add dependencies resolution data

Signed-off-by: NucleonGodX <[email protected]>

Author: NucleonGodX

src/packagedcode/buildpack.py

@@ -106,10 +106,47 @@ def handle_paketo_buildpack(data, buildpack, package_data):
             dep_name = dep.get("name")
             dep_version = dep.get("version")
             dep_cpes = dep.get("cpes", [])
-            extra_data = {"cpes": dep_cpes} if dep_cpes else {}
-
+            
+            resolved_package = {}
+            
+            for field in ["id", "name", "sha256", "stacks", "uri", "licenses", "homepage"]:
+                if field in dep:
+                    resolved_package[field] = dep[field]
+            
+            if dep_cpes:
+                resolved_package["cpes"] = dep_cpes
+            
+            if "arch" in dep:
+                resolved_package["arch"] = dep["arch"]
+            
+            if "license" in dep:
+                resolved_package["license"] = dep["license"]
+            
+            if "uri" in dep:
+                resolved_package["download_url"] = dep["uri"]
+            
+            for checksum_type in ["sha256", "sha512", "md5"]:
+                if checksum_type in dep:
+                    resolved_package[checksum_type] = dep[checksum_type]
+            
+            extra_data = {}
+            for key, value in dep.items():
+                if key not in ["purl", "name", "version", "cpes", "id", "sha256", 
+                              "stacks", "uri", "licenses", "license", "homepage", 
+                              "arch", "sha512", "md5"]:
+                    extra_data[key] = value
+            
             if not dep_purl and dep_name and dep_version:
-                dep_purl = PackageURL(type="generic", name=dep_name, version=dep_version).to_string()
+                qualifiers = {}
+                if "arch" in dep:
+                    qualifiers["arch"] = dep["arch"]
+                
+                dep_purl = PackageURL(
+                    type="generic", 
+                    name=dep_name, 
+                    version=dep_version,
+                    qualifiers=qualifiers if qualifiers else None
+                ).to_string()
 
             if dep_purl:
                 dependencies.append(
@@ -118,7 +155,10 @@ def handle_paketo_buildpack(data, buildpack, package_data):
                         scope="runtime",
                         is_runtime=True,
                         is_optional=False,
-                        extra_data=extra_data,
+                        is_pinned=True if "sha256" in dep else False,
+                        is_direct=True,
+                        resolved_package=resolved_package,
+                        extra_data=extra_data if extra_data else None,
                     )
                 )
 
@@ -128,12 +168,24 @@ def handle_paketo_buildpack(data, buildpack, package_data):
                 group_id = group.get("id")
                 group_version = group.get("version")
                 if group_id and group_version:
+                    resolved_package = {
+                        "id": group_id,
+                        "version": group_version
+                    }
+                    
+                    for key, value in group.items():
+                        if key not in ["id", "version", "optional"]:
+                            resolved_package[key] = value
+                    
                     dependencies.append(
                         models.DependentPackage(
                             purl=PackageURL(type="buildpack", name=group_id, version=group_version).to_string(),
                             scope="runtime",
                             is_runtime=True,
                             is_optional=group.get("optional", False),
+                            is_pinned=False, 
+                            is_direct=True,   
+                            resolved_package=resolved_package,
                         )
                     )
 

tests/packagedcode/data/buildpack/paketo-buildpacks/java-memory-assistant/expectedoutput.json

@@ -95,13 +95,32 @@
         "scope": "runtime",
         "is_runtime": true,
         "is_optional": false,
-        "is_pinned": false,
+        "is_pinned": true,
         "is_direct": true,
-        "resolved_package": {},
-        "extra_data": {
+        "resolved_package": {
+          "id": "java-memory-assistant",
+          "name": "Java Memory Assistant Agent",
+          "sha256": "9c5ffb4bdeec5ed6b4f1d734469500754a857d1452c3d253d89e2315addb04c5",
+          "stacks": [
+            "io.buildpacks.stacks.bionic",
+            "io.paketo.stacks.tiny",
+            "*"
+          ],
+          "uri": "https://github.com/SAP-archive/java-memory-assistant/releases/download/0.5.0/java-memory-assistant-0.5.0.jar",
+          "licenses": [
+            {
+              "type": "Apache-2.0",
+              "uri": "https://github.com/SAP/java-memory-assistant/blob/master/LICENSE"
+            }
+          ],
           "cpes": [
             "cpe:2.3:a:sap:java-memory-assistant:0.5.0:*:*:*:*:*:*:*"
-          ]
+          ],
+          "download_url": "https://github.com/SAP-archive/java-memory-assistant/releases/download/0.5.0/java-memory-assistant-0.5.0.jar"
+        },
+        "extra_data": {
+          "source": "https://github.com/sap/java-memory-assistant/archive/refs/tags/0.5.0.tar.gz",
+          "source-sha256": "dedf82a5c10df5b12e602c1237f00a459a38b6a55c0ff8d671fa0d3909dfe4fc"
         }
       }
     ],

tests/packagedcode/data/buildpack/paketo-buildpacks/opentelemetry/expectedoutput.json

