+#
+# SPDX-License-Identifier: MIT
+
+
+from enum import Enum
+
+
+class HashAlgorithm(Enum):
+    """
+    An enum of supported hash algorithms. Each algorithm has one or more [aliases] associated to it,
+    where the first alias is the definite name.
+
+    Attributes:
+        NONE: No hash algorithm.
+        UNKNOWN: An unknown hash algorithm.
+        MD5: The Message-Digest 5 hash algorithm, see [MD5](http://en.wikipedia.org/wiki/MD5).
+        SHA1: The Secure Hash Algorithm 1, see [SHA-1](https://en.wikipedia.org/wiki/SHA-1).
+        SHA256: The Secure Hash Algorithm 2 with 256 bits, see [SHA-256](https://en.wikipedia.org/wiki/SHA-256).
+        SHA384: The Secure Hash Algorithm 2 with 384 bits, see [SHA-384](https://en.wikipedia.org/wiki/SHA-384).
+        SHA512: The Secure Hash Algorithm 2 with 512 bits, see [SHA-512](https://en.wikipedia.org/wiki/SHA-512).
+        SHA1GIT: The Secure Hash Algorithm 1, but calculated on a Git "blob" object, see
+            - https://git-scm.com/book/en/v2/Git-Internals-Git-Objects#_object_storage
+            - https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html#git-compatibility
+    """
+
+    NONE = "NONE"
+    UNKNOWN = "UNKNOWN"
+    MD5 = "MD5"
+    SHA1 = "SHA1"
+    SHA256 = "SHA256"
+    SHA384 = "SHA384"
+    SHA512 = "SHA512"
+    SHA1GIT = (
+        ["SHA-1-GIT", "SHA1-GIT", "SHA1GIT", "SWHID"],
+        "e69de29bb2d1d6434b8b29ae775ad8c2e48c5391",
+    )

python_ort-0.3.0/src/ort/models/package_curation.py

@@ -0,0 +1,15 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict
+
+from .package_curation_data import PackageCurationData
+
+
+class PackageCuration(BaseModel):
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+    id: str
+    curations: PackageCurationData

python_ort-0.3.0/src/ort/models/package_curation_data.py

@@ -0,0 +1,36 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+from typing import Any
+
+from pydantic import AnyUrl, BaseModel, ConfigDict, Field
+
+from .hash import Hash
+from .source_code_origin import SourceCodeOrigin
+from .vcsinfo import VcsInfo
+
+
+class CurationArtifact(BaseModel):
+    url: AnyUrl
+    hash: Hash
+
+
+class PackageCurationData(BaseModel):
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+    comment: str | None = None
+    purl: str | None = None
+    cpe: str | None = None
+    authors: list[str] | None = None
+    concluded_license: str | None = None
+    description: str | None = None
+    homepage_url: str | None = None
+    binary_artifact: CurationArtifact | None = None
+    source_artifact: CurationArtifact | None = None
+    vcs: VcsInfo | None = None
+    is_metadata_only: bool | None = None
+    is_modified: bool | None = None
+    declared_license_mapping: dict[str, Any] = Field(default_factory=dict)
+    source_code_origins: list[SourceCodeOrigin] | None = None
+    labels: dict[str, str] = Field(default_factory=dict)

{python_ort-0.1.4 → python_ort-0.3.0}/src/ort/models/repository_configuration.py

@@ -7,8 +7,9 @@ from typing import Any
 
 from pydantic import BaseModel, Field, RootModel
 
-from .analyzer_configurations import OrtAnalyzerConfigurations
-from .package_managers import OrtPackageManagerConfigurations, PackageManagerConfigs
+from ort.models.analyzer_configurations import OrtAnalyzerConfigurations
+from ort.models.config.curations import Curations
+from ort.models.package_managers import OrtPackageManagerConfigurations, PackageManagerConfigs
 
 
 class OrtRepositoryConfigurationLicenseChoicesPackageLicenseChoiceLicenseChoice(BaseModel):
@@ -65,45 +66,6 @@ class VulnerabilityResolutionReason(Enum):
     workaround_for_vulnerability = "WORKAROUND_FOR_VULNERABILITY"
 
