python-ort 0.7.0__tar.gz → 0.8.0__tar.gz

{python_ort-0.7.0 → python_ort-0.8.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: python-ort
-Version: 0.7.0
+Version: 0.8.0
 Summary: A Python Ort model serialization library
 License-Expression: MIT
 License-File: LICENSE
@@ -13,6 +13,7 @@ Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
 Classifier: Programming Language :: Python :: 3.14
 Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Dist: license-expression>=30.4.4
 Requires-Dist: packageurl-python>=0.17.6
 Requires-Dist: pydantic>=2.12.5
 Requires-Python: >=3.10
@@ -20,4 +21,29 @@ Description-Content-Type: text/markdown
 
 # Python-Ort
 
-Python-Ort is a pydantic based library to serialize OSS Review Toolkit generated reports using the default models.
+Python-Ort is a pydantic v2 based library to serialize [OSS Review Toolkit](https://oss-review-toolkit.org/ort/) generated reports using the default models.
+
+## Install
+
+```bash
+pip install python-ort
+```
+
+## Simple usage example based on a report in yml format:
+
+```python
+from pprint import pprint
+from pathlib import Path
+from pydantic import ValidationError
+
+from ort import OrtResult, ort_yaml_load
+
+
+try:
+    with Path("some-result.yml").open() as fd:
+        data = ort_yaml_load(fd)
+    parsed = OrtResult(**data)
+    pprint(parsed)
+except ValidationError as e:
+    print(e)
+```

python_ort-0.8.0/README.md

@@ -0,0 +1,28 @@
+# Python-Ort
+
+Python-Ort is a pydantic v2 based library to serialize [OSS Review Toolkit](https://oss-review-toolkit.org/ort/) generated reports using the default models.
+
+## Install
+
+```bash
+pip install python-ort
+```
+
+## Simple usage example based on a report in yml format:
+
+```python
+from pprint import pprint
+from pathlib import Path
+from pydantic import ValidationError
+
+from ort import OrtResult, ort_yaml_load
+
+
+try:
+    with Path("some-result.yml").open() as fd:
+        data = ort_yaml_load(fd)
+    parsed = OrtResult(**data)
+    pprint(parsed)
+except ValidationError as e:
+    print(e)
+```

{python_ort-0.7.0 → python_ort-0.8.0}/pyproject.toml

@@ -4,13 +4,14 @@ build-backend = "uv_build"
 
 [project]
 name = "python-ort"
-version = "0.7.0"
+version = "0.8.0"
 description = "A Python Ort model serialization library"
 readme = "README.md"
 license = "MIT"
 license-files = ["LICENSE"]
 requires-python = ">=3.10"
 dependencies = [
+    "license-expression>=30.4.4",
     "packageurl-python>=0.17.6",
     "pydantic>=2.12.5",
 ]
@@ -38,8 +39,8 @@ dev = [
     "datamodel-code-generator[http]>=0.55.0",
     "pytest>=9.0.2",
     "rich>=14.3.3",
-    "ruff>=0.15.5",
-    "ty>=0.0.21",
+    "ruff>=0.15.6",
+    "ty>=0.0.22",
     "types-pyyaml>=6.0.12.20250915",
 ]
 
@@ -144,9 +145,7 @@ extend-select = [
     "S",   # bandit
 ]
 ignore = [
-    'N802',   # function name should be lowercase
     'SIM105', # Suggest contextlib instead of try/except with pass
-    'A004',  # Python shadow builtins
 ]
 # Unlike Flake8, default to a complexity level of 10.
 mccabe.max-complexity = 10

{python_ort-0.7.0 → python_ort-0.8.0}/src/ort/models/base_run.py

@@ -1,4 +1,5 @@
-# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-FileCopyrightText: 2025 Helio Chissini de Castro <dev@heliocastro.info>
+# # SPDX-FileCopyrightText: 2026 CARIAD SE
 # SPDX-License-Identifier: MIT
 
