Merge main #3

Signed-off-by: tdruez <[email protected]>

.VERSION

@@ -0,0 +1 @@
+$Format:%(describe:tags)$

.gitattributes

@@ -0,0 +1,2 @@
+# Save the version details for git tarballs in .VERSION file
+.VERSION export-subst

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,26 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: 'BUG: '
+labels: bug, design needed, enhancement
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Context (OS, Browser, Device, etc.):**

.github/ISSUE_TEMPLATE/dejacode-documentation.md

@@ -0,0 +1,14 @@
+---
+name: DejaCode documentation
+about: Request a DejaCode documentation improvement
+title: 'DOC: '
+labels: documentation
+assignees: ''
+
+---
+
+**What type of documentation would you like?**
+How-to, Reference, Tutorial, on-screen prompt
+
+**Documentation topic**
+Describe the features of DejaCode that would benefit from more explanation.

.github/ISSUE_TEMPLATE/dejacode-enhancement-request.md

@@ -0,0 +1,20 @@
+---
+name: DejaCode enhancement request
+about: Suggest an enhancement for DejaCode
+title: 'Enhancement request: '
+labels: design needed, enhancement
+assignees: ''
+
+---
+
+**Is your enhancement request related to a problem? Please describe.**
+Describe the problem that you would like to address.
+
+**What are the benefits of the requested enhancement?**
+How will the new functionality benefit DejaCode users? 
+
+**Describe the solution you would like**
+Provide a concise scenario or use case that needs to be supported in DejaCode.
+
+**Additional notes**
+Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/roadmap-item-template.md

@@ -0,0 +1,17 @@
+---
+name: Roadmap item template
+about: Structure for roadmap items
+title: 'RFC: '
+labels: design needed, enhancement
+assignees: ''
+
+---
+
+**Summary**
+A clear and concise description of the Roadmap requirements and objectives. 
+
+**Intended Outcome**
+A clear and concise description of the impact on the AboutCode stack.
+
+**How will it work?**
+Details to explain what needs to be done.

.github/workflows/ci.yml

@@ -33,9 +33,9 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
-          python-version: "3.10"
+          python-version: "3.12"
 
       - name: Install python-ldap OS dependencies
         run: sudo apt-get install -y libsasl2-dev libldap2-dev libssl-dev

.github/workflows/gh-release.yml

@@ -0,0 +1,17 @@
+name: Create a GitHub release
+
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - "v*.*.*"
+
+jobs:
+  create-github-release:
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Create a GitHub release
+        uses: softprops/action-gh-release@v1
+        with:
+          draft: false

.gitignore

@@ -1,5 +1,6 @@
 *.pyc
 *.db
+*.rdb
 .installed.cfg
 parts
 develop-eggs

.readthedocs.yaml

@@ -8,7 +8,7 @@ version: 2
 build:
   os: ubuntu-22.04
   tools:
-    python: "3.10"
+    python: "3.12"
 
