Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

propose bazel type for Bazel modules #317

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

fmeum
Copy link

@fmeum fmeum commented Aug 1, 2024

Bazel 6 introduced a new system for managing external dependencies centered around the concept of Bazel modules, which are hosted in a registry. The default registry is the Bazel Central Registry. This system will become the default this year and its predecessor will be turned off next year.

As discussed in bazelbuild/bazel#23166, we would thus like to register the bazel purl type for Bazel modules, as specified in this PR.

(Approved by the Rules Authors SIG: https://docs.google.com/document/d/1YGCYAGLzTfqSOgRFVsB8hDz-kEoTgTEKKp9Jd07TJ5c/edit#heading=h.9h67icc19g8f)

@fmeum
Copy link
Author

fmeum commented Aug 6, 2024

CC @mzeren-vmw

@oej
Copy link

oej commented Aug 7, 2024

Any status on the feedback you waited for?

@fmeum
Copy link
Author

fmeum commented Aug 7, 2024

@oej Yes, this has been approved and is ready for review!

@fmeum fmeum marked this pull request as ready for review August 7, 2024 09:05
@fmeum
Copy link
Author

fmeum commented Aug 21, 2024

@stevespringett Could you review this?

@fmeum
Copy link
Author

fmeum commented Oct 9, 2024

@pombredanne Not sure who to ask for a review, could you take a look?

@johnmhoran johnmhoran added the type: bazel Proposed new type label Oct 19, 2024
@jkowalleck jkowalleck changed the title Add bazel type for Bazel modules propose bazel type for Bazel modules Oct 19, 2024
fviernau added a commit to oss-review-toolkit/ort that referenced this pull request Nov 21, 2024
fviernau added a commit to oss-review-toolkit/ort that referenced this pull request Nov 22, 2024
@sschuberth
Copy link
Member

@fmeum please rebase to resolve conflicts.

@fmeum
Copy link
Author

fmeum commented Nov 22, 2024

@sschuberth Done

PURL-TYPES.rst Show resolved Hide resolved
PURL-TYPES.rst Outdated Show resolved Hide resolved
PURL-TYPES.rst Outdated Show resolved Hide resolved
fviernau added a commit to oss-review-toolkit/ort that referenced this pull request Nov 22, 2024
@fmeum fmeum requested a review from sschuberth November 22, 2024 10:04
sschuberth pushed a commit to oss-review-toolkit/ort that referenced this pull request Nov 22, 2024
PURL-TYPES.rst Outdated
- The ``version`` is the module version in `Bazel's relaxed semver format
<https://bazel.build/external/module#version_format>`_.
- The optional ``repository_url`` can be used to specify the URL of an
alternative registry, with any trailing forward slashes removed.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

with any trailing forward slashes removed.

I'm not sure about that bit. This is not one of the "type-specific normalizations" that are allowed for the namespace segments and name. And semantically, having a trailing slash or not does not make a difference for the URL.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I just dropped this in a new commit.

PURL-TYPES.rst Outdated
Comment on lines 73 to 75
- The optional ``subpath`` can name a particular Bazel target in the module via
a label with the leading double slash (``//``) removed and canonicalized by
omitting the target name if it is equal to the name of the containing package.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm. The spec describes the subpath as

extra subpath within a package, relative to the package root.

How is what you describe "relative to the package root"? Would a custom qualifier maybe make more sense to store the Bazel target?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I simplified this part of the spec in a new commit so that it's always a regular file path, corresponding to a package (not target or file) in the Bazel module. This is analogous to the usage of subpath for golang.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me now, but I'd like others to share their opinion as well.

@fmeum fmeum requested a review from sschuberth November 22, 2024 12:10
sschuberth added a commit to oss-review-toolkit/ort that referenced this pull request Nov 22, 2024
sschuberth added a commit to oss-review-toolkit/ort that referenced this pull request Nov 22, 2024
The algorithm description at [1] demands to "apply type-specific
normalization" to namespace segments and the name before applying
percent-encoding. In general, type-specific requirements are documented
at [2]. For Bazel the PR still pending, but in the current state
lowercasing of the name should be performed [3].

