python-ort 0.3.1__tar.gz → 0.4.1__tar.gz

{python_ort-0.3.1 → python_ort-0.4.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: python-ort
-Version: 0.3.1
+Version: 0.4.1
 Summary: A Python Ort model serialization library
 License-Expression: MIT
 License-File: LICENSE

{python_ort-0.3.1 → python_ort-0.4.1}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "uv_build"
 
 [project]
 name = "python-ort"
-version = "0.3.1"
+version = "0.4.1"
 description = "A Python Ort model serialization library"
 readme = "README.md"
 license = "MIT"

python_ort-0.4.1/src/ort/__init__.py

@@ -0,0 +1,9 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+#
+# SPDX-License-Identifier: MIT
+
+from ort.models.repository_configuration import OrtRepositoryConfiguration
+
+__all__ = [
+    "OrtRepositoryConfiguration",
+]

python_ort-0.4.1/src/ort/models/config/analyzer_configuration.py

@@ -0,0 +1,77 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from ort.models.config.package_manager_configuration import PackageManagerConfiguration
+
+_package_managers: list[str] = [
+    "Bazel",
+    "Bower",
+    "Bundler",
+    "Cargo",
+    "Carthage",
+    "CocoaPods",
+    "Composer",
+    "Conan",
+    "GoMod",
+    "GradleInspector",
+    "Maven",
+    "NPM",
+    "NuGet",
+    "PIP",
+    "Pipenv",
+    "PNPM",
+    "Poetry",
+    "Pub",
+    "SBT",
+    "SpdxDocumentFile",
+    "Stack",
+    "SwiftPM",
+    "Tycho",
+    "Unmanaged",
+    "Yarn",
+    "Yarn2",
+]
+
+
+class AnalyzerConfiguration(BaseModel):
+    """
+    Enable the analysis of projects that use version ranges to declare their dependencies. If set to true,
+    dependencies of exactly the same project might change with another scan done at a later time if any of the
+    (transitive) dependencies are declared using version ranges and a new version of such a dependency was
+    published in the meantime. If set to false, analysis of projects that use version ranges will fail. Defaults to
+    false.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+    allow_dynamic_versions: bool = Field(
+        default=False,
+        description="Enable the analysis of projects that use version ranges to declare their dependencies."
+        "If set to true, dependencies of exactly the same project might change with another scan done at a later time"
+        "if any of the (transitive) dependencies are declared using version ranges and a new version of such a"
+        "dependency was published in the meantime. If set to false, analysis of projects that use version ranges will"
+        "fail. Defaults to false.",
+    )
+    enabled_package_managers: list[str] = Field(
+        default=_package_managers,
+        description="A list of the case-insensitive names of package managers that are enabled."
+        "Disabling a package manager in [disabledPackageManagers] overrides enabling it here.",
+    )
+    disabled_package_managers: list[str] | None = Field(
+        default=None,
+        description="A list of the case-insensitive names of package managers that are disabled."
+        "Disabling a package manager in this list overrides [enabledPackageManagers].",
+    )
+    package_managers: dict[str, PackageManagerConfiguration] | None = Field(
+        default=None,
+        description="Get a [PackageManagerConfiguration] from [packageManagers]. The difference to accessing the map"
+        "directly is that [packageManager] can be case-insensitive.",
+    )
+    skip_excluded: bool = Field(
+        default=False,
+        description="A flag to control whether excluded scopes and paths should be skipped during the analysis.",
+    )

{python_ort-0.3.1 → python_ort-0.4.1}/src/ort/models/config/license_finding_curation.py

@@ -2,7 +2,9 @@
 # SPDX-License-Identifier: MIT
 
 
-from pydantic import BaseModel, ConfigDict, Field
+from typing import Any
+
+from pydantic import BaseModel, ConfigDict, Field, field_validator
 
 from ort.models.config.license_finding_curation_reason import LicenseFindingCurationReason
 