 # Optionally declare the Python requirements required to build your docs
 python:

CHANGELOG.rst

@@ -1,11 +1,101 @@
 Release notes
 =============
 
-### Version 5.0.1-dev
+### Version 5.1.1-dev
+
+- Add visual indicator in hierarchy views, when an object on the far left or far right
+  also belong or have a hierarchy (relathionship tree).
+  https://github.com/nexB/dejacode/issues/70
+
+### Version 5.1.0
+
+- Upgrade Python version to 3.12 and Django to 5.0.x
+  https://github.com/nexB/dejacode/issues/50
+
+- Replace Celery by RQ for async job queue and worker.
+  https://github.com/nexB/dejacode/issues/6
+
+- Add support for CycloneDX spec version "1.6".
+  In the UI and API, older spe version such as "1.4" and "1.5" are also available as
+  download.
+  https://github.com/nexB/dejacode/pull/79
+
+- Lookup in PurlDB by purl in Add Package form.
+  When a Package URL is available in the context of the "Add Package" form,
+  for example when using a link from the Vulnerabilities tab,
+  data is fetched from the PurlDB to initialize the form.
+  https://github.com/nexB/dejacode/issues/47
+
+- If you select two versions of the same Product in the Product list, or two different
+  Products, and click the Compare button, you can now download the results of the
+  comparison to a .xlsx file, making it easy to share the information with your
+  colleagues.
+  https://github.com/nexB/dejacode/issues/7
+
+- Add dark theme support in UI.
+  https://github.com/nexB/dejacode/issues/25
+
+- Add "Load Packages from SBOMs", "Import scan results", and
+  "Pull ScanCode.io project data" feature as Product action in the REST API.
+  https://github.com/nexB/dejacode/issues/59
+
+- Add REST API endpoints to download SBOMs as CycloneDX and SPDX.
+  https://github.com/nexB/dejacode/issues/60
+
+- Refactor the "Import manifest" feature as "Load SBOMs".
+  https://github.com/nexB/dejacode/issues/61
+
+- Add support to import packages from manifest.
+  https://github.com/nexB/dejacode/issues/65
+
+- Add a vulnerability link to the VulnerableCode app in the Vulnerability tab.
+  https://github.com/nexB/dejacode/issues/4
+
+- Add a DEJACODE_SUPPORT_EMAIL setting for support email address customization.
+  https://github.com/nexB/dejacode/issues/76
+
+- Show the individual PURL fields in the Package details view.
+  https://github.com/nexB/dejacode/issues/83
+
+- Fix the logout link of the admin app.
+  https://github.com/nexB/dejacode/issues/89
+
+- Display full commit in the version displayed in the UI
+  https://github.com/nexB/dejacode/issues/88
+
+- Refine the Product comparison logic for Packages.
+  The type and namespace fields are now used along the name field to match similar
+  Packages (excluding the version).
+  https://github.com/nexB/dejacode/issues/113
+
+- Refactor the implementation of Keywords on forms to allow more flexibilty.
+  Existing Keywords are suggested for consistency but any values is now allowed.
+  https://github.com/nexB/dejacode/issues/48
+
+- Display Product inventory count on the Product list view.
+  https://github.com/nexB/dejacode/issues/81
+
+- Always display the full Package URL in the UI view including the "pkg:" prefix.
+  https://github.com/nexB/dejacode/issues/115
+
+- Add a new AboutCode tab in Package details view.
+  https://github.com/nexB/dejacode/issues/42
+
+- Enhance Package Import to support modifications.
+  https://github.com/nexB/dejacode/issues/84
+
+- Add an option on the "Add to Product" form to to replace any existing relationships
+  with a different version of the same object by the selected object.
+  https://github.com/nexB/dejacode/issues/12
+
+### Version 5.0.1
 
 - Improve the stability of the "Check for new Package versions" feature.
   https://github.com/nexB/dejacode/issues/17
 
+- Improve the support for SourgeForge download URLs.
+  https://github.com/nexB/dejacode/issues/26
+
 ### Version 5.0.0
 
 Initial release.

Dockerfile

@@ -6,7 +6,7 @@
 # See https://aboutcode.org for more information about AboutCode FOSS projects.
 #
 
-FROM python:3.10-slim
+FROM python:3.12-slim
 
 LABEL org.opencontainers.image.source="https://github.com/nexB/dejacode"
 LABEL org.opencontainers.image.description="DejaCode"
@@ -31,6 +31,7 @@ RUN apt-get update \
       libldap2-dev \
       libsasl2-dev \
       libpq5 \
+      git \
       wait-for-it \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

Makefile

@@ -6,7 +6,7 @@
 # See https://aboutcode.org for more information about AboutCode FOSS projects.
 #
 
-PYTHON_EXE=python3.10
+PYTHON_EXE=python3.12
 MANAGE=bin/python manage.py
 ACTIVATE?=. bin/activate;
 PIP_ARGS=--find-links=./thirdparty/dist/ --no-index --no-cache-dir
@@ -129,7 +129,10 @@ postgresdb:
 	@gunzip < ${DB_INIT_FILE} | psql --username=${DB_USERNAME} ${DB_NAME}
 
 run:
-	${MANAGE} runserver 8000
+	${MANAGE} runserver 8000 --insecure
+
+worker:
+	${MANAGE} rqworker
 
 test:
 	@echo "-> Run the test suite"
@@ -162,4 +165,4 @@ log:
 createsuperuser:
 	${DOCKER_EXEC} web ./manage.py createsuperuser
 
