uv-sbom 2.0.1

SBOM generation tool for uv projects - Generate CycloneDX SBOMs from uv.lock files
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196

"""Binary installation logic for uv-sbom."""

import os
import platform
import sys
import tarfile
import zipfile
from pathlib import Path
from urllib.request import urlretrieve

# Version of uv-sbom to install
UV_SBOM_VERSION = "2.0.1"

# GitHub release URL template
RELEASE_URL_TEMPLATE = (
    "https://github.com/Taketo-Yoda/uv-sbom/releases/download/"
    "v{version}/uv-sbom-{platform}.{ext}"
)


def get_platform_info():
    """Detect the current platform and return the appropriate binary info.

    Returns:
        tuple: (platform_string, file_extension)

    Raises:
        RuntimeError: If the platform is not supported
    """
    system = platform.system().lower()
    machine = platform.machine().lower()

    if system == "darwin":
        if machine == "arm64":
            return "aarch64-apple-darwin", "tar.gz"
        elif machine == "x86_64":
            return "x86_64-apple-darwin", "tar.gz"
        else:
            raise RuntimeError(f"Unsupported macOS architecture: {machine}")

    elif system == "linux":
        if machine == "x86_64":
            return "x86_64-unknown-linux-gnu", "tar.gz"
        else:
            raise RuntimeError(
                f"Unsupported Linux architecture: {machine}. "
                "Only x86_64 is currently supported."
            )

    elif system == "windows":
        if machine in ("amd64", "x86_64"):
            return "x86_64-pc-windows-msvc", "zip"
        else:
            raise RuntimeError(f"Unsupported Windows architecture: {machine}")

    else:
        raise RuntimeError(f"Unsupported operating system: {system}")


def get_binary_path():
    """Get the path where the uv-sbom binary should be installed.

    Returns:
        Path: Path to the binary executable
    """
    package_dir = Path(__file__).parent
    binary_dir = package_dir / "bin"

    if platform.system().lower() == "windows":
        return binary_dir / "uv-sbom.exe"
    else:
        return binary_dir / "uv-sbom"


def download_binary(platform_str, extension, dest_dir):
    """Download the binary archive for the current platform.

    Args:
        platform_str: Platform identifier (e.g., "x86_64-apple-darwin")
        extension: File extension ("tar.gz" or "zip")
        dest_dir: Destination directory for the download

    Returns:
        Path: Path to the downloaded archive
    """
    url = RELEASE_URL_TEMPLATE.format(
        version=UV_SBOM_VERSION,
        platform=platform_str,
        ext=extension
    )

    archive_name = f"uv-sbom-{platform_str}.{extension}"
    archive_path = dest_dir / archive_name

    print(f"Downloading uv-sbom v{UV_SBOM_VERSION} for {platform_str}...")
    print(f"URL: {url}")

    try:
        urlretrieve(url, archive_path)
        print(f"Downloaded to {archive_path}")
        return archive_path
    except Exception as e:
        raise RuntimeError(
            f"Failed to download uv-sbom binary: {e}\n"
            f"URL: {url}"
        )


def extract_binary(archive_path, dest_dir):
    """Extract the binary from the downloaded archive.

    Args:
        archive_path: Path to the archive file
        dest_dir: Destination directory for extraction
    """
    print(f"Extracting {archive_path}...")

    if archive_path.suffix == ".zip" or archive_path.name.endswith(".zip"):
        with zipfile.ZipFile(archive_path, 'r') as zip_ref:
            zip_ref.extractall(dest_dir)
    else:  # tar.gz
        with tarfile.open(archive_path, 'r:gz') as tar_ref:
            tar_ref.extractall(dest_dir)

    print(f"Extracted to {dest_dir}")


def make_executable(binary_path):
    """Make the binary executable on Unix-like systems.

    Args:
        binary_path: Path to the binary file
    """
    if platform.system().lower() != "windows":
        os.chmod(binary_path, 0o755)
        print(f"Made {binary_path} executable")


def ensure_binary():
    """Ensure the uv-sbom binary is installed.

    Downloads and installs the binary if not already present.

    Returns:
        Path: Path to the installed binary

    Raises:
        RuntimeError: If installation fails
    """
    binary_path = get_binary_path()

    # Check if already installed
    if binary_path.exists():
        print(f"uv-sbom binary already installed at {binary_path}")
        return binary_path

    # Get platform info
    try:
        platform_str, extension = get_platform_info()
    except RuntimeError as e:
        print(f"Error: {e}", file=sys.stderr)
        raise

    # Create binary directory
    binary_dir = binary_path.parent
    binary_dir.mkdir(parents=True, exist_ok=True)

    # Download and extract
    try:
        archive_path = download_binary(platform_str, extension, binary_dir)
        extract_binary(archive_path, binary_dir)

        # Verify the binary exists
        if not binary_path.exists():
            raise RuntimeError(
                f"Binary not found after extraction: {binary_path}"
            )

        # Make executable
        make_executable(binary_path)

        # Clean up archive
        archive_path.unlink()
        print(f"Cleaned up {archive_path}")

        print(f"✅ uv-sbom v{UV_SBOM_VERSION} installed successfully!")
        return binary_path

    except Exception as e:
        print(f"❌ Installation failed: {e}", file=sys.stderr)
        raise


if __name__ == "__main__":
    # Allow running as: python -m uv_sbom_bin.install
    ensure_binary()