@@ -59,3 +61,17 @@ class LicenseFindingCuration(BaseModel):
         default=None,
         description="A comment explaining this [LicenseFindingCuration].",
     )
+
+    @field_validator("start_lines", mode="before")
+    @classmethod
+    def parse_start_lines(cls, value: Any) -> list[int] | None:
+        if value is None or value == "":
+            return None
+        if isinstance(value, str):
+            # CSV style split
+            return [int(x.strip()) for x in value.split(",") if x.strip()]
+        if isinstance(value, list):
+            return [int(x) for x in value]
+        if isinstance(value, int):
+            return [value]
+        raise ValueError("start_lines must be a comma-separated string or a list of integers")

python_ort-0.4.1/src/ort/models/config/package_configuration.py

@@ -0,0 +1,68 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from ort.models.config.license_finding_curation import LicenseFindingCuration
+from ort.models.config.path_exclude import PathExclude
+from ort.models.config.vcsmatcher import VcsMatcher
+from ort.models.identifier import Identifier
+from ort.models.source_code_origin import SourceCodeOrigin
+
+
+class PackageConfiguration(BaseModel):
+    """
+    A class used in the [OrtConfiguration] to configure [PathExclude]s and [LicenseFindingCuration]s for a specific
+    [Package]'s [Identifier] (and [Provenance]).
+    Note that [PathExclude]s and [LicenseFindingCuration]s for [Project]s are configured by a
+    [RepositoryConfiguration]'s excludes and curations properties instead.
+
+    Attributes:
+        id (Identifier): The [Identifier] which must match with the identifier of the package in
+            order for this package curation to apply. The [version][Identifier.version] can be
+            either a plain version string matched for equality, or an Ivy-style version matchers.
+            * The other components of the [identifier][id] are matched by equality.
+        source_artifact_url (str | None): The source artifact this configuration applies to.
+        vcs (VcsMatcher | None): The vcs and revision this configuration applies to.
+        source_code_origin (SourceCodeOrigin | None): The source code origin this configuration
+            applies to.
+        path_excludes (list[PathExclude]): Path excludes.
+        license_finding_curations (list[LicenseFindingCuration]): License finding curations.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    id: Identifier = Field(
+        description="The [Identifier] which must match with the identifier of the package in order for this package"
+        "curation to apply. The [version][Identifier.version] can be either a plain version string matched for"
+        "equality, or an Ivy-style version matchers."
+        "* The other components of the [identifier][id] are matched by equality.",
+    )
+
+    source_artifact_url: str | None = Field(
+        default=None,
+        description="The source artifact this configuration applies to.",
+    )
+
+    vcs: VcsMatcher | None = Field(
+        default=None,
+        description="The vcs and revision this configuration applies to.",
+    )
+
+    source_code_origin: SourceCodeOrigin | None = Field(
+        default=None,
+        description="The source code origin this configuration applies to.",
+    )
+
+    path_excludes: list[PathExclude] = Field(
+        default_factory=list,
+        description="Path excludes.",
+    )
+
+    license_finding_curations: list[LicenseFindingCuration] = Field(
+        default_factory=list,
+        description="License finding curations.",
+    )

python_ort-0.4.1/src/ort/models/config/package_manager_configuration.py

@@ -0,0 +1,26 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+
+class PackageManagerConfiguration(BaseModel):
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    must_run_after: list[str] | None = Field(
+        default=None,
+        description="The configuration model for a package manager. This class is (de-)serialized in the following"
+        "places:"
+        "- Deserialized from config.yml as part of [OrtConfiguration] (via Hoplite)."
+        "- Deserialized from .ort.yml as part of [RepositoryAnalyzerConfiguration] (via Jackson)"
+        "- (De-)Serialized as part of [org.ossreviewtoolkit.model.OrtResult] (via Jackson).",
+    )
+
+    options: dict[str, str] | None = Field(
+        default=None,
+        description="Custom configuration options for the package manager. See the documentation of the respective"
+        "class for available options.",
+    )

python_ort-0.4.1/src/ort/models/config/path_exclude.py

@@ -0,0 +1,32 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from ort.models.config.path_exclude_reason import PathExcludeReason
+
+
+class PathExclude(BaseModel):
+    """
+    Defines paths which should be excluded. Each file or directory that is matched by the [glob][pattern] is marked as
+    excluded. If a project definition file is matched by the [pattern], the whole project is excluded. For details about
+    the glob syntax see the [FileMatcher] implementation.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    pattern: str = Field(
+        description="A glob to match the path of the project definition file, relative to the root of the repository."
+    )
+
+    reason: PathExcludeReason = Field(
+        description="The reason why the project is excluded, out of a predefined choice.",
+    )
+
+    comment: str = Field(
+        default_factory=str,
+        description="A comment to further explain why the [reason] is applicable here.",
+    )