 from datetime import datetime

python_ort-0.8.0/src/ort/models/config/file_archiver_configuration.py

@@ -0,0 +1,32 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <dev@heliocastro.info>
+# SPDX-FileCopyrightText: 2026 CARIAD SE
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from .file_storage_configuration import FileStorageConfiguration
+from .scan_storage_configuration import PostgresStorageConfiguration
+
+
+class FileArchiverConfiguration(BaseModel):
+    """
+    The configuration model for a FileArchiver.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    enabled: bool = Field(
+        default=True,
+        description="Toggle to enable or disable the file archiver functionality altogether.",
+    )
+    file_storage: FileStorageConfiguration | None = Field(
+        default=None,
+        description="Configuration of the FileStorage used for archiving the files.",
+    )
+    postgres_storage: PostgresStorageConfiguration | None = Field(
+        default=None,
+        description="Configuration of the PostgresProvenanceFileStorage used for archiving the files.",
+    )

python_ort-0.8.0/src/ort/models/config/file_list_storage_configuration.py

@@ -0,0 +1,26 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <dev@heliocastro.info>
+# SPDX-FileCopyrightText: 2026 CARIAD SE
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from .file_storage_configuration import FileStorageConfiguration
+from .scan_storage_configuration import PostgresStorageConfiguration
+
+
+class FileListStorageConfiguration(BaseModel):
+    """
+    Configuration for the storage backends used for persisting file lists.
+    """
+
+    model_config = ConfigDict(extra="forbid")
+
+    file_storage: FileStorageConfiguration | None = Field(
+        default=None,
+        description=("Configuration of the FileStorage used for storing the file lists."),
+    )
+    postgres_storage: PostgresStorageConfiguration | None = Field(
+        default=None,
+        description="Configuration of the PostgresProvenanceFileStorage used for storing the file lists.",
+    )

python_ort-0.8.0/src/ort/models/config/file_storage_configuration.py

@@ -0,0 +1,34 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <dev@heliocastro.info>
+# SPDX-FileCopyrightText: 2026 CARIAD SE
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from .http_file_storage_configuration import HttpFileStorageConfiguration
+from .local_file_storage_configuration import LocalFileStorageConfiguration
+from .s3_file_storage_configuration import S3FileStorageConfiguration
+
+
+class FileStorageConfiguration(BaseModel):
+    """
+    The configuration model for a FileStorage. Only one of the storage options
+    can be configured.
+    """
+
+    model_config = ConfigDict(
+        extra="forbid",
+    )
+
+    http_file_storage: HttpFileStorageConfiguration | None = Field(
+        default=None,
+        description="The configuration of a HttpFileStorage.",
+    )
+    local_file_storage: LocalFileStorageConfiguration | None = Field(
+        default=None,
+        description="The configuration of a LocalFileStorage.",
+    )
+    s3_file_storage: S3FileStorageConfiguration | None = Field(
+        default=None,
+        description="The configuration of a S3FileStorage.",
+    )

python_ort-0.8.0/src/ort/models/config/http_file_storage_configuration.py

@@ -0,0 +1,25 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <dev@heliocastro.info>
+# SPDX-FileCopyrightText: 2026 CARIAD SE
+# SPDX-License-Identifier: MIT
+
+from pydantic import BaseModel, ConfigDict, Field
+
+
+class HttpFileStorageConfiguration(BaseModel):
+    """
+    Configuration for HTTP-based file storage.
+    """
+
+    url: str = Field(
+        description='The URL of the HTTP server, e.g. "https://example.com/storage".',
+    )
+    query: str = Field(
+        default="",
+        description='Query string appended to the URL and path. Can contain auth data, e.g. "?user=standard&pwd=123".',
+    )
+    headers: dict[str, str] = Field(
+        default_factory=dict,
+        description="Custom headers added to all HTTP requests. Values may contain credentials.",
+    )
+
+    model_config = ConfigDict(extra="forbid")

{python_ort-0.7.0 → python_ort-0.8.0}/src/ort/models/config/license_finding_curation_reason.py

@@ -3,10 +3,10 @@
 # SPDX-License-Identifier: MIT
 
 
-from enum import Enum
+from ...utils.validated_enum import ValidatedIntEnum
 
 
-class LicenseFindingCurationReason(Enum):
+class LicenseFindingCurationReason(ValidatedIntEnum):
     """
     A curation for a license finding. Use it to correct a license finding or to add a license that was not
     previously detected.
@@ -20,9 +20,9 @@ class LicenseFindingCurationReason(Enum):
         REFERENCE: The findings reference a file or URL, e.g. SEE LICENSE IN LICENSE or https://jquery.org/license/.
     """
 
