cachi2: generate remote-source.json

Cachi2 doesn't provide remote-source.json but for backward compatibility OSBS must provide it. STONEBLD-2585 Signed-off-by: Martin Basti <[email protected]>
containerbuildsystem · Aug 20, 2024 · 87cf205 · 87cf205
1 parent 9591685
commit 87cf205
Showing 1 changed file with 46 additions and 0 deletions.
diff --git a/atomic_reactor/utils/cachi2.py b/atomic_reactor/utils/cachi2.py
@@ -68,3 +68,49 @@ def convert_SBOM_to_ICM(sbom: Dict[str, Any]) -> Dict[str, Any]:
         {"purl": comp["purl"]} for comp in sbom["components"]  # type: ignore
     ]
     return icm
+
+
+def generate_request_json(
+    remote_source: Dict[str, Any], remote_source_sbom: Dict[str, Any],
+    remote_source_env_json: Dict[str, Dict[str, str]],
+) -> Dict[str, Any]:
+    """Generates Cachito like request.json
+
+    Cachito does provide request.json, for backward compatibility
+    as some tools are depending on it, we have to generate also request.json from cachi2
+    """
+    def gen_dependency(sbom_dep: Dict[str, Any]) -> Dict[str, str]:
+        """Generate a single dependency from SBOM"""
+        # we need to detect type from purl, this is just heuristics,
+        # we cannot reliably construct type from purl
+        heuristic_type = "unknown"
+        purl_type_map = {
+            "pkg:golang/": "go-package",
+            "pkg:npm/": "npm",
+            "pkg:pypi/": "pip",
+            "pkg:rpm/": "rpm",
+            "pkg:gem/": "rubygems",
+        }
+        purl = sbom_dep["purl"]
+        for purl_prefix, request_type in purl_type_map.items():
+            if purl.startswith(purl_prefix):
+                heuristic_type = request_type
+                break
+
+        return {
+            "name": sbom_dep["name"],
+            # "replaces": None, #  TBD: this is go only, but will be always none as we don't support replacements in cachi2; should it be included?
+            "type": heuristic_type,
+            "version": sbom_dep.get("version"),
+        }
+
+    res = {
+        "dependencies": [gen_dependency(dep) for dep in remote_source_sbom["components"]],
+        "pkg_managers": remote_source.get("pkg_managers", []),
+        "ref": remote_source["ref"],
+        "repo": remote_source["repo"],
+        "environment_variables": {key: val["value"] for key, val in remote_source_env_json.items()},
+        "flags": remote_source.get("flags", []),
+        "packages": [],  # TBD: this will be always empty, should we include it?
+    }
+    return res