python_ort-0.4.1/src/ort/models/config/path_exclude_reason.py

@@ -0,0 +1,73 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+from enum import Enum, auto
+
+
+class PathExcludeReason(Enum):
+    """
+    Possible reasons for excluding a path.
+    Attributes
+        BUILD_TOOL_OF
+            The path only contains tools used for building source code which are not included in
+            distributed build artifacts.
+
+        DATA_FILE_OF
+            The path only contains data files such as fonts or images which are not included in
+            distributed build artifacts.
+
+        DOCUMENTATION_OF
+            The path only contains documentation which is not included in distributed build artifacts.
+
+        EXAMPLE_OF
+            The path only contains source code examples which are not included in distributed build
+            artifacts.
+
+        OPTIONAL_COMPONENT_OF
+            The path only contains optional components for the code that is built which are not included
+            in distributed build artifacts.
+
+        OTHER
+            Any other reason which cannot be represented by any other element of PathExcludeReason.
+
+        PROVIDED_BY
+            The path only contains packages or sources for packages that have to be provided by the user
+            of distributed build artifacts.
+
+        TEST_OF
+            The path only contains files used for testing source code which are not included in
+            distributed build artifacts.
+
+        TEST_TOOL_OF
+            The path only contains tools used for testing source code which are not included in
+            distributed build artifacts.
+    """
+
+    # The path only contains tools used for building source code which are not included in distributed build artifacts.
+    BUILD_TOOL_OF = auto()
+
+    # The path only contains data files such as fonts or images which are not included in distributed build artifacts.
+    DATA_FILE_OF = auto()
+
+    # The path only contains documentation which is not included in distributed build artifacts.
+    DOCUMENTATION_OF = auto()
+
+    # The path only contains source code examples which are not included in distributed build artifacts.
+    EXAMPLE_OF = auto()
+
+    # The path only contains optional components for the code that is built which are not included
+    # in distributed build artifacts.
+    OPTIONAL_COMPONENT_OF = auto()
+
+    # Any other reason which cannot be represented by any other element of PathExcludeReason.
+    OTHER = auto()
+
+    # The path only contains packages or sources for packages that have to be provided by the user
+    # of distributed build artifacts.
+    PROVIDED_BY = auto()
+
+    # The path only contains files used for testing source code which are not included in distributed build artifacts.
+    TEST_OF = auto()
+
+    # The path only contains tools used for testing source code which are not included in distributed build artifacts.
+    TEST_TOOL_OF = auto()

python_ort-0.4.1/src/ort/models/config/path_include_reason.py

@@ -0,0 +1,2 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT

python_ort-0.4.1/src/ort/models/config/repository_analyzer_configuration.py

@@ -0,0 +1,48 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from ort.models.config.package_manager_configuration import PackageManagerConfiguration
+
+
+class RepositoryAnalyzerConfiguration(BaseModel):
+    """
+    Enable the analysis of projects that use version ranges to declare their dependencies. If set to true,
+    dependencies of exactly the same project might change with another scan done at a later time if any of the
+    (transitive) dependencies are declared using version ranges and a new version of such a dependency was
+    published in the meantime. If set to false, analysis of projects that use version ranges will fail. Defaults to
+    false.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+    allow_dynamic_versions: bool | None = Field(
+        default=None,
+        description="Enable the analysis of projects that use version ranges to declare their dependencies."
+        "If set to true, dependencies of exactly the same project might change with another scan done at a later time"
+        "if any of the (transitive) dependencies are declared using version ranges and a new version of such a"
+        "dependency was published in the meantime. If set to false, analysis of projects that use version ranges will"
+        "fail. Defaults to false.",
+    )
+    enabled_package_managers: list[str] | None = Field(
+        default=None,
+        description="A list of the case-insensitive names of package managers that are enabled."
+        "Disabling a package manager in [disabledPackageManagers] overrides enabling it here.",
+    )
+    disabled_package_managers: list[str] | None = Field(
+        default=None,
+        description="A list of the case-insensitive names of package managers that are disabled."
+        "Disabling a package manager in this list overrides [enabledPackageManagers].",
+    )
+    package_managers: dict[str, PackageManagerConfiguration] | None = Field(
+        default=None,
+        description="Get a [PackageManagerConfiguration] from [packageManagers]. The difference to accessing the map"
+        "directly is that [packageManager] can be case-insensitive.",
+    )
+    skip_excluded: bool | None = Field(
+        default=None,
+        description="A flag to control whether excluded scopes and paths should be skipped during the analysis.",
+    )

