diff --git a/atomic_reactor/utils/cachi2.py b/atomic_reactor/utils/cachi2.py index f6491301a..177059ba8 100644 --- a/atomic_reactor/utils/cachi2.py +++ b/atomic_reactor/utils/cachi2.py @@ -68,3 +68,49 @@ def convert_SBOM_to_ICM(sbom: Dict[str, Any]) -> Dict[str, Any]: {"purl": comp["purl"]} for comp in sbom["components"] # type: ignore ] return icm + + +def generate_request_json( + remote_source: Dict[str, Any], remote_source_sbom: Dict[str, Any], + remote_source_env_json: Dict[str, Dict[str, str]], +) -> Dict[str, Any]: + """Generates Cachito like request.json + + Cachito does provide request.json, for backward compatibility + as some tools are depending on it, we have to generate also request.json from cachi2 + """ + def gen_dependency(sbom_dep: Dict[str, Any]) -> Dict[str, str]: + """Generate a single dependency from SBOM""" + # we need to detect type from purl, this is just heuristics, + # we cannot reliably construct type from purl + heuristic_type = "unknown" + purl_type_map = { + "pkg:golang/": "go-package", + "pkg:npm/": "npm", + "pkg:pypi/": "pip", + "pkg:rpm/": "rpm", + "pkg:gem/": "rubygems", + } + purl = sbom_dep["purl"] + for purl_prefix, request_type in purl_type_map.items(): + if purl.startswith(purl_prefix): + heuristic_type = request_type + break + + return { + "name": sbom_dep["name"], + # "replaces": None, # TBD: this is go only, but will be always none as we don't support replacements in cachi2; should it be included? + "type": heuristic_type, + "version": sbom_dep.get("version"), + } + + res = { + "dependencies": [gen_dependency(dep) for dep in remote_source_sbom["components"]], + "pkg_managers": remote_source.get("pkg_managers", []), + "ref": remote_source["ref"], + "repo": remote_source["repo"], + "environment_variables": {key: val["value"] for key, val in remote_source_env_json.items()}, + "flags": remote_source.get("flags", []), + "packages": [], # TBD: this will be always empty, should we include it? + } + return res