Adds endpoint to download archive of core files

Adds a new API endpoint that provides a ZIP archive containing all core files and their signatures in the FuseSoC Package Directory.

This allows users to download a snapshot of the entire repository.
The implementation handles cases where signature files are missing.
Error handling has been added to return a 500 status code if there is a problem generating the archive.

Author: anlu85

README.md

@@ -61,9 +61,9 @@ FuseSoC-PD is ideal for teams and communities who want a reliable, transparent,
     ```
     App runs at [http://localhost:8000](http://localhost:8000) (if `DJANGO_DEBUG=True`).
 
-    > **Note on static files:**  
-    > Static files are automatically collected to the `/staticfiles` directory inside the Docker container during build or startup.  
-    > By default, static files are served by [WhiteNoise](https://whitenoise.evans.io/) within the Django application.  
+    > **Note on static files:**
+    > Static files are automatically collected to the `/staticfiles` directory inside the Docker container during build or startup.
+    > By default, static files are served by [WhiteNoise](https://whitenoise.evans.io/) within the Django application.
     > For larger or production deployments, you may optionally configure a dedicated web server (such as Nginx or Caddy) to serve static files from `/staticfiles`.
 
 ---
@@ -113,6 +113,7 @@ All endpoints are under `/api/v1/`:
 | `/health/`                 | GET    | API health check                         |
 | `/list/?filter=...`        | GET    | List available core packages             |
 | `/get/?core=...`           | GET    | Download a `.core` file by VLNV name     |
+| `/get_archive/`            | GET    | Download a `.zip` file with all cores    |
 | `/validate/`               | POST   | Validate a core file (`multipart/form`)  |
 | `/publish/`                | POST   | Publish a core file to GitHub            |
 
@@ -133,6 +134,7 @@ Easily search and browse packages in a clean interface.
 - `/cores/<vendor>/<library>/<core>/<version>/` — Core detail by VLNV (vendor, library, name, version)
 - `/vendors/` — List all vendors (with optional search)
 - `/vendors/<sanitized_name>/` — Vendor detail (with libraries and projects)
+- `/fusesoc_pd` — Shortcut to API endpoint `get_archive`
 
 ---
 
@@ -224,11 +226,11 @@ This repository includes recommended Visual Studio Code settings and launch conf
 
 ## HTTP/HTTPS and DJANGO_DEBUG
 
-- **Production deployments:**  
+- **Production deployments:**
   By default, HTTPS is enforced for security. You should run Django behind a reverse proxy (such as Nginx or Caddy) that handles HTTPS termination.
-- **Local development:**  
+- **Local development:**
   Set `DJANGO_DEBUG=True` in your `.env` to disable HTTPS enforcement and allow HTTP access at [http://localhost:8000](http://localhost:8000).
-- **Docker:**  
+- **Docker:**
   The Docker setup respects `DJANGO_DEBUG`. For local testing, set `DJANGO_DEBUG=True` in your `.env`.
 
