From af1968e3ebe7bdbd42a70b90e809b7ee3af594a9 Mon Sep 17 00:00:00 2001 From: Enkas1 Date: Mon, 10 Nov 2025 14:13:23 +0100 Subject: [PATCH 1/2] Add supplier and valid value check --- rules/license.bzl | 9 +++++++++ rules/license_impl.bzl | 1 + rules/package_info.bzl | 7 +++++++ rules/providers.bzl | 2 ++ rules_gathering/gather_metadata.bzl | 7 ++++++- 5 files changed, 25 insertions(+), 1 deletion(-) diff --git a/rules/license.bzl b/rules/license.bzl index 7e80018..739d19d 100644 --- a/rules/license.bzl +++ b/rules/license.bzl @@ -73,6 +73,9 @@ _license = rule( " by an applicatation. It should be a value that" + " increases over time, rather than a commit hash." ), + "supplier": attr.string( + doc = "Supplier for this package (e.g., 'Organization: ' or 'Person: ').", + ), }, ) @@ -86,6 +89,7 @@ def license( package_name = None, package_url = None, package_version = None, + supplier = None, namespace = None, tags = [], visibility = ["//visibility:public"]): @@ -125,6 +129,10 @@ def license( # buildifier: disable=print print("license(namespace=) is deprecated.") + if supplier: + if not (supplier.startswith("Organization: ") or supplier.startswith("Person: ")): + fail("supplier must start with 'Organization: ' or 'Person: '") + _license( name = name, license_kinds = license_kinds, @@ -133,6 +141,7 @@ def license( package_name = package_name, package_url = package_url, package_version = package_version, + supplier = supplier, applicable_licenses = [], visibility = visibility, tags = tags, diff --git a/rules/license_impl.bzl b/rules/license_impl.bzl index 18b8570..ad4eb6e 100644 --- a/rules/license_impl.bzl +++ b/rules/license_impl.bzl @@ -39,6 +39,7 @@ def license_rule_impl(ctx): package_name = ctx.attr.package_name or ctx.label.package, package_url = ctx.attr.package_url, package_version = ctx.attr.package_version, + supplier = ctx.attr.supplier, license_text = ctx.file.license_text, label = ctx.label, ) diff --git a/rules/package_info.bzl b/rules/package_info.bzl index fcbaa8e..862d61c 100644 --- a/rules/package_info.bzl +++ b/rules/package_info.bzl @@ -35,6 +35,7 @@ def _package_info_impl(ctx): package_url = ctx.attr.package_url, package_version = ctx.attr.package_version, purl = ctx.attr.purl, + supplier = ctx.attr.supplier, ) # Experimental alternate design, using a generic 'data' back to hold things @@ -46,6 +47,7 @@ def _package_info_impl(ctx): "package_url": ctx.attr.package_url, "package_version": ctx.attr.package_version, "purl": ctx.attr.purl, + "supplier": ctx.attr.supplier, }, ) return [provider, generic_provider] @@ -74,6 +76,9 @@ _package_info = rule( " https://github.com/package-url/purl-spec. This may be used when" + " generating an SBOM.", ), + "supplier": attr.string( + doc = "Supplier for this package (e.g., 'Organization: ' or 'Person: ').", + ), }, ) @@ -84,6 +89,7 @@ def package_info( package_url = None, package_version = None, purl = None, + supplier = None, **kwargs): """Wrapper for package_info rule. @@ -111,6 +117,7 @@ def package_info( package_url = package_url, package_version = package_version, purl = purl, + supplier = supplier, applicable_licenses = [], visibility = visibility, tags = [], diff --git a/rules/providers.bzl b/rules/providers.bzl index b6a352f..56ba8b1 100644 --- a/rules/providers.bzl +++ b/rules/providers.bzl @@ -44,6 +44,7 @@ LicenseInfo = provider( "package_name": "string: Human readable package name", "package_url": "URL from which this package was downloaded.", "package_version": "Human readable version string", + "supplier": "string: Supplier for this package (e.g., organization/person)", }, ) @@ -56,6 +57,7 @@ PackageInfo = provider( "package_url": "string: URL from which this package was downloaded.", "package_version": "string: Human readable version string", "purl": "string: package url matching the purl spec (https://github.com/package-url/purl-spec)", + "supplier": "string: Supplier for this package (e.g., organization/person)", }, ) diff --git a/rules_gathering/gather_metadata.bzl b/rules_gathering/gather_metadata.bzl index aae5b69..73aed96 100644 --- a/rules_gathering/gather_metadata.bzl +++ b/rules_gathering/gather_metadata.bzl @@ -196,6 +196,7 @@ def metadata_info_to_json(metadata_info): "package_name": "{package_name}", "package_url": "{package_url}", "package_version": "{package_version}", + "supplier": "{supplier}", "license_text": "{license_text}", "used_by": [ {used_by} @@ -216,7 +217,8 @@ def metadata_info_to_json(metadata_info): "package_name": "{package_name}", "package_url": "{package_url}", "package_version": "{package_version}", - "purl": "{purl}" + "purl": "{purl}", + "supplier": "{supplier}" }}""" # Build reverse map of license to user @@ -249,6 +251,7 @@ def metadata_info_to_json(metadata_info): package_name = license.package_name, package_url = license.package_url, package_version = license.package_version, + supplier = getattr(license, "supplier", ""), label = _strip_null_repo(license.label), bazel_package = _bazel_package(license.label), used_by = ",\n ".join(sorted(['"%s"' % x for x in used_by[str(license.label)]])), @@ -286,6 +289,7 @@ def metadata_info_to_json(metadata_info): package_url = mi.package_url, package_version = mi.package_version, purl = mi.purl, + supplier = getattr(mi, "supplier", ""), )) # experimental: Support the ExperimentalMetadataInfo bag of data # WARNING: Do not depend on this. It will change without notice. @@ -298,6 +302,7 @@ def metadata_info_to_json(metadata_info): package_url = mi.data.get("package_url") or "", package_version = mi.data.get("package_version") or "", purl = mi.data.get("purl") or "", + supplier = mi.data.get("supplier") or "", )) return [main_template.format( From 4c30e457ad87840acb4b3778894eae2bc5f8d8eb Mon Sep 17 00:00:00 2001 From: Enkas1 Date: Mon, 10 Nov 2025 14:32:13 +0100 Subject: [PATCH 2/2] Add supplier in gather_licenses_info and in test license block --- rules/gather_licenses_info.bzl | 2 ++ tests/BUILD | 1 + 2 files changed, 3 insertions(+) diff --git a/rules/gather_licenses_info.bzl b/rules/gather_licenses_info.bzl index 518d5ff..974f8be 100644 --- a/rules/gather_licenses_info.bzl +++ b/rules/gather_licenses_info.bzl @@ -200,6 +200,7 @@ def licenses_info_to_json(licenses_info): "package_name": "{package_name}", "package_url": "{package_url}", "package_version": "{package_version}", + "supplier": "{supplier}", "license_text": "{license_text}", "used_by": [ {used_by} @@ -250,6 +251,7 @@ def licenses_info_to_json(licenses_info): package_name = license.package_name, package_url = license.package_url, package_version = license.package_version, + supplier = license.supplier, label = _strip_null_repo(license.label), used_by = ",\n ".join(sorted(['"%s"' % x for x in used_by[str(license.label)]])), )) diff --git a/tests/BUILD b/tests/BUILD index ade4c21..56ee194 100644 --- a/tests/BUILD +++ b/tests/BUILD @@ -43,6 +43,7 @@ license( license_kinds = [":generic_notice_license"], # Note. This need not be precise. If a downloader creates the license # clause for you, then it should use the absolute download URL. + supplier = "Organization: Test Org", package_url = "http://github.com/bazelbuild/rules_license", package_version = "0.0.4", )