diff --git a/PURL-TYPES.rst b/PURL-TYPES.rst index 642a7cf3..7c515908 100644 --- a/PURL-TYPES.rst +++ b/PURL-TYPES.rst @@ -297,6 +297,29 @@ github pkg:github/package-url/purl-spec@244fd47e07d1004 pkg:github/package-url/purl-spec@244fd47e07d1004#everybody/loves/dogs +github-release +-------------- +``github-release`` for GitHub releases: + +- ``namespace``: The GitHub user or organization. It is not case sensitive and + must be lowercased. +- ``name``: The GitHub repository name. It is not case sensitive and must be + lowercased. +- ``version``: The release version. It is required and is case sensitive. +- Qualifier ``repository_url``: GitHub server hosting the release (optional). + Useful in case a private server is used. If omitted, ``https://github.com`` + is assumed as the default. +- Qualifier ``file_name``: Selects a named (case sensitive) asset contained + within the release (optional). +- Qualifier ``checksum``: Checksum for the release asset (optional). Must be + in the form of `lowercase_algorithm:hex_encoded_lowercase_value`. + +- Examples:: + + pkg:github-release/cli/cli@v2.67.0 + pkg:github-release/foo/bar@v1.0.0?repository_url=https:%2F%2Ffoobar.ghe.com + pkg:github-release/foo/bar@v1.0.0?file_name=bin-linux.tgz&checksum=sha256:deadbeef + golang ------ ``golang`` for Go packages: diff --git a/test-suite-data.json b/test-suite-data.json index ca500959..3bfa13a4 100644 --- a/test-suite-data.json +++ b/test-suite-data.json @@ -706,5 +706,17 @@ "qualifiers": null, "subpath": null, "is_invalid": true + }, + { + "description": "github-release valid name", + "purl": "pkg:GitHub-Release/foo/Bar@v1.0.1?repository_url=https://acme.ghe.com&file_name=bin-linux.tgz&checksum=sha256:ff537afd5996cb67a319d6b0d3e65a330480068398a90bd81ea823a0566512c8", + "canonical_purl": "pkg:github-release/foo/bar@v1.0.1?repository_url=https:%2F%2Facme.ghe.com&file_name=bin-linux.tgz&checksum=sha256:ff537afd5996cb67a319d6b0d3e65a330480068398a90bd81ea823a0566512c8", + "type": "github-release", + "namespace": "foo", + "name": "bar", + "version": "v1.0.1", + "qualifiers": {"repository_url": "https://acme.ghe.com", "file_name": "bin-linux.tgz", "checksum": "sha256:ff537afd5996cb67a319d6b0d3e65a330480068398a90bd81ea823a0566512c8" }, + "subpath": null, + "is_invalid": false } ]