python_ort-0.4.1/src/ort/models/config/vcsmatcher.py

@@ -0,0 +1,38 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import AnyUrl, BaseModel, ConfigDict, Field
+
+from ort.models.vcstype import VcsType
+
+
+class VcsMatcher(BaseModel):
+    """
+    A matcher which matches its properties against a [RepositoryProvenance].
+
+    Attributes:
+        orttype (VcsType): The [type] to match for equality against [VcsInfo.type].
+        url (AnyUrl): The [url] to match for equality against [VcsInfo.url].
+        revision (str | None): The revision to match for equality against [RepositoryProvenance.resolvedRevision],
+        or null to match any revision.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    orttype: VcsType = Field(
+        alias="type",
+        description="The [type] to match for equality against [VcsInfo.type].",
+    )
+
+    url: AnyUrl = Field(
+        description="The [url] to match for equality against [VcsInfo.url].",
+    )
+
+    revision: str | None = Field(
+        default=None,
+        description="The revision to match for equality against [RepositoryProvenance.resolvedRevision],"
+        "or null to match anyrevision.",
+    )

python_ort-0.4.1/src/ort/models/hash_algorithm.py

@@ -0,0 +1,116 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+from typing import ClassVar
+
+from pydantic import BaseModel, Field, model_validator
+
+
+class HashAlgorithm(BaseModel):
+    """
+    A Python port of the Kotlin HashAlgorithm enum class.
+
+    Each algorithm has one or more aliases, an empty hash value,
+    and an 'is_verifiable' flag.
+    """
+
+    aliases: list[str] = Field(default_factory=list)
+    empty_value: str = ""
+    is_verifiable: bool = True
+
+    # ---- known algorithms ----
+    NONE: ClassVar["HashAlgorithm"]
+    UNKNOWN: ClassVar["HashAlgorithm"]
+    MD5: ClassVar["HashAlgorithm"]
+    SHA1: ClassVar["HashAlgorithm"]
+    SHA256: ClassVar["HashAlgorithm"]
+    SHA384: ClassVar["HashAlgorithm"]
+    SHA512: ClassVar["HashAlgorithm"]
+    SHA1GIT: ClassVar["HashAlgorithm"]
+
+    # ---- derived property ----
+    @property
+    def size(self) -> int:
+        """The length of the empty hash string for this algorithm."""
+        return len(self.empty_value)
+
+    # ---- validation ----
+    @model_validator(mode="before")
+    @classmethod
+    def _from_alias(cls, value):
+        """Allow initialization from alias string."""
+        if isinstance(value, str):
+            algo = cls.from_string(value)
+            return algo.model_dump()
+        return value
+
+    # ---- class methods ----
+    @classmethod
+    def from_string(cls, alias: str) -> "HashAlgorithm":
+        """Find a HashAlgorithm by alias name (case-insensitive)."""
+        alias_upper = alias.upper()
+        for algo in cls._entries():
+            if any(a.upper() == alias_upper for a in algo.aliases):
+                return algo
+        return cls.UNKNOWN
+
+    @classmethod
+    def create(cls, value: str) -> "HashAlgorithm":
+        """
+        Create a HashAlgorithm from a hash value string, based on its length.
+        Returns NONE if value is blank, UNKNOWN otherwise.
+        """
+        if not value.strip():
+            return cls.NONE
+        for algo in cls._entries():
+            if len(value) == algo.size:
+                return algo
+        return cls.UNKNOWN
+
+    @classmethod
+    def _entries(cls) -> list["HashAlgorithm"]:
+        """Return the list of all defined algorithms."""
+        return [
+            cls.NONE,
+            cls.UNKNOWN,
+            cls.MD5,
+            cls.SHA1,
+            cls.SHA256,
+            cls.SHA384,
+            cls.SHA512,
+            cls.SHA1GIT,
+        ]
+
+    def __str__(self) -> str:
+        return self.aliases[0] if self.aliases else ""
+
+
+HashAlgorithm.NONE = HashAlgorithm(aliases=[""], empty_value="", is_verifiable=False)
+HashAlgorithm.UNKNOWN = HashAlgorithm(aliases=["UNKNOWN"], empty_value="", is_verifiable=False)
+HashAlgorithm.MD5 = HashAlgorithm(
+    aliases=["MD5"],
+    empty_value="d41d8cd98f00b204e9800998ecf8427e",
+)
+HashAlgorithm.SHA1 = HashAlgorithm(
+    aliases=["SHA-1", "SHA1"],
+    empty_value="da39a3ee5e6b4b0d3255bfef95601890afd80709",
+)
+HashAlgorithm.SHA256 = HashAlgorithm(
+    aliases=["SHA-256", "SHA256"],
+    empty_value="e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
+)
+HashAlgorithm.SHA384 = HashAlgorithm(
+    aliases=["SHA-384", "SHA384"],
+    empty_value=("38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b"),
+)
+HashAlgorithm.SHA512 = HashAlgorithm(
+    aliases=["SHA-512", "SHA512"],
+    empty_value=(
+        "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce"
+        "47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e"
+    ),
+)
+HashAlgorithm.SHA1GIT = HashAlgorithm(
+    aliases=["SHA-1-GIT", "SHA1-GIT", "SHA1GIT", "SWHID"],
+    empty_value="e69de29bb2d1d6434b8b29ae775ad8c2e48c5391",
+)

