Python Ecosystem: Added build_script and build_info.json for nv-ingest-api

[OpenSource-Edge-for-IBM-Tool-1]

Distro Owner PR Review Checklist

• Confirm that PACKAGE_URL points to the correct source — it should be a GitHub repository link. If not, identify the correct GitHub source and update the build script accordingly (follow the steps provided in the PR Validation Process).
  Note: PACKAGE_URL should never be a .tar archive link.
• Confirm that the PACKAGE_VERSION matches the version required by your project.
• Check if any additional configuration is needed to install the package from source that is not present in the current PR.
• Optionally, validate the script using the steps outlined below.

PR Validation Process

• Use a ppc64le VM with at least 8 GB RAM (more is recommended, as insufficient RAM may cause random build failures).

• Run the <package-name>.sh script provided in this PR inside a fresh UBI 9.3 container (i.e., sh <package-name>.sh).

• Ensure that the build script execution ends with a message like:
  "Pass | Both_Install_and_Test_Success"

• If the build script fails and you identify a fix required in the <package-name>.sh script to achieve successful execution, follow these steps:

  • Fork the build-scripts repo
  • Create a new branch for your changes, starting from the version proposed in this PR
  • Follow all the points mentioned in CONTRIBUTING.MD before raising the PR
  • Open a new PR from your fork with the fix
  • Close this auto-generated PR and include a link to your updated PR in the closure comment

Disclaimer: Auto-generated PRs will be marked as closed if no action is taken before the next weekly scan. Closing auto PRs is a manual task performed by the Python ecosystem team.

[github-actions]

@OpenSource-Edge-for-IBM-Tool-1

  **Reminder 1**

  This PR has had **no activity for 20 days**.
  Please respond to keep it active.

[MaheshZ]

Code review findings from Bob Shell

[MaheshZ]

🔴 HIGH SEVERITY | 🔒 SECURITY

Issue: The PACKAGE_VERSION variable accepts user input without validation. This could allow injection of malicious commands or invalid version strings that could break the build or compromise security.

Details:

Suggestion:

Add input validation to ensure PACKAGE_VERSION matches expected version format (e.g., using regex pattern matching): if [[ ! "$PACKAGE_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then echo "Invalid version format"; exit 1; fi

---

🤖 Generated by Bob Shell Code Review | Line 23

[MaheshZ]

🔴 HIGH SEVERITY | 📝 FUNCTIONALITY

Issue: The 'git checkout' command uses '|| exit' but doesn't provide a meaningful error message. If the version tag doesn't exist, the script will fail silently without proper logging.

Details:

Suggestion: Add proper error handling: if ! git checkout "$PACKAGE_VERSION"; then echo "------------------$PACKAGE_NAME:checkout_fails---------------------------------------"; echo "$PACKAGE_NAME | $PACKAGE_URL | $PACKAGE_VERSION | $OS_NAME | $SOURCE | Fail | Checkout_Fails"; exit 1; fi

---

🤖 Generated by Bob Shell Code Review | Line 63