@@ -98,13 +98,30 @@
         "scope": "runtime",
         "is_runtime": true,
         "is_optional": false,
-        "is_pinned": false,
+        "is_pinned": true,
         "is_direct": true,
-        "resolved_package": {},
-        "extra_data": {
+        "resolved_package": {
+          "id": "opentelemetry-java",
+          "name": "OpenTelemetry Java Agent",
+          "sha256": "d05f6e36fac8db629263a6aaec2841cc934d064d7b19bfe38425b604b8b54926",
+          "stacks": [
+            "*"
+          ],
+          "uri": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v2.10.0/opentelemetry-javaagent.jar",
+          "licenses": [
+            {
+              "type": "Apache-2.0",
+              "uri": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/blob/main/LICENSE"
+            }
+          ],
           "cpes": [
             "cpe:2.3:a:open-telemetry:opentelemetry-java-agent:2.10.0:*:*:*:*:*:*:*"
-          ]
+          ],
+          "download_url": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v2.10.0/opentelemetry-javaagent.jar"
+        },
+        "extra_data": {
+          "source": "https://github.com/open-telemetry/opentelemetry-java-instrumentation/archive/refs/tags/v2.10.0.tar.gz",
+          "source-sha256": "3a921baa391e9fa3f3622bedf1770567bcfed2a13de07642a2273b8beeca934a"
         }
       }
     ],

tests/packagedcode/data/buildpack/paketo-buildpacks/paketo-results.json

@@ -100,13 +100,32 @@
               "scope": "runtime",
               "is_runtime": true,
               "is_optional": false,
-              "is_pinned": false,
+              "is_pinned": true,
               "is_direct": true,
-              "resolved_package": {},
-              "extra_data": {
+              "resolved_package": {
+                "id": "maven",
+                "name": "Apache Maven",
+                "sha256": "7a9cdf674fc1703d6382f5f330b3d110ea1b512b51f1652846d9e4e8a588d766",
+                "stacks": [
+                  "io.buildpacks.stacks.bionic",
+                  "io.paketo.stacks.tiny",
+                  "*"
+                ],
+                "uri": "https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-bin.tar.gz",
+                "licenses": [
+                  {
+                    "type": "Apache-2.0",
+                    "uri": "https://www.apache.org/licenses/"
+                  }
+                ],
                 "cpes": [
                   "cpe:2.3:a:apache:maven:3.9.9:*:*:*:*:*:*:*"
-                ]
+                ],
+                "download_url": "https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-bin.tar.gz"
+              },
+              "extra_data": {
+                "source": "https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-src.tar.gz",
+                "source-sha256": "8a24c448d4ac397e6b0c019a4d7250068c02d1cdb553299e6bb71c3ccca78b2c"
               }
             }
           ],

tests/packagedcode/data/buildpack/paketo-buildpacks/pipeline-builder-canary/expectedoutput.json

@@ -93,13 +93,32 @@
         "scope": "runtime",
         "is_runtime": true,
         "is_optional": false,
-        "is_pinned": false,
+        "is_pinned": true,
         "is_direct": true,
-        "resolved_package": {},
-        "extra_data": {
+        "resolved_package": {
+          "id": "maven",
+          "name": "Apache Maven",
+          "sha256": "7a9cdf674fc1703d6382f5f330b3d110ea1b512b51f1652846d9e4e8a588d766",
+          "stacks": [
+            "io.buildpacks.stacks.bionic",
+            "io.paketo.stacks.tiny",
+            "*"
+          ],
+          "uri": "https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-bin.tar.gz",
+          "licenses": [
+            {
+              "type": "Apache-2.0",
+              "uri": "https://www.apache.org/licenses/"
+            }
+          ],
           "cpes": [
             "cpe:2.3:a:apache:maven:3.9.9:*:*:*:*:*:*:*"
-          ]
+          ],
+          "download_url": "https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-bin.tar.gz"
+        },
+        "extra_data": {
+          "source": "https://repo1.maven.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-src.tar.gz",
+          "source-sha256": "8a24c448d4ac397e6b0c019a4d7250068c02d1cdb553299e6bb71c3ccca78b2c"
         }
       }
     ],