python_ort-0.4.1/src/ort/models/identifier.py

@@ -0,0 +1,63 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+
+from typing import Any
+
+from pydantic import BaseModel, ConfigDict, Field, model_validator
+
+
+class Identifier(BaseModel):
+    """
+    A unique identifier for a software component.
+
+    Attributes:
+        orttype (str): The type of component this identifier describes. When used in the context of a [Project],
+            the type equals the one of the package manager that manages the project (e.g. 'Gradle'
+            for a Gradle project). When used in the context of a [Package], the type is the name
+            of the artifact ecosystem (e.g. 'Maven' for a file from a Maven repository).
+        namespace (str): The namespace of the component, for example the group for 'Maven' or the scope for 'NPM'.
+        name (str): The name of the component.
+        version (str): The version of the component.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    orttype: str = Field(
+        alias="type",
+        description="The type of component this identifier describes. When used in the context of a [Project],"
+        "the type equals the one of the package manager that manages the project (e.g. 'Gradle' "
+        "for a Gradle project). When used in the context of a [Package], the type is the name"
+        "of the artifact ecosystem (e.g. 'Maven' for a file from a Maven repository).",
+    )
+
+    namespace: str = Field(
+        description="The namespace of the component, for examplethe group for 'Maven' or the scope for 'NPM'.",
+    )
+
+    name: str = Field(
+        description="The name of the component.",
+    )
+
+    version: str = Field(
+        description="The version of the component.",
+    )
+
+    @model_validator(mode="before")
+    @classmethod
+    def parse_string_or_dict(cls, value: Any):
+        if isinstance(value, dict):
+            return value
+        if isinstance(value, str):
+            parts = value.split(":")
+            if len(parts) != 4:
+                raise ValueError("Identifier string must be in the format 'type:namespace:name:version'")
+            return {
+                "type": parts[0],
+                "namespace": parts[1],
+                "name": parts[2],
+                "version": parts[3],
+            }
+        raise TypeError("Identifier must be a dict or a string in the correct format")

{python_ort-0.3.1 → python_ort-0.4.1}/src/ort/models/ort_configuration.py

@@ -11,8 +11,6 @@ import yaml
 import yaml.parser
 from pydantic import AnyUrl, BaseModel, ConfigDict, Field, RootModel
 