 
-class VcsMatcherVcsMatcher(BaseModel):
-    path: str | None = None
-    revision: str | None = None
-    type: str
-    url: str | None = None
-
-
-class VcsMatcherVcsMatcher1(BaseModel):
-    path: str | None = None
-    revision: str | None = None
-    type: str | None = None
-    url: str
-
-
-class VcsMatcherVcsMatcher2(BaseModel):
-    path: str | None = None
-    revision: str
-    type: str | None = None
-    url: str | None = None
-
-
-class VcsMatcherVcsMatcher3(BaseModel):
-    path: str
-    revision: str | None = None
-    type: str | None = None
-    url: str | None = None
-
-
-class VcsMatcher(
-    RootModel[VcsMatcherVcsMatcher | VcsMatcherVcsMatcher1 | VcsMatcherVcsMatcher2 | VcsMatcherVcsMatcher3]
-):
-    root: VcsMatcherVcsMatcher | VcsMatcherVcsMatcher1 | VcsMatcherVcsMatcher2 | VcsMatcherVcsMatcher3
-
-
-class Hash(BaseModel):
-    value: str
-    algorithm: str
-
-
 class PackageConfigurationSchemaSourceCodeOrigin(Enum):
     vcs = "VCS"
     artifact = "ARTIFACT"
@@ -140,24 +102,6 @@ class PathExcludeReason(Enum):
     test_tool_of = "TEST_TOOL_OF"
 
 
-VcsMatcherVcsMatcher4 = VcsMatcherVcsMatcher
-
-
-VcsMatcherVcsMatcher5 = VcsMatcherVcsMatcher1
-
-
-VcsMatcherVcsMatcher6 = VcsMatcherVcsMatcher2
-
-
-VcsMatcherVcsMatcher7 = VcsMatcherVcsMatcher3
-
-
-class VcsMatcherModel(
-    RootModel[VcsMatcherVcsMatcher4 | VcsMatcherVcsMatcher5 | VcsMatcherVcsMatcher6 | VcsMatcherVcsMatcher7]
-):
-    root: VcsMatcherVcsMatcher4 | VcsMatcherVcsMatcher5 | VcsMatcherVcsMatcher6 | VcsMatcherVcsMatcher7
-
-
 class PathIncludeReason(Enum):
     source_of = "SOURCE_OF"
 
@@ -300,45 +244,6 @@ class ResolutionsSchema(
     )
 
 
-class CurationsSchemaCurationsSchemaItemCurationsBinaryArtifact(BaseModel):
-    url: str
-    hash: Hash
-
-
-CurationsSchemaCurationsSchemaItemCurationsSourceArtifact = CurationsSchemaCurationsSchemaItemCurationsBinaryArtifact
-
-
-class CurationsSchemaCurationsSchemaItemCurations(BaseModel):
-    comment: str | None = None
-    authors: list[str] | None = None
-    concluded_license: str | None = None
-    cpe: str | None = None
-    declared_license_mapping: dict[str, Any] | None = None
-    description: str | None = None
-    homepage_url: str | None = None
-    purl: str | None = None
-    binary_artifact: CurationsSchemaCurationsSchemaItemCurationsBinaryArtifact | None = None
-    source_artifact: CurationsSchemaCurationsSchemaItemCurationsSourceArtifact | None = None
-    vcs: VcsMatcher | None = None
-    is_metadata_only: bool | None = None
-    is_modified: bool | None = None
-
-
-class CurationsSchemaCurationsSchemaItem(BaseModel):
-    id: str
-    curations: CurationsSchemaCurationsSchemaItemCurations
-
-
-class CurationsSchema(RootModel[list[CurationsSchemaCurationsSchemaItem]]):
-    root: list[CurationsSchemaCurationsSchemaItem] = Field(
-        ...,
-        description="The OSS-Review-Toolkit (ORT) provides a possibility to correct metadata and set "
-        "the concluded license for specific packages (dependencies) in curation files. A full list of all available "
-        "options can be found at https://oss-review-toolkit.org/ort/docs/configuration/package-curations.",
-        title="ORT curations",
-    )
-
-
 class LicenseFindingCurationsModel(BaseModel):
     path: str
     start_lines: int | str | None = None
@@ -349,14 +254,14 @@ class LicenseFindingCurationsModel(BaseModel):
     comment: str | None = None
 
