Skip to content

feat(types): githubactions definition#702

Open
nicorikken wants to merge 2 commits intopackage-url:mainfrom
nicorikken:feature/githubactions
Open

feat(types): githubactions definition#702
nicorikken wants to merge 2 commits intopackage-url:mainfrom
nicorikken:feature/githubactions

Conversation

@nicorikken
Copy link
Contributor

@nicorikken nicorikken commented Oct 7, 2025
edited
Loading

Add a new definition for GitHub Actions, including workflows, to the package URL specification.

This implementation aligns with current practice of using the name component to include both the name and the repository path.

Resolves: #698

@nicorikken
feat(types): githubactions definition
fd4aefa 
Add a new definition for GitHub Actions, including workflows, to the package URL specification.

This implementation aligns with current practice of using the `name` component to include both the name and the repository path.

Resolves: package-url#698

Signed-off-by: Nico Rikken <nico.rikken@alliander.com>
@nicorikken nicorikken force-pushed the feature/githubactions branch from 475fbba to fd4aefa Compare October 7, 2025 16:23
matt-phylum
matt-phylum reviewed Oct 7, 2025
View reviewed changes
types/githubactions-definition.json Outdated
"name_definition": {
"requirement": "required",
"case_sensitive": true,
"note": "The name contains both the repository name and optionally a path within the repository to a certain action or workflow. The first section before the slash is the repository name, this is not case sensitive and should be lowercase. The rest is the path within the repository, which is case sensitive."
Copy link
Contributor

@matt-phylum matt-phylum Oct 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't accurate. The name begins at the last slash. The complicated part with the partial case sensitivity is in the namespace.

There's sort of a precedent for this. pkg:golang doesn't really have namespace and name and you get the same kind of thing where the PURL "namespace" is just the part of the Go name before the first slash, but the Go module system enforces case sensitivity even when GitHub (or wherever the package is hosted) allows the files to be retrieved with different case and that avoids having to write custom normalization rules. Some people don't like pkg:golang and want to redo it with everything being in PURL name and nothing in the PURL namespace, in which case every slash would need to be percent encoded.

Copy link
Contributor Author

@nicorikken nicorikken Oct 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see, looking at Go test cases https://github.com/package-url/purl-spec/blob/505dca561f6d6f1f1f0ebb6b5c36c6aa2516d98d/tests/types/golang-test.json
So in this case most of it would be the name, would have to be url encoded or the base purl format would need to be changed. Leveraging the subpath doesn't seem fitting.

@nicorikken nicorikken mentioned this pull request Oct 8, 2025
Open
@nicorikken
feat(types/githubactions): rework spec to only actions and URL encoding
2a388d0 
Given the discussion in package-url#698 focus just on GitHub Actions and not workflows. Also clarify that paths in the name must be URL-encoded.

Signed-off-by: Nico Rikken <nico.rikken@alliander.com>
@nicorikken nicorikken mentioned this pull request Oct 9, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@matt-phylum matt-phylum matt-phylum left review comments

Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

Proposed new type type: githubactions Proposed new type

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add githubactions PURL type

3 participants

@nicorikken @matt-phylum @jkowalleck