feat(types): githubactions definition #702
Conversation
Add a new definition for GitHub Actions, including workflows, to the package URL specification. This implementation aligns with current practice of using the `name` component to include both the name and the repository path. Resolves: package-url#698 Signed-off-by: Nico Rikken <[email protected]>
nicorikken
force-pushed
the
feature/githubactions
branch
from
475fbba to
fd4aefa
Compare
types/githubactions-definition.json
Outdated
| "name_definition": { | ||
| "requirement": "required", | ||
| "case_sensitive": true, | ||
| "note": "The name contains both the repository name and optionally a path within the repository to a certain action or workflow. The first section before the slash is the repository name, this is not case sensitive and should be lowercase. The rest is the path within the repository, which is case sensitive." |
There was a problem hiding this comment.
This isn't accurate. The name begins at the last slash. The complicated part with the partial case sensitivity is in the namespace.
There's sort of a precedent for this. pkg:golang doesn't really have namespace and name and you get the same kind of thing where the PURL "namespace" is just the part of the Go name before the first slash, but the Go module system enforces case sensitivity even when GitHub (or wherever the package is hosted) allows the files to be retrieved with different case and that avoids having to write custom normalization rules. Some people don't like pkg:golang and want to redo it with everything being in PURL name and nothing in the PURL namespace, in which case every slash would need to be percent encoded.
There was a problem hiding this comment.
I see, looking at Go test cases https://github.com/package-url/purl-spec/blob/505dca561f6d6f1f1f0ebb6b5c36c6aa2516d98d/tests/types/golang-test.json
So in this case most of it would be the name, would have to be url encoded or the base purl format would need to be changed. Leveraging the subpath doesn't seem fitting.
Given the discussion in package-url#698 focus just on GitHub Actions and not workflows. Also clarify that paths in the name must be URL-encoded. Signed-off-by: Nico Rikken <[email protected]>
3 participants
Add a new definition for GitHub Actions, including workflows, to the package URL specification.
This implementation aligns with current practice of using the
namecomponent to include both the name and the repository path.Resolves: #698