-    CODE = "CODE"
-    DATA_OF = "DATA_OF"
-    DOCUMENTATION_OF = "DOCUMENTATION_OF"
-    INCORRECT = "INCORRECT"
-    NOT_DETECTED = "NOT_DETECTED"
-    REFERENCE = "REFERENCE"
+    CODE = 1
+    DATA_OF = 2
+    DOCUMENTATION_OF = 3
+    INCORRECT = 4
+    NOT_DETECTED = 5
+    REFERENCE = 6

python_ort-0.8.0/src/ort/models/config/local_file_storage_configuration.py

@@ -0,0 +1,22 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <dev@heliocastro.info>
+# SPDX-FileCopyrightText: 2026 CARIAD SE
+# SPDX-License-Identifier: MIT
+
+from pydantic import BaseModel, ConfigDict, Field
+
+
+class LocalFileStorageConfiguration(BaseModel):
+    """
+    A class to hold the configuration for using local files as a storage.
+    """
+
+    model_config = ConfigDict(extra="forbid")
+
+    directory: str = Field(
+        ...,
+        description="The directory to use as a storage root.",
+    )
+    compression: bool = Field(
+        default=True,
+        description="Whether to use compression for storing files or not. Defaults to true.",
+    )

python_ort-0.8.0/src/ort/models/config/postgres_connection.py

@@ -0,0 +1,97 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-FileCopyrightText: 2026 CARIAD SE
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+
+class PostgresConnection(BaseModel):
+    """
+    PostgreSQL connection configuration and HikariCP pool settings.
+    """
+
+    model_config = ConfigDict(extra="forbid")
+
+    url: str = Field(
+        ...,
+        description=("The database URL in JDBC format."),
+    )
+
+    provider_schema: str = Field(
+        default="public",
+        alias="schema",
+        description=("The name of the database to use."),
+    )
+
+    username: str = Field(
+        ...,
+        description=("The username to use for authentication."),
+    )
+
+    password: str = Field(
+        default_factory=str,
+        description=("The password to use for authentication."),
+    )
+
+    sslmode: str = Field(
+        default="verify-full",
+        description='The SSL mode to use, one of "disable", "allow", "prefer", "require", '
+        '"verify-ca" or "verify-full". See: '
+        "https://jdbc.postgresql.org/documentation/ssl/#configuring-the-client",
+    )
+
+    sslcert: str | None = Field(
+        None,
+        description="The full path of the certificate file. See: https://jdbc.postgresql.org/documentation/head/connect.html",
+    )
+
+    sslkey: str | None = Field(
+        None,
+        description="The full path of the key file. See: https://jdbc.postgresql.org/documentation/head/connect.html",
+    )
+
+    sslrootcert: str | None = Field(
+        None,
+        description="The full path of the root certificate file. See: "
+        "https://jdbc.postgresql.org/documentation/head/connect.html",
+    )
+
+    connection_timeout: int | None = Field(
+        None,
+        description="Maximum milliseconds to wait for connections from the pool. See: "
+        "https://github.com/brettwooldridge/HikariCP#frequently-used",
+    )
+
+    idle_timeout: int | None = Field(
+        None,
+        description="Maximum milliseconds a connection may sit idle in the pool. Requires "
+        "minimum_idle < maximum_pool_size. See: "
+        "https://github.com/brettwooldridge/HikariCP#frequently-used",
+    )
+
+    keepalive_time: int | None = Field(
+        None,
+        description="Frequency in milliseconds that the pool will keep an idle connection "
+        "alive. Must be lower than max_lifetime. See: "
+        "https://github.com/brettwooldridge/HikariCP#frequently-used",
+    )
+
+    max_lifetime: int | None = Field(
+        None,
+        description=(
+            "Maximum lifetime of a connection in milliseconds. See: "
+            "https://github.com/brettwooldridge/HikariCP#frequently-used"
+        ),
+    )
+
+    maximum_pool_size: int | None = Field(
+        None,
+        description="Maximum size of the connection pool. See: https://github.com/brettwooldridge/HikariCP#frequently-used",
+    )
+
+    minimum_idle: int | None = Field(
+        None,
+        description="Minimum number of idle connections that the pool tries to maintain. "
+        "See: https://github.com/brettwooldridge/HikariCP#frequently-used",
+    )