-.PHONY: virtualenv conf dev envfile check bandit isort black doc8 valid check-docstrings check-deploy clean initdb postgresdb migrate run test docs build psql bash shell log createsuperuse
+.PHONY: virtualenv conf dev envfile check bandit isort black doc8 valid check-docstrings check-deploy clean initdb postgresdb migrate run test docs build psql bash shell log createsuperuser

component_catalog/api.py

@@ -35,13 +35,16 @@
 from dejacode_toolkit.download import collect_package_data
 from dejacode_toolkit.scancodeio import ScanCodeIO
 from dje import tasks
+from dje.api import AboutCodeFilesActionMixin
 from dje.api import CreateRetrieveUpdateListViewSet
+from dje.api import CycloneDXSOMActionMixin
 from dje.api import DataspacedAPIFilterSet
 from dje.api import DataspacedHyperlinkedRelatedField
 from dje.api import DataspacedSerializer
 from dje.api import DataspacedSlugRelatedField
 from dje.api import ExternalReferenceSerializer
 from dje.api import NameVersionHyperlinkedRelatedField
+from dje.api import SPDXDocumentActionMixin
 from dje.filters import LastModifiedDateFilter
 from dje.filters import MultipleCharFilter
 from dje.filters import MultipleUUIDFilter
@@ -447,7 +450,9 @@ class Meta:
         )
 
 
-class ComponentViewSet(CreateRetrieveUpdateListViewSet):
+class ComponentViewSet(
+    SPDXDocumentActionMixin, CycloneDXSOMActionMixin, CreateRetrieveUpdateListViewSet
+):
     queryset = Component.objects.all()
     serializer_class = ComponentSerializer
     filterset_class = ComponentFilterSet
@@ -820,7 +825,13 @@ def collect_create_scan(download_url, user):
     return package
 
 
-class PackageViewSet(SendAboutFilesMixin, CreateRetrieveUpdateListViewSet):
+class PackageViewSet(
+    SendAboutFilesMixin,
+    AboutCodeFilesActionMixin,
+    SPDXDocumentActionMixin,
+    CycloneDXSOMActionMixin,
+    CreateRetrieveUpdateListViewSet,
+):
     queryset = Package.objects.all()
     serializer_class = PackageSerializer
     filterset_class = PackageAPIFilterSet
@@ -868,13 +879,6 @@ def about(self, request, uuid):
         package = self.get_object()
         return Response({"about_data": package.as_about_yaml()})
 
-    @action(detail=True)
-    def about_files(self, request, uuid):
-        package = self.get_object()
-        about_files = package.get_about_files()
-        filename = self.get_filename(package)
-        return self.get_zipped_response(about_files, filename)
-
     download_url_description = (
         "A single, or list of, Download URL(s).<br><br>"
         '<b>cURL style</b>: <code>-d "download_url=url1&download_url=url2"</code><br><br>'
@@ -1025,3 +1029,37 @@ def get_queryset(self):
                 "child",
             )
         )
+
+
+class KeywordSerializer(DataspacedSerializer):
+    class Meta:
+        model = ComponentKeyword
+        fields = (
+            "api_url",
+            "uuid",
+            "label",
+            "description",
+        )
+        extra_kwargs = {
+            "api_url": {
+                "view_name": "api_v2:componentkeyword-detail",
+                "lookup_field": "uuid",
+            },
+        }
+
+
+class KeywordViewSet(CreateRetrieveUpdateListViewSet):
+    queryset = ComponentKeyword.objects.all()
+    serializer_class = KeywordSerializer
+    lookup_field = "uuid"
+    search_fields = (
+        "label",
+        "description",
+    )
+    search_fields_autocomplete = ("label",)
+    ordering_fields = (
+        "label",
+        "created_date",
+        "last_modified_date",
+    )
+    allow_reference_access = True