-from .package_managers import OrtPackageManagerConfigurations, OrtPackageManagers
-
 
 class AdvisorConfig(RootModel[dict[str, dict[str, Any]] | None]):
     root: dict[str, dict[str, Any]] | None = None
@@ -200,9 +198,10 @@ class AnalyzerConfigurationSchema(BaseModel):
         extra="forbid",
     )
     allow_dynamic_versions: Annotated[bool | None, Field(alias="allowDynamicVersions")] = None
-    enabled_package_managers: Annotated[list[OrtPackageManagers] | None, Field(alias="enabledPackageManagers")] = None
-    disabled_package_managers: Annotated[list[OrtPackageManagers] | None, Field(alias="disabledPackageManagers")] = None
-    package_managers: Annotated[OrtPackageManagerConfigurations | None, Field(alias="packageManagers")] = None
+    # enabled_package_managers: Annotated[list[PackageManager] | None, Field(alias="enabledPackageManagers")] = None
+    # # disabled_package_managers: Annotated[list[OrtPackageManagers] | None,
+    # Field(alias="disabledPackageManagers")] = None
+    # package_managers: Annotated[OrtPackageManagerConfigurations | None, Field(alias="packageManagers")] = None
     sw360_configuration: Annotated[Sw360Configuration | None, Field(alias="sw360Configuration")] = None
     skip_excluded: Annotated[bool | None, Field(alias="skipExcluded")] = None
 

python_ort-0.4.1/src/ort/models/package_curation_data.py

@@ -0,0 +1,57 @@
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-License-Identifier: MIT
+
+from typing import Any
+
+from pydantic import AnyUrl, BaseModel, ConfigDict, Field
+
+from .hash import Hash
+from .source_code_origin import SourceCodeOrigin
+from .vcsinfo_curation_data import VcsInfoCurationData
+
+
+class CurationArtifact(BaseModel):
+    url: AnyUrl
+    hash: Hash
+
+
+class PackageCurationData(BaseModel):
+    """
+    Data model for package curation data.
+
+    Attributes:
+        comment (str | None): Optional comment about the curation.
+        purl (str | None): The package URL (PURL) identifying the package.
+        cpe (str | None): The Common Platform Enumeration (CPE) identifier.
+        authors (list[str] | None): List of authors of the package.
+        concluded_license (str | None): The license concluded for the package.
+        description (str | None): Description of the package.
+        homepage_url (str | None): URL of the package's homepage.
+        binary_artifact (CurationArtifact | None): Information about the binary artifact.
+        source_artifact (CurationArtifact | None): Information about the source artifact.
+        vcs (VcsInfoCurationData | None): Version control system information.
+        is_metadata_only (bool | None): Whether the curation is metadata only.
+        is_modified (bool | None): Whether the package has been modified.
+        declared_license_mapping (dict[str, Any]): Mapping of declared licenses.
+        source_code_origins (list[SourceCodeOrigin] | None): List of source code origins.
+        labels (dict[str, str]): Additional labels for the package.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+    comment: str | None = None
+    purl: str | None = None
+    cpe: str | None = None
+    authors: list[str] | None = None
+    concluded_license: str | None = None
+    description: str | None = None
+    homepage_url: str | None = None
+    binary_artifact: CurationArtifact | None = None
+    source_artifact: CurationArtifact | None = None
+    vcs: VcsInfoCurationData | None = None
+    is_metadata_only: bool | None = None
+    is_modified: bool | None = None
+    declared_license_mapping: dict[str, Any] = Field(default_factory=dict)
+    source_code_origins: list[SourceCodeOrigin] | None = None
+    labels: dict[str, str] = Field(default_factory=dict)

{python_ort-0.3.1 → python_ort-0.4.1}/src/ort/models/repository_configuration.py

@@ -7,9 +7,9 @@ from typing import Any
 
 from pydantic import BaseModel, Field, RootModel
 
-from ort.models.analyzer_configurations import OrtAnalyzerConfigurations
 from ort.models.config.curations import Curations
-from ort.models.package_managers import OrtPackageManagerConfigurations, PackageManagerConfigs
+from ort.models.config.package_configuration import PackageConfiguration
+from ort.models.config.repository_analyzer_configuration import RepositoryAnalyzerConfiguration
 
 
 class OrtRepositoryConfigurationLicenseChoicesPackageLicenseChoiceLicenseChoice(BaseModel):
@@ -170,10 +170,6 @@ class OrtRepositoryConfigurationSnippetChoice(BaseModel):
     choices: list[OrtRepositoryConfigurationSnippetChoiceChoice]
 