 **Example .env snippet for local development:**

core_directory/tests/api/test_get_archive.py

@@ -0,0 +1,133 @@
+import pytest
+import io
+import zipfile
+from django.urls import reverse
+from core_directory.models import Vendor, Library, Project, CorePackage
+
+@pytest.fixture(autouse=True)
+def patch_corepackage_storage(settings):
+    from ...storages.dummy_storage import DummyStorage
+    settings.DEFAULT_FILE_STORAGE = 'path.to.dummy_storage.DummyStorage'
+    CorePackage._meta.get_field('core_file').storage = DummyStorage()
+    CorePackage._meta.get_field('signature_file').storage = DummyStorage()
+
+@pytest.mark.django_db
+def test_getarchive_success_core_and_signature(client, mocker):
+    # Set up test data: one core with signature, one without
+    vendor = Vendor.objects.create(name="Acme")
+    library = Library.objects.create(vendor=vendor, name="Lib1")
+    project1 = Project.objects.create(vendor=vendor, library=library, name="foo", description="desc")
+    project2 = Project.objects.create(vendor=vendor, library=library, name="bar", description="desc")
+
+    cp1 = CorePackage.objects.create(
+        project=project1,
+        vlnv_name="acme:lib1:foo:1.0.0",
+        version="1.0.0",
+        version_major=1,
+        version_minor=0,
+        version_patch=0,
+        core_file="foo.core",
+        signature_file="foo.sig",
+        description="desc"
+    )
+    cp2 = CorePackage.objects.create(
+        project=project2,
+        vlnv_name="acme:lib1:bar:1.0.0",
+        version="1.0.0",
+        version_major=1,
+        version_minor=0,
+        version_patch=0,
+        core_file="bar.core",
+        signature_file=None,
+        description="desc"
+    )
+
+    # Patch the storage for both core and signature files
+    core_storage = CorePackage._meta.get_field('core_file').storage
+    sig_storage = CorePackage._meta.get_field('signature_file').storage
+
+    def fake_core_open(name, mode='rb'):
+        if name == cp1.core_file.name:
+            return io.BytesIO(b"foo core content")
+        elif name == cp2.core_file.name:
+            return io.BytesIO(b"bar core content")
+        raise FileNotFoundError(name)
+
+    def fake_sig_open(name, mode='rb'):
+        if cp1.signature_file and name == cp1.signature_file.name:
+            return io.BytesIO(b"foo signature content")
+        raise FileNotFoundError(name)
+
+    mocker.patch.object(core_storage, 'open', side_effect=fake_core_open)
+    mocker.patch.object(sig_storage, 'open', side_effect=fake_sig_open)
+
+    url = reverse('core_directory:archive_get')
+    response = client.get(url)
+    assert response.status_code == 200
+    assert response['Content-Type'] == 'application/zip'
+    assert response['Content-Disposition'].endswith('fusesoc_pd_archive.zip"')
+
+    # Check the contents of the zip archive
+    with io.BytesIO(response.content) as zip_bytes:
+        with zipfile.ZipFile(zip_bytes, 'r') as archive:
+            namelist = archive.namelist()
+            assert cp1.sanitized_vlnv + ".core" in namelist
+            assert cp1.sanitized_vlnv + ".core.sig" in namelist
+            assert cp2.sanitized_vlnv + ".core" in namelist
+            assert archive.read(cp1.sanitized_vlnv + ".core") == b"foo core content"
+            assert archive.read(cp1.sanitized_vlnv + ".core.sig") == b"foo signature content"
+            assert archive.read(cp2.sanitized_vlnv + ".core") == b"bar core content"
+
+@pytest.mark.django_db
+def test_getarchive_core_file_missing(client, mocker):
+    # Set up test data: one core, but file is missing in storage
+    vendor = Vendor.objects.create(name="Acme")
+    library = Library.objects.create(vendor=vendor, name="Lib1")
+    project = Project.objects.create(vendor=vendor, library=library, name="foo", description="desc")
+    cp = CorePackage.objects.create(
+        project=project,
+        vlnv_name="acme:lib1:foo:1.0.0",
+        version="1.0.0",
+        version_major=1,
+        version_minor=0,
+        version_patch=0,
+        core_file="foo.core",
+        signature_file=None,
+        description="desc"
+    )
+    core_storage = CorePackage._meta.get_field('core_file').storage
+    mocker.patch.object(core_storage, 'open', side_effect=FileNotFoundError("not found"))
+
+    url = reverse('core_directory:archive_get')
+    response = client.get(url)
+    assert response.status_code == 500
+    assert b"Error retrieving archive" in response.content
+
+@pytest.mark.django_db
+def test_getarchive_signature_file_missing(client, mocker):
+    # Set up test data: core with signature, but signature file missing
+    vendor = Vendor.objects.create(name="Acme")
+    library = Library.objects.create(vendor=vendor, name="Lib1")
+    project = Project.objects.create(vendor=vendor, library=library, name="foo", description="desc")
+    cp = CorePackage.objects.create(
+        project=project,
+        vlnv_name="acme:lib1:foo:1.0.0",
+        version="1.0.0",
+        version_major=1,
+        version_minor=0,
+        version_patch=0,
+        core_file="foo.core",
+        signature_file="foo.sig",
+        description="desc"
+    )
+    core_storage = CorePackage._meta.get_field('core_file').storage
+    sig_storage = CorePackage._meta.get_field('signature_file').storage
+
+    mocker.patch.object(core_storage, 'open', return_value=io.BytesIO(b"foo core content"))
+    mocker.patch.object(sig_storage, 'open', side_effect=FileNotFoundError("not found"))
+
+    url = reverse('core_directory:archive_get')
+    response = client.get(url)
+    assert response.status_code == 500
+    assert b"Error retrieving archive" in response.content
+            

core_directory/tests/test_urls.py

@@ -7,6 +7,7 @@
     ("health_check", {}, 200, False, "get"),
     ("core_list", {}, 200, False, "get"),
     ("core_get", {}, 400, False, "get"),
+    ("archive_get", {}, 200, False, "get"),
     ("validate", {}, 400, False, "post"),
     ("publish", {}, 400, False, "post"),
     ("api_docs_landing", {}, 200, False, "get"),

core_directory/urls.py

@@ -30,7 +30,7 @@
     SpectacularSwaggerView,
 )
 
-from .views.api_views import APIDocsLandingPageView, HealthCheckView, Validate, Publish, Cores, GetCore
+from .views.api_views import APIDocsLandingPageView, HealthCheckView, Validate, Publish, Cores, GetCore, GetArchive
 
 app_name = "core_directory"
 
@@ -42,6 +42,7 @@
         path('health/', HealthCheckView.as_view(), name='health_check'),
         path('list/', Cores.as_view(), name='core_list'),
         path('get/', GetCore.as_view(), name='core_get'),
+        path('get_archive/', GetArchive.as_view(), name='archive_get'),
         path('validate/', Validate.as_view(), name='validate'),
         path('publish/', Publish.as_view(), name='publish'),
 

core_directory/views/api_views.py

@@ -1,4 +1,8 @@
 """API views for FuseSoC Package Directory."""
+import os
+import tempfile
+import zipfile
+
 from django.db import IntegrityError, DatabaseError
 from django.http import HttpResponse
 from django.views.generic import TemplateView
@@ -300,3 +304,52 @@ def post(self, request, *args, **kwargs):
         if serializer.is_valid():
             return Response({'message': 'Core file is valid'}, status=status.HTTP_200_OK)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+
+class GetArchive(APIView):
+    """Endpoint for downloading an archive of the FuseSoC Care Package Directory."""
+    @extend_schema_with_429(
+        summary='Download FuseSoC Core Package Directory Archive',
+        description='Provide a archive containing all core files in FuseSoC Package Directory.',
+        parameters=[
+        ],
+        responses={
+            200: OpenApiResponse(description='FuseSoC Core Package archive successfully retrieved'),
+            500: OpenApiResponse(description='Error message indicating why the validation failed')
+        }
+    )
+    def get(self, request):
+        """Download a FuseSoC core package archive.
+
+        Returns:
+            HttpResponse: The archive as an attachment, or error message if not found.
+        """
+        try:
+            with tempfile.TemporaryDirectory() as temp_dir:
+                archive_path = os.path.join(temp_dir, 'fusesoc_pd_archive.zip')
+                with zipfile.ZipFile(archive_path, 'w', zipfile.ZIP_DEFLATED) as archive:
+                    for core_package in CorePackage.objects.all():
+                        # Add core file
+                        if core_package.core_file:
+                            core_file_name = core_package.sanitized_vlnv + '.core'
+                            with core_package.core_file.open('rb') as f:
+                                archive.writestr(core_file_name, f.read())
+                        # Add signature file if present
+                        if core_package.is_signed and core_package.signature_file:
+                            sig_file_name = core_package.sanitized_vlnv + '.core.sig'
+                            with core_package.signature_file.open('rb') as f:
+                                archive.writestr(sig_file_name, f.read())
+
+                with open(archive_path, 'rb') as f:
+                    archive_file_data = f.read()
+
+                response = HttpResponse(archive_file_data, content_type='application/zip')
+                response['Content-Disposition'] = 'attachment; filename="fusesoc_pd_archive.zip"'
+                response['Content-Length'] = str(len(archive_file_data))
+                return response
+
+        except (FileNotFoundError, OSError, zipfile.BadZipFile) as err:
+            return Response(
+                {'error': f'Error retrieving archive: {err}'},
+                status=status.HTTP_500_INTERNAL_SERVER_ERROR
+            )

fusesoc.conf

@@ -0,0 +1,6 @@
+[library.fusesoc_pd]
+location = fusesoc_libraries\fusesoc_pd
+sync-uri = http://127.0.0.1:8000/fusesoc_pd
+sync-type = url
+auto-sync = true
+

fusesoc_libraries/fusesoc_pd/vendor_library_core_1.0.0.core

@@ -0,0 +1,8 @@
+CAPI=2:
+name: vendor:library:core:1.0.0
+description: "A valid core file for testing with signature."
+provider:
+  name: github
+  user: myuser
+  repo: myrepo
+  version: "v1.0.0"

fusesoc_libraries/fusesoc_pd/vendor_library_core_1.0.0.core.sig

@@ -0,0 +1,9 @@
+coresig:
+  name: vendor:library:core:1.0.0
+  signatures:
+    - signature: |
+        -----BEGIN SSH SIGNATURE-----
+        dummy-signature-data
+        -----END SSH SIGNATURE-----
+      type: ssh-ed25519
+      user_id: user@example.com

project/urls.py

@@ -26,6 +26,7 @@
 
 from core_directory.sitemaps import CorePackageSitemap, StaticViewSitemap, VendorSitemap
 from core_directory.views.system_views import robots_txt
+from core_directory.views.api_views import GetArchive
 from core_directory.views.web_views import (
     landing,
     core_detail,
@@ -70,6 +71,7 @@ def guarded_sitemap_view(request, *args, **kwargs):
         name='vendor-detail'
     ),
 
+    path('fusesoc_pd/', GetArchive.as_view(), name='archive_get'),
     path('admin/', admin.site.urls),
     path('api/', include('core_directory.urls')),