python_ort-0.8.0/src/ort/models/config/provenance_storage_configuration.py

@@ -0,0 +1,26 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <dev@heliocastro.info>
+# SPDX-FileCopyrightText: 2026 CARIAD SE
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from .file_storage_configuration import FileStorageConfiguration
+from .scan_storage_configuration import PostgresStorageConfiguration
+
+
+class ProvenanceStorageConfiguration(BaseModel):
+    """
+    Configuration of the storage to use for provenance information.
+    """
+
+    model_config = ConfigDict(extra="forbid")
+
+    file_storage: FileStorageConfiguration | None = Field(
+        default=None,
+        description="Configuration of a file storage.",
+    )
+    postgres_storage: PostgresStorageConfiguration | None = Field(
+        default=None,
+        description="Configuration of a PostgreSQL storage.",
+    )

python_ort-0.8.0/src/ort/models/config/s3_file_storage_configuration.py

@@ -0,0 +1,42 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <dev@heliocastro.info>
+# SPDX-FileCopyrightText: 2026 CARIAD SE
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+
+class S3FileStorageConfiguration(BaseModel):
+    """
+    A class to hold the configuration for using an AWS S3 bucket as a storage.
+    """
+
+    model_config = ConfigDict(extra="forbid")
+
+    access_key_id: str | None = Field(
+        default=None,
+        description="The AWS access key.",
+    )
+    aws_region: str | None = Field(
+        default=None,
+        description="The AWS region to be used.",
+    )
+    bucket_name: str = Field(
+        description="The name of the S3 bucket used to store files in.",
+    )
+    compression: bool = Field(
+        default=False,
+        description="Whether to use compression for storing files or not.",
+    )
+    custom_endpoint: str | None = Field(
+        default=None,
+        description="Custom endpoint to perform AWS API requests.",
+    )
+    path_style_access: bool = Field(
+        default=False,
+        description="Whether to enable path style access or not. Required for many non-AWS S3 providers.",
+    )
+    secret_access_key: str | None = Field(
+        default=None,
+        description="The AWS secret for the access key.",
+    )

python_ort-0.8.0/src/ort/models/config/scan_storage_configuration.py

@@ -0,0 +1,84 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <heliocastro@gmail.com>
+# SPDX-FileCopyrightText: 2026 CARIAD SE
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field, model_validator
+
+from ...utils.validated_enum import ValidatedIntEnum
+from .file_storage_configuration import FileStorageConfiguration
+from .postgres_connection import PostgresConnection
+
+
+class StorageType(ValidatedIntEnum):
+    """
+    An enum to describe different types of storages.
+
+    Properties:
+        PACKAGE_BASED:  A storage that stores scan results by [Package].
+        PROVENANCE_BASED: A storage that stores scan results by [Provenance].
+    """
+
+    PACKAGE_BASED = 1
+    PROVENANCE_BASED = 2
+
+
+class ScanStorageConfiguration(BaseModel):
+    """
+    Root of a class hierarchy for configuration classes for scan storage
+    implementations.
+
+    Based on this hierarchy, it is possible to have multiple different scan
+    storages enabled and to configure them dynamically.
+    """
+
+    model_config = ConfigDict(extra="allow")
+
+    @model_validator(mode="before")
+    @classmethod
+    def validate_provenance(cls, v):
+        if not isinstance(v, dict):
+            raise ValueError("Config must be a dictionary.")
+        # Return the dict as-is; ScanStorageConfiguration with extra="allow"
+        # will store all fields without needing to instantiate subclasses.
+        return v
+
+
+class ClearlyDefinedStorageConfiguration(ScanStorageConfiguration):
+    """
+    The configuration model of a storage based on ClearlyDefined.
+    """
+
+    server_url: str = Field(
+        description="The URL of the ClearlyDefined server.",
+    )
+
+
+class FileBasedStorageConfiguration(ScanStorageConfiguration):
+    """
+    The configuration model of a file based storage.
+    """
+
+    backend: FileStorageConfiguration = Field(
+        description="The configuration of the FileStorage used to store the files."
+    )
+    ort_type: StorageType = Field(
+        alias="type",
+        default="PROVENANCE_BASED",
+        description=("The way that scan results are stored, defaults to StorageType.PROVENANCE_BASED."),
+    )
+
+
+class PostgresStorageConfiguration(ScanStorageConfiguration):
+    """
+    A class to hold the configuration for using Postgres as a storage.
+    """
+
+    connection: PostgresConnection = Field(
+        description="The configuration of the PostgreSQL database.",
+    )
+    ort_type: StorageType = Field(
+        alias="type",
+        default="PROVENANCE_BASED",
+        description=("The way that scan results are stored, defaults to StorageType.PROVENANCE_BASED."),
+    )