[1]: https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst#how-to-build-purl-string-from-its-components
[2]: https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst
[3]: package-url/purl-spec#317

Signed-off-by: Sebastian Schuberth <[email protected]>
sschuberth added a commit to oss-review-toolkit/ort that referenced this pull request Nov 22, 2024
The algorithm description at [1] demands to "apply type-specific
normalization" to namespace segments and the name before applying
percent-encoding. In general, type-specific requirements are documented
at [2]. For Bazel the PR still pending, but in the current state
lowercasing of the name should be performed [3].

[1]: https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst#how-to-build-purl-string-from-its-components
[2]: https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst
[3]: package-url/purl-spec#317

Signed-off-by: Sebastian Schuberth <[email protected]>
sschuberth added a commit to oss-review-toolkit/ort that referenced this pull request Nov 22, 2024
The algorithm description at [1] demands to "apply type-specific
normalization" to namespace segments and the name before applying
percent-encoding. In general, type-specific requirements are documented
at [2]. For Bazel the PR still pending, but in the current state
lowercasing of the name should be performed [3].

[1]: https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst#how-to-build-purl-string-from-its-components
[2]: https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst
[3]: package-url/purl-spec#317

Signed-off-by: Sebastian Schuberth <[email protected]>
sschuberth added a commit to oss-review-toolkit/ort that referenced this pull request Nov 22, 2024
The algorithm description at [1] demands to "apply type-specific
normalization" to namespace segments and the name before applying
percent-encoding. In general, type-specific requirements are documented
at [2]. For Bazel the PR still pending, but in the current state
lowercasing of the name should be performed [3].

[1]: https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst#how-to-build-purl-string-from-its-components
[2]: https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst
[3]: package-url/purl-spec#317

Signed-off-by: Sebastian Schuberth <[email protected]>
Copy link

@Yannic Yannic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

What's needed to get this merged?

@sschuberth
Copy link
Member

What's needed to get this merged?

Two approvals are needed since recently. Maybe @pombredanne can also review?

@Yannic
Copy link

Yannic commented Dec 3, 2024

@sschuberth I think this now has the second approval?

@sschuberth
Copy link
Member

sschuberth commented Dec 3, 2024

Unfortunately, @Yannic you have read-only permissions, so the approval does not count towards mergability:

image

image

@fmeum
Copy link
Author

fmeum commented Dec 3, 2024

@sschuberth Do you happen to have write permission and could add the second approval yourself?

@sschuberth
Copy link
Member

@sschuberth Do you happen to have write permission and could add the second approval yourself?

@fmeum As mentioned over here I'm currently pausing reviews to this project until some process question are clarified with @pombredanne.

@Yannic
Copy link

Yannic commented Dec 4, 2024

Unfortunately, @Yannic you have read-only permissions, so the approval does not count towards mergability:

image

image

Oh! Sorry, I was under the impression that you already approved. I'm aware that my LGTM doesn't count towards the two required approvals.

@sschuberth do you have a rough estimate on when you expect the process questions to be resolved? A few days? A few weeks? I'm asking mostly to understand when Fabian or me should follow-up here so we don't unnecessarily ping :)

@sschuberth
Copy link
Member

@sschuberth do you have a rough estimate on when you expect the process questions to be resolved? A few days? A few weeks?

I simply have no idea. I've already reached out the respective people, but I'm not getting any answer. But I'll keep on pushing 😉

@fmeum
Copy link
Author

fmeum commented Jan 16, 2025

@stevespringett @shibumi @johnmhoran @pombredanne Apologies for the multi-ping, but it's hard to tell who would be able to move this forward. Could you add a second review?

@shibumi
Copy link
Contributor

shibumi commented Jan 19, 2025

@fmeum Hi, I am "only" the packageurl-go maintainer and have not much to say when it comes to purl specification issues. I am afraid you will have to wait for @pombredanne or anyone else of the "steering committee".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants