Additional source provenance in SourceInfo#2009
Merged
Conversation
gtristan
requested review from
BenjaminSchubert,
abderrahim,
cs-shadow and
juergbi
as code owners
gtristan
force-pushed
the
tristan/additional-source-provenance
branch
from
c972493 to
ffb1fc8
Compare
With the recent addition of SourceInfo etc, we are closer to generating
automated SBoMs, and to a reasonable degree, everything that should be
delegated to plugins has been delegated via the Source.collect_source_info()
and SourceFetcher.get_source_info() abstract methods, and the utility function
utils.guess_version() for version guessing.
This leaves some information which only users can explicitly provide in
their buildstream projects.
This patch adds some source level provenance information which users can
use to contribute to the SourceInfo.
Explanation of the changes in this patch:
* types.py: Add internal _SourceProvenance object
This validates and parses user provided source provenance
information.
* _loader/metasource.py: Now carry the _SourceProvenance
* _loader/types.py: Add the Symbol.PROVENANCE for consistency,
as the element and loader are using this to parse common
format related symbols.
* element.py: Load the _SourceProvenance from source nodes and
pass those through to the MetaSource constructor
* source.py:
- Add the "homepage" and "issue-tracker" user provided source
provenance attributes to SourceInfo, and include those in the
SourceInfo serialization.
- Automatically pass these attributes on to SourceInfo objects
constructed with Source.create_source_info(), so that there
is no plugin participation required
- Update documentation about the addition of the `provenance`
dictionary since 2.5
- Adhere to the new MetaSource constructor in `Source.__clone_for_uri()`
gtristan
force-pushed
the
tristan/additional-source-provenance
branch
from
ffb1fc8 to
d6d5e73
Compare
Contributor
Author
|
It occurs to me that this patch has issues with multi-url sources like To address this, I would suggest extending |
This was referenced Sep 20, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
With the recent addition of SourceInfo etc, we are closer to generating automated SBoMs,
and to a reasonable degree, everything that should be delegated to plugins has been delegated
via the
Source.collect_source_info()andSourceFetcher.get_source_info()abstract methods, andthe utility function
utils.guess_version()for version guessing.This leaves some information which only users can explicitly provide in their buildstream projects,
notably, it is relevant for SBoM generation and compliance purposes, to include information such
as the project homepage URL, and an existing issue tracking URL.
It is presumed that these cannot be realistically guessed by plugin implementations, and that
project authors would have to provide these in some form.
This patch adds some source level provenance information which users can use to contribute to
the SourceInfo.