 
-class PackageManagerConfigurationSchema(RootModel[dict[str, PackageManagerConfigs]]):
-    root: dict[str, PackageManagerConfigs]
-
-
 class ResolutionsSchemaResolutionsSchemaIssue(BaseModel):
     message: str
     reason: IssueResolutionReason
@@ -277,7 +273,7 @@ class OrtRepositoryConfiguration(BaseModel):
         Each field corresponds to a specific aspect of the repository's configuration.
     """
 
-    analyzer: OrtAnalyzerConfigurations | None = Field(
+    analyzer: RepositoryAnalyzerConfiguration | None = Field(
         None,
         description="Define Analyzer specific options",
     )
@@ -295,8 +291,8 @@ class OrtRepositoryConfiguration(BaseModel):
         description="Defines curations for packages used as dependencies by projects in this repository,"
         " or curations for license findings in the source code of a project in this repository.",
     )
-    package_configurations: list[OrtPackageManagerConfigurations] | None = Field(
-        None,
+    package_configurations: list[PackageConfiguration] = Field(
+        default_factory=list,
         description="A configuration for a specific package and provenance.",
     )
     license_choices: OrtRepositoryConfigurationLicenseChoices | None = Field(

python_ort-0.3.1/src/ort/__init__.py

@@ -1,19 +0,0 @@
-# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
-#
-# SPDX-License-Identifier: MIT
-
-from ort.models.analyzer_configurations import OrtAnalyzerConfigurations
-from ort.models.ort_configuration import OrtConfiguration, Scanner, Severity, Storages
-from ort.models.package_managers import OrtPackageManagerConfigurations, OrtPackageManagers
-from ort.models.repository_configuration import OrtRepositoryConfiguration
-
-__all__ = [
-    "OrtAnalyzerConfigurations",
-    "OrtConfiguration",
-    "OrtPackageManagerConfigurations",
-    "OrtPackageManagers",
-    "OrtRepositoryConfiguration",
-    "Scanner",
-    "Severity",
-    "Storages",
-]

python_ort-0.3.1/src/ort/models/analyzer_configurations.py

@@ -1,32 +0,0 @@
-# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
-# SPDX-License-Identifier: MIT
-
-
-from pydantic import AnyUrl, BaseModel, ConfigDict, Field
-
-from .package_managers import OrtPackageManagerConfigurations, OrtPackageManagers
-
-
-class Sw360Configuration(BaseModel):
-    model_config = ConfigDict(
-        extra="forbid",
-    )
-    rest_url: AnyUrl = Field(..., alias="restUrl")
-    auth_url: AnyUrl = Field(..., alias="authUrl")
-    username: str
-    password: str | None = None
-    client_id: str = Field(..., alias="clientId")
-    client_password: str | None = Field(None, alias="clientPassword")
-    token: str | None = None
-
-
-class OrtAnalyzerConfigurations(BaseModel):
-    model_config = ConfigDict(
-        extra="forbid",
-    )
-    allow_dynamic_versions: bool | None = Field(None)
-    enabled_package_managers: list[OrtPackageManagers] | None = Field(None)
-    disabled_package_managers: list[OrtPackageManagers] | None = Field(None)
-    package_managers: OrtPackageManagerConfigurations | None = Field(None)
-    sw360_configuration: Sw360Configuration | None = Field(None)
-    skip_excluded: bool | None = Field(None)