 
-class OrtRepositoryConfigurationCurations(BaseModel):
+class OrtRepositoryConfigurationH(BaseModel):
     license_findings: list[LicenseFindingCurationsModel]
-    packages: CurationsSchema | None = None
+    packages: Curations | None = None
 
 
 class OrtRepositoryConfigurationCurations1(BaseModel):
     license_findings: list[LicenseFindingCurationsModel] | None = None
-    packages: CurationsSchema
+    packages: Curations
 
 
 class OrtRepositoryConfiguration(BaseModel):
@@ -385,9 +290,10 @@ class OrtRepositoryConfiguration(BaseModel):
         description="Defines which parts of a repository should be excluded.",
     )
     resolutions: ResolutionsSchema | None = None
-    curations: OrtRepositoryConfigurationCurations | OrtRepositoryConfigurationCurations1 | None = Field(
+    curations: Curations | None = Field(
         None,
-        description="Curations for artifacts in a repository.",
+        description="Defines curations for packages used as dependencies by projects in this repository,"
+        " or curations for license findings in the source code of a project in this repository.",
     )
     package_configurations: list[OrtPackageManagerConfigurations] | None = Field(
         None,

python_ort-0.3.0/src/ort/models/source_code_origin.py

@@ -0,0 +1,9 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+from enum import Enum
+
+
+class SourceCodeOrigin(Enum):
+    vcs = "VCS"
+    artifact = "ARTIFACT"

python_ort-0.3.0/src/ort/models/vcsinfo.py

@@ -0,0 +1,33 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+from pydantic import AnyUrl, BaseModel, Field
+
+from .vcstype import VcsType
+
+
+class VcsInfo(BaseModel):
+    """
+    Bundles general Version Control System information.
+
+    Attributes:
+        type(VcsType): The type of the VCS, for example Git, GitRepo, Mercurial, etc.
+        url(AnyUrl): The URL to the VCS repository.
+        revision(str): The VCS-specific revision (tag, branch, SHA1) that the version of the package maps to.
+        path(str): The path inside the VCS to take into account.
+            If the VCS supports checking out only a subdirectory, only this path is checked out.
+    """
+
+    type: VcsType = Field(
+        default_factory=VcsType,
+        description="The type of the VCS, for example Git, GitRepo, Mercurial, etc.",
+    )
+    url: AnyUrl = Field(description="The URL to the VCS repository.")
+    revision: str = Field(
+        description="The VCS-specific revision (tag, branch, SHA1) that the version of the package maps to."
+    )
+    path: str = Field(
+        default="",
+        description="The path inside the VCS to take into account."
+        "If the VCS supports checking out only a subdirectory, only this path is checked out.",
+    )

python_ort-0.3.0/src/ort/models/vcstype.py

@@ -0,0 +1,46 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+from pydantic import BaseModel, Field, model_validator
+
+
+class VcsType(BaseModel):
+    """
+    A class for Version Control System types. Each type has one or more [aliases] associated to it,
+    where the first alias is the definite name. This class is not implemented as an enum as
+    constructing from an unknown type should be supported while maintaining that type as the primary
+    alias for the string representation.
+
+    Attributes:
+        aliases(list[str]): Primary name and aliases
+    """
+
+    aliases: list[str] = Field(default_factory=list, description="Primary name and aliases")
+
+    @model_validator(mode="after")
+    def ensure_non_empty(self):
+        """Ensure the aliases list is never empty."""
+        if not self.aliases:
+            self.aliases = [""]
+        return self
+
+    def __str__(self):
+        return self.aliases[0] if self.aliases else ""
+
+    @classmethod
+    def for_name(cls, name: str) -> "VcsType":
+        """Lookup known type by name, or create a new instance."""
+        for t in KNOWN_TYPES:
+            if any(alias.lower() == name.lower() for alias in t.aliases):
+                return t
+        return cls(aliases=[name])
+
+
+# Define known VCS types as constants
+GIT = VcsType(aliases=["Git", "GitHub", "GitLab"])
+GIT_REPO = VcsType(aliases=["GitRepo", "git-repo", "repo"])
+MERCURIAL = VcsType(aliases=["Mercurial", "hg"])
+SUBVERSION = VcsType(aliases=["Subversion", "svn"])
+UNKNOWN = VcsType(aliases=[""])
+
+KNOWN_TYPES = [GIT, GIT_REPO, MERCURIAL, SUBVERSION]