python_ort-0.8.0/src/ort/models/config/scanner_configuration.py

@@ -0,0 +1,93 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <dev@heliocastro.info>
+# SPDX-FileCopyrightText: 2026 CARIAD SE
+# SPDX-License-Identifier: MIT
+
+
+from typing import Any
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from .file_archiver_configuration import FileArchiverConfiguration
+from .file_list_storage_configuration import FileListStorageConfiguration
+from .provenance_storage_configuration import ProvenanceStorageConfiguration
+from .scan_storage_configuration import ScanStorageConfiguration
+
+
+class ScannerConfiguration(BaseModel):
+    """
+    The configuration model of the scanner.
+
+    This is deserialized from "config.yml" as part of OrtConfiguration and
+    (de-)serialized as part of org.ossreviewtoolkit.model.OrtResult.
+    """
+
+    model_config = ConfigDict(extra="forbid")
+
+    skip_concluded: bool = Field(
+        default=False,
+        description="Skip packages with concluded license and authors (for copyrights) and use only declared info.",
+    )
+
+    skip_excluded: bool = Field(
+        default=False,
+        description="Control whether excluded scopes and paths are skipped during the scan.",
+    )
+
+    include_files_without_findings: bool = Field(
+        default=False,
+        description="Whether the scanner should add files without license to the scanner results.",
+    )
+
+    archive: "FileArchiverConfiguration | None" = Field(
+        default=None,
+        description="Configuration of a FileArchiver that archives selected scanned files in external storage.",
+    )
+
+    # Use empty dict instead of upstream defaults as this class is not intended to provide defaults as upstream
+    # Kotlin counterpart, but just do proper parsing of existing pre created result
+    detected_license_mapping: dict[str, str] = Field(
+        default_factory=dict,
+        description="Mappings from scanner-returned licenses to valid SPDX licenses; only applied to new scans.",
+    )
+
+    file_list_storage: FileListStorageConfiguration | None = Field(
+        default=None,
+        description="The storage to store the file lists by provenance.",
+    )
+
+    scanners: dict[str, Any] | None = Field(
+        default=None,
+        description="Scanner-specific configuration options. The key needs to match the name of the scanner"
+        "class, e.g. 'ScanCode' for the ScanCode wrapper. See the documentation of the scanner for available options.",
+    )
+
+    storages: dict[str, ScanStorageConfiguration] | None = Field(
+        default=None,
+        description="A map with the configurations of the scan result storages available."
+        "Based on this information the actual storages are created."
+        "Storages can be configured as readers or writers of scan results. Having "
+        "this map makes it possible for storage instances to act in both roles without having to duplicate "
+        "configuration.",
+    )
+
+    storage_readers: list[str] | None = Field(
+        default=None,
+        description="A list with the IDs of scan storages that are queried for existing scan results."
+        "The strings in this list must match keys in the storages map.",
+    )
+
+    storage_writers: list[str] | None = Field(
+        default=None,
+        description="A list with the IDs of scan storages that are called to persist scan results."
+        "The strings in this list  must match keys in the [storages] map.",
+    )
+
+    ignore_patterns: list[str] = Field(
+        default_factory=list,
+        description="A list of glob expressions that match file paths which are to be excluded from scan results.",
+    )
+
+    provenance_storage: ProvenanceStorageConfiguration | None = Field(
+        default=None,
+        description="Configuration of the storage for provenance information.",
+    )

python_ort-0.8.0/src/ort/models/copyright_finding.py

@@ -0,0 +1,23 @@
+# SPDX-FileCopyrightText: 2026 Helio Chissini de Castro <dev@heliocastro.info>
+# # SPDX-FileCopyrightText: 2026 CARIAD SE
+# SPDX-License-Identifier: MIT
+
+
+from pydantic import BaseModel, ConfigDict, Field
+
+from .text_location import TextLocation
+
+
+class CopyrightFinding(BaseModel):
+    """
+    A class representing a single copyright finding.
+    """
+
+    model_config = ConfigDict(extra="forbid")
+
+    statement: str = Field(
+        description="The copyright statement.",
+    )
+    location: TextLocation = Field(
+        description="The text location where the copyright statement was found.",
+    )