python_ort-0.3.1/src/ort/models/hash_algorithm.py

@@ -1,37 +0,0 @@
-# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
-#
-# SPDX-License-Identifier: MIT
-
-
-from enum import Enum
-
-
-class HashAlgorithm(Enum):
-    """
-    An enum of supported hash algorithms. Each algorithm has one or more [aliases] associated to it,
-    where the first alias is the definite name.
-
-    Attributes:
-        NONE: No hash algorithm.
-        UNKNOWN: An unknown hash algorithm.
-        MD5: The Message-Digest 5 hash algorithm, see [MD5](http://en.wikipedia.org/wiki/MD5).
-        SHA1: The Secure Hash Algorithm 1, see [SHA-1](https://en.wikipedia.org/wiki/SHA-1).
-        SHA256: The Secure Hash Algorithm 2 with 256 bits, see [SHA-256](https://en.wikipedia.org/wiki/SHA-256).
-        SHA384: The Secure Hash Algorithm 2 with 384 bits, see [SHA-384](https://en.wikipedia.org/wiki/SHA-384).
-        SHA512: The Secure Hash Algorithm 2 with 512 bits, see [SHA-512](https://en.wikipedia.org/wiki/SHA-512).
-        SHA1GIT: The Secure Hash Algorithm 1, but calculated on a Git "blob" object, see
-            - https://git-scm.com/book/en/v2/Git-Internals-Git-Objects#_object_storage
-            - https://docs.softwareheritage.org/devel/swh-model/persistent-identifiers.html#git-compatibility
-    """
-
-    NONE = "NONE"
-    UNKNOWN = "UNKNOWN"
-    MD5 = "MD5"
-    SHA1 = "SHA1"
-    SHA256 = "SHA256"
-    SHA384 = "SHA384"
-    SHA512 = "SHA512"
-    SHA1GIT = (
-        ["SHA-1-GIT", "SHA1-GIT", "SHA1GIT", "SWHID"],
-        "e69de29bb2d1d6434b8b29ae775ad8c2e48c5391",
-    )

python_ort-0.3.1/src/ort/models/package_curation_data.py

@@ -1,36 +0,0 @@
-# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
-# SPDX-License-Identifier: MIT
-
-from typing import Any
-
-from pydantic import AnyUrl, BaseModel, ConfigDict, Field
-
-from .hash import Hash
-from .source_code_origin import SourceCodeOrigin
-from .vcsinfo_curation_data import VcsInfoCurationData
-
-
-class CurationArtifact(BaseModel):
-    url: AnyUrl
-    hash: Hash
-
-
-class PackageCurationData(BaseModel):
-    model_config = ConfigDict(
-        extra="forbid",
-    )
-    comment: str | None = None
-    purl: str | None = None
-    cpe: str | None = None
-    authors: list[str] | None = None
-    concluded_license: str | None = None
-    description: str | None = None
-    homepage_url: str | None = None
-    binary_artifact: CurationArtifact | None = None
-    source_artifact: CurationArtifact | None = None
-    vcs: VcsInfoCurationData | None = None
-    is_metadata_only: bool | None = None
-    is_modified: bool | None = None
-    declared_license_mapping: dict[str, Any] = Field(default_factory=dict)
-    source_code_origins: list[SourceCodeOrigin] | None = None
-    labels: dict[str, str] = Field(default_factory=dict)

python_ort-0.3.1/src/ort/models/package_managers.py

@@ -1,55 +0,0 @@
-# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
-# SPDX-License-Identifier: MIT
-
-
-from enum import Enum
-from typing import Any
-
-from pydantic import BaseModel, ConfigDict, Field, RootModel
-
-
-class OrtPackageManagers(Enum):
-    """
-    Enumeration of supported package managers in ORT.
-
-    This enum represents a variety of package managers across different programming ecosystems.
-    """
-
-    bazel = "Bazel"
-    bower = "Bower"
-    bundler = "Bundler"
-    cargo = "Cargo"
-    carthage = "Carthage"
-    cocoa_pods = "CocoaPods"
-    composer = "Composer"
-    conan = "Conan"
-    go_mod = "GoMod"
-    gradle = "Gradle"
-    gradle_inspector = "GradleInspector"
-    maven = "Maven"
-    npm = "NPM"
-    nu_get = "NuGet"
-    pip = "PIP"
-    pipenv = "Pipenv"
-    pnpm = "PNPM"
-    poetry = "Poetry"
-    pub = "Pub"
-    sbt = "SBT"
-    spdx_document_file = "SpdxDocumentFile"
-    stack = "Stack"
-    swift_pm = "SwiftPM"
-    unmanaged = "Unmanaged"
-    yarn = "Yarn"
-    yarn2 = "Yarn2"
-
-
-class PackageManagerConfigs(BaseModel):
-    model_config = ConfigDict(
-        extra="forbid",
-    )
-    must_run_after: list[OrtPackageManagers] | None = Field(None, alias="mustRunAfter")
-    options: Any | None = None
-
-
-class OrtPackageManagerConfigurations(RootModel[dict[str, PackageManagerConfigs]]):
-    root: dict[str, PackageManagerConfigs]